SUSE-IU-2024:830-1: Security update of suse-sles-15-sp3-chost-byos-v20240807-x86_64-gen2
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat Aug 10 07:01:31 UTC 2024
SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20240807-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:830-1
Image Tags : suse-sles-15-sp3-chost-byos-v20240807-x86_64-gen2:20240807
Image Release :
Severity : critical
Type : security
References : 1023051 1027519 1029961 1041742 1065729 1082216 1082233 1084909
1089497 1107342 1107342 1108281 1111622 1118088 1132160 1140095
1140101 1141157 1151927 1152472 1154353 1154609 1156395 1156395
1157881 1158095 1158763 1158830 1160435 1168699 1170175 1170267
1170415 1170446 1171479 1171511 1171988 1172073 1174585 1174713
1175678 1176447 1176447 1176588 1176774 1176774 1176785 1176869
1178134 1178760 1179534 1179610 1181147 1181147 1181477 1182142
1183663 1184177 1184208 1184631 1184753 1184758 1184942 1185570
1185589 1185902 1186060 1186673 1186885 1187357 1187829 1188441
1188500 1188616 1188772 1189608 1189883 1190576 1190795 1191452
1191731 1191958 1192051 1192107 1192145 1192145 1192986 1193173
1193285 1193412 1193752 1194038 1194288 1194516 1194557 1194591
1195065 1195254 1195798 1196293 1196647 1196933 1196956 1197760
1198029 1198101 1198165 1198269 1198533 1199046 1199282 1199304
1199304 1199636 1200217 1200313 1200528 1200599 1200619 1200710
1200731 1200975 1201010 1201253 1201384 1201399 1201489 1201627
1201817 1202234 1202623 1202845 1203300 1203389 1203393 1203517
1203669 1203750 1203760 1203818 1203906 1203935 1204294 1204405
1204489 1204563 1204614 1204942 1205533 1205588 1205604 1205756
1205758 1205758 1205760 1205762 1205767 1205803 1205855 1206024
1206402 1206418 1206447 1206480 1206480 1206608 1206627 1206646
1206674 1206684 1206684 1206798 1206798 1207004 1207036 1207071
1207157 1207270 1207270 1207534 1207543 1207598 1207653 1207805
1207853 1207987 1207987 1208003 1208074 1208474 1208574 1208600
1208604 1208721 1208928 1208995 1208995 1209039 1209122 1209229
1209233 1209233 1209287 1209342 1209536 1209565 1209635 1209657
1209657 1209779 1209859 1209979 1210015 1210070 1210141 1210169
1210273 1210277 1210286 1210298 1210323 1210335 1210335 1210382
1210419 1210448 1210533 1210557 1210557 1210584 1210629 1210638
1210643 1210652 1210658 1210660 1210715 1210740 1210778 1210780
1210783 1210791 1210797 1210799 1210853 1210940 1210950 1210959
1210996 1210999 1211026 1211037 1211043 1211078 1211079 1211089
1211105 1211131 1211131 1211158 1211186 1211188 1211190 1211203
1211256 1211257 1211261 1211419 1211427 1211427 1211461 1211519
1211547 1211578 1211590 1211592 1211592 1211596 1211598 1211599
1211612 1211622 1211674 1211721 1211738 1211754 1211757 1211796
1211828 1211829 1211867 1211886 1212051 1212101 1212101 1212126
1212128 1212129 1212154 1212158 1212160 1212187 1212222 1212230
1212260 1212301 1212368 1212422 1212475 1212475 1212494 1212501
1212502 1212504 1212513 1212514 1212514 1212516 1212517 1212544
1212606 1212703 1212741 1212756 1212799 1212819 1212835 1212842
1212846 1212879 1212910 1212928 1213004 1213008 1213059 1213061
1213120 1213127 1213167 1213171 1213172 1213173 1213174 1213189
1213212 1213229 1213229 1213231 1213245 1213272 1213286 1213287
1213354 1213384 1213443 1213456 1213456 1213476 1213487 1213500
1213500 1213504 1213514 1213517 1213543 1213546 1213551 1213557
1213582 1213582 1213585 1213586 1213588 1213601 1213616 1213616
1213638 1213653 1213666 1213673 1213748 1213812 1213853 1213854
1213868 1213915 1213915 1213916 1213927 1213940 1213945 1213951
1213968 1213969 1213970 1213971 1214006 1214019 1214025 1214037
1214052 1214052 1214052 1214054 1214071 1214076 1214081 1214082
1214083 1214107 1214108 1214109 1214120 1214149 1214169 1214169
1214233 1214248 1214254 1214275 1214290 1214292 1214297 1214344
1214348 1214350 1214351 1214380 1214386 1214395 1214451 1214460
1214460 1214691 1214692 1214713 1214764 1214768 1214781 1214788
1214806 1214842 1214922 1214924 1214925 1214934 1214960 1215004
1215005 1215006 1215007 1215033 1215064 1215095 1215098 1215099
1215100 1215101 1215102 1215103 1215115 1215117 1215145 1215150
1215204 1215215 1215221 1215237 1215265 1215275 1215275 1215286
1215294 1215299 1215322 1215323 1215323 1215356 1215371 1215375
1215420 1215427 1215434 1215434 1215467 1215472 1215474 1215496
1215518 1215692 1215698 1215713 1215740 1215744 1215745 1215746
1215747 1215748 1215794 1215858 1215860 1215861 1215889 1215891
1215904 1215905 1215908 1215918 1215935 1215936 1215940 1215947
1215968 1215979 1216001 1216007 1216011 1216046 1216049 1216051
1216058 1216091 1216123 1216129 1216134 1216167 1216174 1216223
1216259 1216377 1216378 1216388 1216390 1216410 1216412 1216419
1216474 1216522 1216541 1216584 1216594 1216598 1216654 1216664
1216696 1216702 1216702 1216807 1216827 1216853 1216862 1216922
1216965 1216976 1216987 1217000 1217119 1217140 1217169 1217212
1217215 1217250 1217277 1217287 1217301 1217302 1217316 1217320
1217321 1217324 1217326 1217329 1217330 1217332 1217408 1217432
1217445 1217450 1217513 1217573 1217589 1217592 1217593 1217667
1217695 1217696 1217709 1217775 1217780 1217873 1217946 1217947
1217950 1217952 1217961 1217969 1217987 1217987 1217988 1217988
1217989 1217989 1218014 1218105 1218126 1218148 1218171 1218186
1218195 1218201 1218209 1218215 1218232 1218253 1218258 1218282
1218291 1218336 1218364 1218447 1218475 1218479 1218492 1218544
1218559 1218561 1218562 1218562 1218571 1218632 1218649 1218668
1218689 1218713 1218722 1218730 1218739 1218752 1218757 1218762
1218763 1218765 1218768 1218782 1218804 1218812 1218814 1218831
1218832 1218836 1218851 1218865 1218866 1218871 1218894 1218894
1218915 1218917 1218926 1218926 1218927 1218952 1219004 1219026
1219031 1219053 1219108 1219120 1219123 1219123 1219127 1219128
1219146 1219169 1219170 1219170 1219189 1219189 1219224 1219238
1219241 1219243 1219264 1219264 1219265 1219267 1219268 1219273
1219295 1219412 1219425 1219434 1219438 1219442 1219460 1219520
1219559 1219576 1219581 1219633 1219639 1219653 1219666 1219680
1219767 1219823 1219823 1219826 1219826 1219827 1219835 1219851
1219851 1219852 1219852 1219854 1219854 1219885 1219901 1219915
1220009 1220061 1220082 1220132 1220137 1220140 1220144 1220187
1220238 1220240 1220241 1220243 1220250 1220253 1220255 1220279
1220320 1220328 1220330 1220340 1220344 1220366 1220389 1220398
1220400 1220409 1220411 1220413 1220414 1220416 1220418 1220421
1220425 1220426 1220429 1220432 1220436 1220441 1220442 1220444
1220445 1220459 1220465 1220468 1220469 1220475 1220482 1220484
1220486 1220487 1220513 1220516 1220521 1220526 1220528 1220529
1220532 1220538 1220554 1220556 1220557 1220560 1220561 1220566
1220570 1220572 1220575 1220580 1220583 1220599 1220611 1220615
1220621 1220625 1220627 1220630 1220631 1220638 1220639 1220640
1220641 1220641 1220649 1220660 1220662 1220663 1220664 1220669
1220670 1220677 1220678 1220679 1220679 1220685 1220687 1220688
1220689 1220692 1220697 1220700 1220703 1220706 1220724 1220733
1220734 1220735 1220736 1220737 1220739 1220742 1220743 1220745
1220745 1220749 1220751 1220753 1220754 1220755 1220758 1220759
1220763 1220764 1220767 1220768 1220769 1220770 1220771 1220777
1220779 1220785 1220790 1220794 1220796 1220824 1220825 1220826
1220826 1220829 1220831 1220836 1220845 1220846 1220850 1220854
1220860 1220861 1220863 1220870 1220871 1220877 1220883 1220917
1220918 1220930 1220931 1220932 1220946 1220954 1220960 1220969
1220979 1220982 1220985 1220987 1220996 1221015 1221039 1221040
1221044 1221044 1221050 1221058 1221061 1221077 1221088 1221113
1221113 1221123 1221132 1221184 1221194 1221218 1221239 1221276
1221293 1221299 1221332 1221334 1221358 1221361 1221361 1221399
1221400 1221407 1221525 1221525 1221532 1221534 1221541 1221543
1221545 1221548 1221552 1221563 1221575 1221605 1221606 1221608
1221632 1221665 1221667 1221726 1221829 1221830 1221831 1221854
1221931 1221932 1221934 1221935 1221940 1221949 1221952 1221963
1221965 1221966 1221969 1221973 1221974 1221978 1221984 1221989
1221990 1221991 1221992 1221993 1221994 1221996 1221997 1221998
1221999 1222000 1222001 1222002 1222003 1222004 1222015 1222021
1222075 1222075 1222086 1222086 1222105 1222109 1222113 1222117
1222251 1222302 1222398 1222422 1222449 1222453 1222453 1222482
1222503 1222547 1222548 1222559 1222585 1222585 1222619 1222619
1222620 1222624 1222660 1222664 1222666 1222669 1222669 1222706
1222709 1222790 1222792 1222829 1222831 1222838 1222842 1222849
1222867 1222876 1222878 1222881 1222883 1222894 1222976 1222992
1223011 1223016 1223057 1223084 1223094 1223107 1223107 1223111
1223138 1223179 1223187 1223202 1223384 1223384 1223390 1223423
1223424 1223425 1223430 1223469 1223475 1223482 1223509 1223512
1223513 1223522 1223766 1223824 1223921 1223923 1223931 1223932
1223934 1223941 1223948 1223952 1223963 1223980 1224044 1224099
1224100 1224174 1224282 1224323 1224438 1224482 1224511 1224592
1224671 1224703 1224749 1224764 1224765 1224766 1224788 1224816
1224826 1224830 1224831 1224832 1224834 1224841 1224842 1224843
1224844 1224846 1224849 1224852 1224853 1224854 1224859 1224865
1224882 1224886 1224888 1224889 1224891 1224892 1224893 1224899
1224904 1224907 1224909 1224916 1224917 1224922 1224923 1224924
1224926 1224928 1224953 1224954 1224955 1224957 1224961 1224963
1224965 1224966 1224968 1224981 1224982 1224983 1224984 1224987
1224990 1224993 1224996 1224997 1225010 1225026 1225030 1225047
1225058 1225060 1225083 1225084 1225091 1225109 1225112 1225113
1225128 1225140 1225143 1225148 1225155 1225161 1225164 1225177
1225178 1225181 1225184 1225192 1225193 1225198 1225201 1225203
1225206 1225207 1225208 1225214 1225223 1225224 1225230 1225232
1225233 1225237 1225238 1225243 1225244 1225247 1225251 1225252
1225256 1225261 1225262 1225263 1225301 1225303 1225316 1225318
1225320 1225321 1225322 1225326 1225327 1225328 1225330 1225333
1225336 1225341 1225346 1225351 1225354 1225355 1225357 1225358
1225360 1225361 1225365 1225366 1225367 1225369 1225370 1225372
1225374 1225384 1225386 1225387 1225390 1225393 1225400 1225404
1225405 1225409 1225411 1225424 1225427 1225435 1225437 1225438
1225439 1225446 1225447 1225448 1225450 1225453 1225455 1225468
1225487 1225499 1225500 1225508 1225518 1225534 1225551 1225611
1225732 1225749 1225840 1225866 1225912 1225946 1225976 1226125
1226128 1226192 1226226 1226419 1226447 1226448 1226469 1226537
1226552 1226554 1226557 1226558 1226562 1226563 1226575 1226583
1226585 1226587 1226595 1226614 1226619 1226621 1226624 1226643
1226644 1226645 1226647 1226650 1226664 1226669 1226670 1226672
1226674 1226679 1226686 1226691 1226692 1226698 1226703 1226708
1226709 1226711 1226712 1226713 1226715 1226716 1226720 1226721
1226732 1226758 1226762 1226786 1226962 1227067 1227106 1227186
1227187 1227355 1227396 1227429 1227681 1227711 1228256 1228257
1228322 1228770 916845 CVE-2007-4559 CVE-2013-4235 CVE-2013-4235
CVE-2018-19787 CVE-2018-6798 CVE-2018-6913 CVE-2019-11068 CVE-2019-13117
CVE-2019-13118 CVE-2019-13225 CVE-2019-14889 CVE-2019-18197 CVE-2019-25162
CVE-2020-12762 CVE-2020-12912 CVE-2020-16135 CVE-2020-1730 CVE-2020-26555
CVE-2020-27783 CVE-2020-36694 CVE-2020-36766 CVE-2020-36777 CVE-2020-36780
CVE-2020-36781 CVE-2020-36782 CVE-2020-36783 CVE-2020-36784 CVE-2020-36788
CVE-2020-8694 CVE-2020-8695 CVE-2021-23134 CVE-2021-28957 CVE-2021-29155
CVE-2021-29650 CVE-2021-30560 CVE-2021-33631 CVE-2021-3429 CVE-2021-3634
CVE-2021-3743 CVE-2021-3896 CVE-2021-39698 CVE-2021-43056 CVE-2021-43389
CVE-2021-43527 CVE-2021-43818 CVE-2021-4439 CVE-2021-46904 CVE-2021-46905
CVE-2021-46906 CVE-2021-46908 CVE-2021-46909 CVE-2021-46911 CVE-2021-46914
CVE-2021-46915 CVE-2021-46917 CVE-2021-46918 CVE-2021-46919 CVE-2021-46920
CVE-2021-46921 CVE-2021-46922 CVE-2021-46924 CVE-2021-46929 CVE-2021-46930
CVE-2021-46931 CVE-2021-46932 CVE-2021-46933 CVE-2021-46934 CVE-2021-46938
CVE-2021-46939 CVE-2021-46943 CVE-2021-46944 CVE-2021-46950 CVE-2021-46951
CVE-2021-46953 CVE-2021-46955 CVE-2021-46956 CVE-2021-46958 CVE-2021-46959
CVE-2021-46960 CVE-2021-46961 CVE-2021-46962 CVE-2021-46963 CVE-2021-46964
CVE-2021-46966 CVE-2021-46968 CVE-2021-46971 CVE-2021-46974 CVE-2021-46976
CVE-2021-46980 CVE-2021-46981 CVE-2021-46983 CVE-2021-46984 CVE-2021-46988
CVE-2021-46989 CVE-2021-46990 CVE-2021-46991 CVE-2021-46992 CVE-2021-46998
CVE-2021-47000 CVE-2021-47001 CVE-2021-47003 CVE-2021-47005 CVE-2021-47006
CVE-2021-47009 CVE-2021-47012 CVE-2021-47013 CVE-2021-47013 CVE-2021-47014
CVE-2021-47015 CVE-2021-47017 CVE-2021-47020 CVE-2021-47026 CVE-2021-47034
CVE-2021-47035 CVE-2021-47038 CVE-2021-47041 CVE-2021-47044 CVE-2021-47045
CVE-2021-47046 CVE-2021-47049 CVE-2021-47051 CVE-2021-47054 CVE-2021-47055
CVE-2021-47056 CVE-2021-47058 CVE-2021-47060 CVE-2021-47061 CVE-2021-47061
CVE-2021-47063 CVE-2021-47065 CVE-2021-47068 CVE-2021-47069 CVE-2021-47069
CVE-2021-47070 CVE-2021-47071 CVE-2021-47073 CVE-2021-47074 CVE-2021-47076
CVE-2021-47077 CVE-2021-47078 CVE-2021-47082 CVE-2021-47083 CVE-2021-47087
CVE-2021-47095 CVE-2021-47097 CVE-2021-47100 CVE-2021-47101 CVE-2021-47104
CVE-2021-47109 CVE-2021-47110 CVE-2021-47112 CVE-2021-47113 CVE-2021-47114
CVE-2021-47117 CVE-2021-47118 CVE-2021-47119 CVE-2021-47120 CVE-2021-47130
CVE-2021-47131 CVE-2021-47136 CVE-2021-47137 CVE-2021-47138 CVE-2021-47139
CVE-2021-47141 CVE-2021-47142 CVE-2021-47144 CVE-2021-47150 CVE-2021-47153
CVE-2021-47160 CVE-2021-47161 CVE-2021-47164 CVE-2021-47165 CVE-2021-47166
CVE-2021-47167 CVE-2021-47168 CVE-2021-47169 CVE-2021-47170 CVE-2021-47171
CVE-2021-47172 CVE-2021-47173 CVE-2021-47174 CVE-2021-47175 CVE-2021-47176
CVE-2021-47177 CVE-2021-47179 CVE-2021-47180 CVE-2021-47181 CVE-2021-47183
CVE-2021-47184 CVE-2021-47185 CVE-2021-47185 CVE-2021-47189 CVE-2021-47192
CVE-2021-47194 CVE-2021-47198 CVE-2021-47200 CVE-2021-47201 CVE-2021-47202
CVE-2021-47203 CVE-2021-47206 CVE-2021-47207 CVE-2021-47212 CVE-2021-47216
CVE-2021-47220 CVE-2021-47227 CVE-2021-47228 CVE-2021-47229 CVE-2021-47230
CVE-2021-47231 CVE-2021-47235 CVE-2021-47236 CVE-2021-47237 CVE-2021-47239
CVE-2021-47240 CVE-2021-47241 CVE-2021-47246 CVE-2021-47247 CVE-2021-47252
CVE-2021-47253 CVE-2021-47254 CVE-2021-47255 CVE-2021-47258 CVE-2021-47259
CVE-2021-47260 CVE-2021-47261 CVE-2021-47263 CVE-2021-47265 CVE-2021-47267
CVE-2021-47269 CVE-2021-47270 CVE-2021-47274 CVE-2021-47275 CVE-2021-47276
CVE-2021-47280 CVE-2021-47281 CVE-2021-47284 CVE-2021-47285 CVE-2021-47288
CVE-2021-47289 CVE-2021-47296 CVE-2021-47301 CVE-2021-47302 CVE-2021-47305
CVE-2021-47307 CVE-2021-47308 CVE-2021-47311 CVE-2021-47314 CVE-2021-47315
CVE-2021-47320 CVE-2021-47321 CVE-2021-47323 CVE-2021-47324 CVE-2021-47328
CVE-2021-47329 CVE-2021-47330 CVE-2021-47332 CVE-2021-47333 CVE-2021-47334
CVE-2021-47337 CVE-2021-47338 CVE-2021-47340 CVE-2021-47341 CVE-2021-47343
CVE-2021-47344 CVE-2021-47347 CVE-2021-47348 CVE-2021-47350 CVE-2021-47353
CVE-2021-47354 CVE-2021-47356 CVE-2021-47368 CVE-2021-47369 CVE-2021-47372
CVE-2021-47375 CVE-2021-47378 CVE-2021-47379 CVE-2021-47381 CVE-2021-47382
CVE-2021-47383 CVE-2021-47387 CVE-2021-47388 CVE-2021-47391 CVE-2021-47392
CVE-2021-47393 CVE-2021-47395 CVE-2021-47396 CVE-2021-47399 CVE-2021-47402
CVE-2021-47404 CVE-2021-47405 CVE-2021-47409 CVE-2021-47413 CVE-2021-47416
CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426
CVE-2021-47428 CVE-2021-47431 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436
CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445
CVE-2021-47451 CVE-2021-47456 CVE-2021-47458 CVE-2021-47460 CVE-2021-47464
CVE-2021-47465 CVE-2021-47468 CVE-2021-47473 CVE-2021-47478 CVE-2021-47480
CVE-2021-47482 CVE-2021-47483 CVE-2021-47485 CVE-2021-47493 CVE-2021-47494
CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499
CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47505
CVE-2021-47506 CVE-2021-47507 CVE-2021-47509 CVE-2021-47511 CVE-2021-47512
CVE-2021-47516 CVE-2021-47518 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523
CVE-2021-47535 CVE-2021-47536 CVE-2021-47538 CVE-2021-47540 CVE-2021-47541
CVE-2021-47542 CVE-2021-47549 CVE-2021-47557 CVE-2021-47562 CVE-2021-47563
CVE-2021-47565 CVE-2021-47571 CVE-2021-47576 CVE-2021-47583 CVE-2021-47589
CVE-2021-47595 CVE-2021-47596 CVE-2021-47600 CVE-2021-47602 CVE-2021-47609
CVE-2021-47611 CVE-2021-47612 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619
CVE-2021-47620 CVE-2022-0435 CVE-2022-0487 CVE-2022-1195 CVE-2022-1996
CVE-2022-20132 CVE-2022-20154 CVE-2022-2084 CVE-2022-2127 CVE-2022-22942
CVE-2022-2309 CVE-2022-28737 CVE-2022-2938 CVE-2022-3566 CVE-2022-36402
CVE-2022-40982 CVE-2022-40982 CVE-2022-41409 CVE-2022-4269 CVE-2022-4304
CVE-2022-45154 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887
CVE-2022-45919 CVE-2022-4744 CVE-2022-48468 CVE-2022-48566 CVE-2022-48624
CVE-2022-48626 CVE-2022-48627 CVE-2022-48631 CVE-2022-48636 CVE-2022-48638
CVE-2022-48650 CVE-2022-48651 CVE-2022-48654 CVE-2022-48672 CVE-2022-48673
CVE-2022-48686 CVE-2022-48687 CVE-2022-48693 CVE-2022-48695 CVE-2022-48701
CVE-2022-48702 CVE-2022-48704 CVE-2022-48710 CVE-2022-48711 CVE-2022-48715
CVE-2022-48717 CVE-2022-48722 CVE-2022-48724 CVE-2022-48726 CVE-2022-48728
CVE-2022-48730 CVE-2022-48732 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738
CVE-2022-48746 CVE-2022-48747 CVE-2022-48748 CVE-2022-48749 CVE-2022-48752
CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760
CVE-2022-48767 CVE-2022-48768 CVE-2022-48771 CVE-2023-0160 CVE-2023-0160
CVE-2023-0459 CVE-2023-1077 CVE-2023-1079 CVE-2023-1192 CVE-2023-1192
CVE-2023-1206 CVE-2023-1249 CVE-2023-1380 CVE-2023-1637 CVE-2023-1667
CVE-2023-1786 CVE-2023-1786 CVE-2023-1786 CVE-2023-1829 CVE-2023-1829
CVE-2023-1859 CVE-2023-2002 CVE-2023-2004 CVE-2023-2007 CVE-2023-20569
CVE-2023-20569 CVE-2023-20588 CVE-2023-20588 CVE-2023-20593 CVE-2023-20593
CVE-2023-20593 CVE-2023-2137 CVE-2023-21400 CVE-2023-2156 CVE-2023-2156
CVE-2023-2163 CVE-2023-2176 CVE-2023-2177 CVE-2023-2194 CVE-2023-22652
CVE-2023-2283 CVE-2023-23454 CVE-2023-23559 CVE-2023-23586 CVE-2023-24023
CVE-2023-2426 CVE-2023-2483 CVE-2023-2513 CVE-2023-2603 CVE-2023-2609
CVE-2023-2610 CVE-2023-26112 CVE-2023-27043 CVE-2023-27534 CVE-2023-2828
CVE-2023-2860 CVE-2023-28746 CVE-2023-28746 CVE-2023-28746 CVE-2023-28840
CVE-2023-28841 CVE-2023-28842 CVE-2023-2985 CVE-2023-30078 CVE-2023-30079
CVE-2023-3090 CVE-2023-31083 CVE-2023-31084 CVE-2023-31085 CVE-2023-3111
CVE-2023-3117 CVE-2023-31248 CVE-2023-3141 CVE-2023-31436 CVE-2023-31484
CVE-2023-3159 CVE-2023-3161 CVE-2023-32181 CVE-2023-32233 CVE-2023-32269
CVE-2023-32360 CVE-2023-3268 CVE-2023-32681 CVE-2023-33288 CVE-2023-3341
CVE-2023-33460 CVE-2023-3358 CVE-2023-3390 CVE-2023-34241 CVE-2023-34319
CVE-2023-34322 CVE-2023-34323 CVE-2023-34324 CVE-2023-34325 CVE-2023-34326
CVE-2023-34327 CVE-2023-34328 CVE-2023-3446 CVE-2023-34966 CVE-2023-34967
CVE-2023-34968 CVE-2023-34969 CVE-2023-35001 CVE-2023-3567 CVE-2023-35788
CVE-2023-35823 CVE-2023-35824 CVE-2023-35827 CVE-2023-35827 CVE-2023-35828
CVE-2023-35945 CVE-2023-36054 CVE-2023-3609 CVE-2023-3611 CVE-2023-3772
CVE-2023-3776 CVE-2023-3777 CVE-2023-3812 CVE-2023-3817 CVE-2023-38408
CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473
CVE-2023-38546 CVE-2023-3863 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193
CVE-2023-39194 CVE-2023-39197 CVE-2023-39198 CVE-2023-39615 CVE-2023-39804
CVE-2023-4004 CVE-2023-4016 CVE-2023-40217 CVE-2023-40283 CVE-2023-4039
CVE-2023-4039 CVE-2023-4039 CVE-2023-40546 CVE-2023-40547 CVE-2023-40548
CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 CVE-2023-4091 CVE-2023-4128
CVE-2023-4132 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4154
CVE-2023-4156 CVE-2023-4194 CVE-2023-4244 CVE-2023-42465 CVE-2023-42669
CVE-2023-4273 CVE-2023-42753 CVE-2023-42754 CVE-2023-43804 CVE-2023-4385
CVE-2023-4387 CVE-2023-4389 CVE-2023-4408 CVE-2023-4408 CVE-2023-44487
CVE-2023-4459 CVE-2023-4504 CVE-2023-45288 CVE-2023-45322 CVE-2023-45803
CVE-2023-45853 CVE-2023-45862 CVE-2023-45863 CVE-2023-45871 CVE-2023-45918
CVE-2023-46218 CVE-2023-4622 CVE-2023-4623 CVE-2023-46246 CVE-2023-46343
CVE-2023-4641 CVE-2023-46835 CVE-2023-46836 CVE-2023-46838 CVE-2023-46839
CVE-2023-46841 CVE-2023-46842 CVE-2023-4692 CVE-2023-4693 CVE-2023-47233
CVE-2023-47233 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738
CVE-2023-4750 CVE-2023-4752 CVE-2023-4781 CVE-2023-4813 CVE-2023-48231
CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236
CVE-2023-48237 CVE-2023-48706 CVE-2023-48795 CVE-2023-48795 CVE-2023-4881
CVE-2023-49083 CVE-2023-4921 CVE-2023-4921 CVE-2023-50387 CVE-2023-50387
CVE-2023-50495 CVE-2023-50868 CVE-2023-50868 CVE-2023-51042 CVE-2023-51043
CVE-2023-51385 CVE-2023-51779 CVE-2023-51780 CVE-2023-51782 CVE-2023-52340
CVE-2023-52425 CVE-2023-52429 CVE-2023-52433 CVE-2023-52439 CVE-2023-52443
CVE-2023-52445 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52454
CVE-2023-52463 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52475
CVE-2023-52476 CVE-2023-52477 CVE-2023-52478 CVE-2023-52482 CVE-2023-52492
CVE-2023-52500 CVE-2023-52502 CVE-2023-52508 CVE-2023-52509 CVE-2023-52530
CVE-2023-52531 CVE-2023-52532 CVE-2023-52569 CVE-2023-52572 CVE-2023-52574
CVE-2023-52575 CVE-2023-52581 CVE-2023-52583 CVE-2023-52590 CVE-2023-52591
CVE-2023-52591 CVE-2023-52597 CVE-2023-52605 CVE-2023-52607 CVE-2023-52628
CVE-2023-52654 CVE-2023-52655 CVE-2023-52686 CVE-2023-52707 CVE-2023-52752
CVE-2023-52840 CVE-2023-52871 CVE-2023-52880 CVE-2023-52881 CVE-2023-5344
CVE-2023-5441 CVE-2023-5517 CVE-2023-5517 CVE-2023-5535 CVE-2023-5678
CVE-2023-5717 CVE-2023-5981 CVE-2023-5981 CVE-2023-6004 CVE-2023-6040
CVE-2023-6121 CVE-2023-6176 CVE-2023-6270 CVE-2023-6270 CVE-2023-6356
CVE-2023-6356 CVE-2023-6516 CVE-2023-6516 CVE-2023-6531 CVE-2023-6531
CVE-2023-6535 CVE-2023-6535 CVE-2023-6536 CVE-2023-6536 CVE-2023-6597
CVE-2023-6606 CVE-2023-6610 CVE-2023-6817 CVE-2023-6915 CVE-2023-6918
CVE-2023-6931 CVE-2023-6932 CVE-2023-7042 CVE-2023-7192 CVE-2023-7207
CVE-2024-0217 CVE-2024-0340 CVE-2024-0397 CVE-2024-0450 CVE-2024-0553
CVE-2024-0565 CVE-2024-0607 CVE-2024-0639 CVE-2024-0727 CVE-2024-0775
CVE-2024-0841 CVE-2024-1086 CVE-2024-1151 CVE-2024-1737 CVE-2024-1975
CVE-2024-2004 CVE-2024-21626 CVE-2024-21626 CVE-2024-2193 CVE-2024-2201
CVE-2024-2201 CVE-2024-22099 CVE-2024-22099 CVE-2024-22195 CVE-2024-22365
CVE-2024-22667 CVE-2024-23307 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653
CVE-2024-23849 CVE-2024-23851 CVE-2024-2398 CVE-2024-25062 CVE-2024-2511
CVE-2024-25629 CVE-2024-26458 CVE-2024-26461 CVE-2024-26581 CVE-2024-26585
CVE-2024-26586 CVE-2024-26589 CVE-2024-26593 CVE-2024-26595 CVE-2024-26600
CVE-2024-26602 CVE-2024-26607 CVE-2024-26610 CVE-2024-26614 CVE-2024-26622
CVE-2024-26642 CVE-2024-26643 CVE-2024-26688 CVE-2024-26689 CVE-2024-26704
CVE-2024-26733 CVE-2024-26733 CVE-2024-26739 CVE-2024-26744 CVE-2024-26816
CVE-2024-26822 CVE-2024-26828 CVE-2024-26840 CVE-2024-26852 CVE-2024-26862
CVE-2024-26898 CVE-2024-26903 CVE-2024-26906 CVE-2024-26921 CVE-2024-26923
CVE-2024-26925 CVE-2024-26929 CVE-2024-26930 CVE-2024-27043 CVE-2024-27398
CVE-2024-27413 CVE-2024-28085 CVE-2024-28182 CVE-2024-2961 CVE-2024-31142
CVE-2024-31143 CVE-2024-32487 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601
CVE-2024-33602 CVE-2024-34064 CVE-2024-34397 CVE-2024-34459 CVE-2024-35195
CVE-2024-35235 CVE-2024-35789 CVE-2024-35811 CVE-2024-35861 CVE-2024-35862
CVE-2024-35864 CVE-2024-35878 CVE-2024-35895 CVE-2024-35914 CVE-2024-35950
CVE-2024-3651 CVE-2024-36894 CVE-2024-36904 CVE-2024-36940 CVE-2024-36964
CVE-2024-37370 CVE-2024-37371 CVE-2024-37891 CVE-2024-38428 CVE-2024-38541
CVE-2024-38545 CVE-2024-38559 CVE-2024-38560 CVE-2024-4032 CVE-2024-4741
-----------------------------------------------------------------
The container suse-sles-15-sp3-chost-byos-v20240807-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1221-1
Released: Mon May 13 13:28:42 2019
Summary: Security update for libxslt
Type: security
Severity: moderate
References: 1132160,CVE-2019-11068
This update for libxslt fixes the following issues:
Security issue fixed:
- CVE-2019-11068: Fixed a protection mechanism bypass where callers of
xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an
error (bsc#1132160).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1409-1
Released: Mon May 25 17:01:33 2020
Summary: Security update for libxslt
Type: security
Severity: moderate
References: 1140095,1140101,1154609,CVE-2019-13117,CVE-2019-13118,CVE-2019-18197
This update for libxslt fixes the following issues:
Security issues fixed:
- CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101).
- CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095).
- CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:803-1
Released: Thu Mar 10 17:35:53 2022
Summary: Security update for python-lxml
Type: security
Severity: important
References: 1118088,1179534,1184177,1193752,CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-43818
This update for python-lxml fixes the following issues:
- CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088).
- CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177).
- CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752).
- CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2548-1
Released: Tue Jul 26 13:48:28 2022
Summary: Critical update for python-cssselect
Type: recommended
Severity: critical
References:
This update for python-cssselect implements packages to the unrestrictied repository.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2908-1
Released: Fri Aug 26 11:36:03 2022
Summary: Security update for python-lxml
Type: security
Severity: important
References: 1201253,CVE-2022-2309
This update for python-lxml fixes the following issues:
- CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4391-1
Released: Fri Dec 9 08:02:23 2022
Summary: Recommended update for libxslt
Type: recommended
Severity: low
References: 1203669
This update for libxslt fixes the following issues:
- Fix broken license symlink for libxslt-tools (bsc#1203669)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:680-1
Released: Wed Mar 8 17:14:06 2023
Summary: Security update for libxslt
Type: security
Severity: important
References: 1208574,CVE-2021-30560
This update for libxslt fixes the following issues:
- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2143-1
Released: Tue May 9 14:49:45 2023
Summary: Security update for protobuf-c
Type: security
Severity: important
References: 1210323,CVE-2022-48468
This update for protobuf-c fixes the following issues:
- CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2517-1
Released: Thu Jun 15 07:09:52 2023
Summary: Security update for python3
Type: security
Severity: moderate
References: 1203750,1211158,CVE-2007-4559
This update for python3 fixes the following issues:
- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).
- Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2519-1
Released: Thu Jun 15 08:25:19 2023
Summary: Recommended update for supportutils
Type: recommended
Severity: moderate
References: 1203818
This update for supportutils fixes the following issues:
- Added missed sanitation check on crash.txt (bsc#1203818)
- Added check to _sanitize_file
- Using variable for replement text in _sanitize_file
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2571-1
Released: Wed Jun 21 13:32:31 2023
Summary: Security update for Salt
Type: security
Severity: moderate
References: 1207071,1209233,1211612,1211754,1212516,1212517
This update for salt fixes the following issues:
salt:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
python-jmespath:
- Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt
(no source changes)
python-ply:
- Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath
(no source changes)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2611-1
Released: Thu Jun 22 09:55:10 2023
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1184208,1199636,1204405,1205756,1205758,1205760,1205762,1205803,1206024,1208474,1208604,1209287,1209779,1210715,1210783,1210940,1211037,1211043,1211105,1211131,1211186,1211203,1211590,1211592,1211596,1211622,CVE-2020-36694,CVE-2021-29650,CVE-2022-3566,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2023-1079,CVE-2023-1380,CVE-2023-1637,CVE-2023-2156,CVE-2023-2194,CVE-2023-23586,CVE-2023-2483,CVE-2023-2513,CVE-2023-31084,CVE-2023-31436,CVE-2023-32233,CVE-2023-32269,CVE-2023-33288
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208).
- CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474).
The following non-security bugs were fixed:
- SUNRPC: Ensure the transport backchannel association (bsc#1211203).
- hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2616-1
Released: Thu Jun 22 16:47:50 2023
Summary: Security update for cups
Type: security
Severity: important
References: 1212230,CVE-2023-34241
This update for cups fixes the following issues:
- CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2625-1
Released: Fri Jun 23 17:16:11 2023
Summary: Recommended update for gcc12
Type: recommended
Severity: moderate
References:
This update for gcc12 fixes the following issues:
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
* includes regression and other bug fixes
- Speed up builds with --enable-link-serialization.
- Update embedded newlib to version 4.2.0
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2628-1
Released: Fri Jun 23 21:43:22 2023
Summary: Security update for cloud-init
Type: security
Severity: important
References: 1171511,1203393,1210277,1210652,CVE-2022-2084,CVE-2023-1786
This update for cloud-init fixes the following issues:
- CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277)
- CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652)
- Update to version 23.1
+ Support transactional-updates for SUSE based distros
+ Set ownership for new folders in Write Files Module
+ add OpenCloudOS and TencentOS support
+ lxd: Retry if the server isn't ready
+ test: switch pycloudlib source to pypi
+ test: Fix integration test deprecation message
+ Recognize opensuse-microos, dev tooling fixes
+ sources/azure: refactor imds handler into own module
+ docs: deprecation generation support
+ add function is_virtual to distro/FreeBSD
+ cc_ssh: support multiple hostcertificates
+ Fix minor schema validation regression and fixup typing
+ doc: Reword user data debug section
+ cli: schema also validate vendordata*.
+ ci: sort and add checks for cla signers file
+ Add 'ederst' as contributor
+ readme: add reference to packages dir
+ docs: update downstream package list
+ docs: add google search verification
+ docs: fix 404 render use default notfound_urls_prefix in RTD conf
+ Fix OpenStack datasource detection on bare metal
+ docs: add themed RTD 404 page and pointer to readthedocs-hosted
+ schema: fix gpt labels, use type string for GUID
+ cc_disk_setup: code cleanup
+ netplan: keep custom strict perms when 50-cloud-init.yaml exists
+ cloud-id: better handling of change in datasource files
+ Warn on empty network key
+ Fix Vultr cloud_interfaces usage
+ cc_puppet: Update puppet service name
+ docs: Clarify networking docs
+ lint: remove httpretty
+ cc_set_passwords: Prevent traceback when restarting ssh
+ tests: fix lp1912844
+ tests: Skip ansible test on bionic
+ Wait for NetworkManager
+ docs: minor polishing
+ CI: migrate integration-test to GH actions
+ Fix permission of SSH host keys
+ Fix default route rendering on v2 ipv6
+ doc: fix path in net_convert command
+ docs: update net_convert docs
+ doc: fix dead link
+ cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty
+ distros/rhel.py: _read_hostname() missing strip on 'hostname'
+ integration tests: add IBM VPC support
+ machine-id: set to uninitialized to trigger regeneration on clones
+ sources/azure: retry on connection error when fetching metdata
+ Ensure ssh state accurately obtained
+ bddeb: drop dh-systemd dependency on newer deb-based releases
+ doc: fix `config formats` link in cloudsigma.rst
+ Fix wrong subp syntax in cc_set_passwords.py
+ docs: update the PR template link to readthedocs
+ ci: switch unittests to gh actions
+ Add mount_default_fields for PhotonOS.
+ sources/azure: minor refactor for metadata source detection logic
+ add 'CalvoM' as contributor
+ ci: doc to gh actions
+ lxd: handle 404 from missing devices route for LXD 4.0
+ docs: Diataxis overhaul
+ vultr: Fix issue regarding cache and region codes
+ cc_set_passwords: Move ssh status checking later
+ Improve Wireguard module idempotency
+ network/netplan: add gateways as on-link when necessary
+ tests: test_lxd assert features.networks.zones when present
+ Use btrfs enquque when available (#1926) [Robert Schweikert]
+ sources/azure: fix device driver matching for net config (#1914)
+ BSD: fix duplicate macs in Ifconfig parser
+ pycloudlib: add lunar support for integration tests
+ nocloud: add support for dmi variable expansion for seedfrom URL
+ tools: read-version drop extra call to git describe --long
+ doc: improve cc_write_files doc
+ read-version: When insufficient tags, use cloudinit.version.get_version
+ mounts: document weird prefix in schema
+ Ensure network ready before cloud-init service runs on RHEL
+ docs: add copy button to code blocks
+ netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag
+ azure: fix support for systems without az command installed
+ Fix the distro.osfamily output problem in the openEuler system.
+ pycloudlib: bump commit dropping azure api smoke test
+ net: netplan config root read-only as wifi config can contain creds
+ autoinstall: clarify docs for users
+ sources/azure: encode health report as utf-8
+ Add back gateway4/6 deprecation to docs
+ networkd: Add support for multiple [Route] sections
+ doc: add qemu tutorial
+ lint: fix tip-flake8 and tip-mypy
+ Add support for setting uid when creating users on FreeBSD
+ Fix exception in BSD networking code-path
+ Append derivatives to is_rhel list in cloud.cfg.tmpl
+ FreeBSD init: use cloudinit_enable as only rcvar
+ feat: add support aliyun metadata security harden mode
+ docs: uprate analyze to performance page
+ test: fix lxd preseed managed network config
+ Add support for static IPv6 addresses for FreeBSD
+ Make 3.12 failures not fail the build
+ Docs: adding relative links
+ Fix setup.py to align with PEP 440 versioning replacing trailing
+ Add 'nkukard' as contributor
+ doc: add how to render new module doc
+ doc: improve module creation explanation
+ Add Support for IPv6 metadata to OpenStack
+ add xiaoge1001 to .github-cla-signers
+ network: Deprecate gateway{4,6} keys in network config v2
+ VMware: Move Guest Customization transport from OVF to VMware
+ doc: home page links added
+ net: skip duplicate mac check for netvsc nic and its VF
This update for python-responses fixes the following issues:
- update to 0.21.0:
* Add `threading.Lock()` to allow `responses` working with `threading` module.
* Add `urllib3` `Retry` mechanism. See #135
* Removed internal `_cookies_from_headers` function
* Now `add`, `upsert`, `replace` methods return registered response.
`remove` method returns list of removed responses.
* Added null value support in `urlencoded_params_matcher` via `allow_blank` keyword argument
* Added strict version of decorator. Now you can apply `@responses.activate(assert_all_requests_are_fired=True)`
to your function to validate that all requests were executed in the wrapped function. See #183
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2640-1
Released: Mon Jun 26 15:09:10 2023
Summary: Security update for vim
Type: security
Severity: moderate
References: 1210996,1211256,1211257,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610
This update for vim fixes the following issues:
- CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996).
- CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256).
- CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2649-1
Released: Tue Jun 27 10:01:13 2023
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issues:
- update to 0.371:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2658-1
Released: Tue Jun 27 14:46:15 2023
Summary: Recommended update for containerd, docker, runc
Type: recommended
Severity: moderate
References: 1207004,1208074,1210298,1211578
This update for containerd, docker, runc fixes the following issues:
- Update to containerd v1.6.21 (bsc#1211578)
- Update to Docker 23.0.6-ce (bsc#1211578)
- Update to runc v1.1.7
- Require a minimum Go version explicitly (bsc#1210298)
- Re-unify packaging for SLE-12 and SLE-15
- Fix build on SLE-12 by switching back to libbtrfs-devel headers
- Allow man pages to be built without internet access in OBS
- Add apparmor-parser as a Recommends to make sure that most users will end up with it installed
even if they are primarily running SELinux
- Fix syntax of boolean dependency
- Allow to install container-selinux instead of apparmor-parser
- Change to using systemd-sysusers
- Update runc.keyring to upstream version
- Fix the inability to use `/dev/null` when inside a container (bsc#1207004)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2742-1
Released: Fri Jun 30 11:40:56 2023
Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper
Type: recommended
Severity: moderate
References: 1202234,1209565,1211261,1212187,1212222
This update for yast2-pkg-bindings fixes the following issues:
libzypp was updated to version 17.31.14 (22):
- Curl: trim all custom headers (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. So we make
sure all custom headers are trimmed. This also includes headers
returned by URL-Resolver plugins.
- build: honor libproxy.pc's includedir (bsc#1212222)
zypper was updated to version 1.14.61:
- targetos: Add an error note if XPath:/product/register/target
is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
yast2-pkg-bindings, autoyast:
- Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- Selected products are not installed after resetting the package manager internally (bsc#1202234)
yast2-update:
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2761-1
Released: Mon Jul 3 15:16:44 2023
Summary: Recommended update for libjansson
Type: recommended
Severity: moderate
References: 1201817
This update for libjansson fixes the following issues:
- Update to 2.14 (bsc#1201817):
* New Features:
+ Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the
corresponding `nocheck` functions.
+ Add jansson_version_str() and jansson_version_cmp() for runtime version checking
+ Add json_object_update_new(), json_object_update_existing_new()
and json_object_update_missing_new() functions
+ Add json_object_update_recursive()
+ Add `json_pack()` format specifiers s*, o* and O* for values
that can be omitted if null
+ Add `json_error_code()` to retrieve numeric error codes
+ Enable thread safety for `json_dump()` on all systems.
Enable thread safe `json_decref()` and `json_incref()` for
modern compilers
+ Add `json_sprintf()` and `json_vsprintf()`
* Fixes:
+ Handle `sprintf` corner cases.
+ Add infinite loop check in json_deep_copy()
+ Enhance JANSSON_ATTRS macro to support earlier C standard(C89)
+ Update version detection for sphinx-build
+ Fix error message in `json_pack()` for NULL object
+ Avoid invalid memory read in `json_pack()`
+ Call va_end after va_copy in `json_vsprintf()`
+ Improve handling of formats with '?' and '*' in `json_pack()`
+ Remove inappropriate `jsonp_free()` which caused
segmentation fault in error handling
+ Fix incorrect report of success from `json_dump_file()` when
an error is returned by `fclose()`
+ Make json_equal() const-correct
+ Fix incomplete stealing of references by `json_pack()`
- Use GitHub as source URLs: Release hasn't been uploaded to digip.org.
- Add check section.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2855-1
Released: Mon Jul 17 16:35:21 2023
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1212260
This update for openldap2 fixes the following issues:
- libldap2 crashes on ldap_sasl_bind_s (bsc#1212260)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2859-1
Released: Mon Jul 17 16:43:57 2023
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1160435,1172073,1187829,1191731,1199046,1200217,1205758,1208600,1209039,1209342,1210533,1210791,1211089,1211519,1211796,1212128,1212129,1212154,1212158,1212494,1212501,1212502,1212504,1212513,1212606,1212842,CVE-2023-1077,CVE-2023-1249,CVE-2023-2002,CVE-2023-3090,CVE-2023-3141,CVE-2023-3159,CVE-2023-3161,CVE-2023-3268,CVE-2023-3358,CVE-2023-35788,CVE-2023-35823,CVE-2023-35824,CVE-2023-35828
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
The following non-security bugs were fixed:
- Also include kernel-docs build requirements for ALP
- Avoid unsuported tar parameter on SLE12
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix usrmerge error (boo#1211796)
- Generalize kernel-doc build requirements.
- Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file.
- Move setting %%build_html to config.sh
- Move setting %%split_optional to config.sh
- Move setting %%supported_modules_check to config.sh
- Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file.
- Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore
- Remove usrmerge compatibility symlink in buildroot (boo#1211796).
- Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1.
- cifs: do not include page data when checking signature (bsc#1200217).
- cifs: fix open leaks in open_cached_dir() (bsc#1209342).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides
- rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE.
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined.
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046)
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2866-1
Released: Tue Jul 18 11:09:03 2023
Summary: Security update for python-requests
Type: security
Severity: moderate
References: 1211674,CVE-2023-32681
This update for python-requests fixes the following issues:
- CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2879-1
Released: Wed Jul 19 09:45:34 2023
Summary: Security update for dbus-1
Type: security
Severity: moderate
References: 1212126,CVE-2023-34969
This update for dbus-1 fixes the following issues:
- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2882-1
Released: Wed Jul 19 11:49:39 2023
Summary: Security update for perl
Type: security
Severity: important
References: 1210999,CVE-2023-31484
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2885-1
Released: Wed Jul 19 16:58:43 2023
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1208721,1209229,1211828
This update for glibc fixes the following issues:
- getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235)
- Exclude static archives from preparation for live patching (bsc#1208721)
- resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2894-1
Released: Thu Jul 20 06:45:06 2023
Summary: Recommended update for wicked
Type: recommended
Severity: moderate
References: 1194557,1203300,1206447,1206674,1206798,1211026
This update for wicked fixes the following issues:
- Update to version 0.6.73
- Fix arp notify loop and burst sending (boo#1212806)
- Allow verify/notify counter and interval configuration
- Handle ENOBUFS sending errors (bsc#1203300)
- Improve environment variable handling
- Refactor firmware extension definition
- Enable, disable and revert cli commands
- Fix memory leaks, add array/list utils
- Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026)
- Cleanup /var/run leftovers in extension scripts (bsc#1194557)
- Output formatting improvements and Unicode support
- bond: workaround 6.1 kernel enslave regression (bsc#1206674)
- Add `wicked firmware` command to improve `ibft`,`nbft`,`redfish`
firmware extension and interface handling.
- Improve error handling in netif firmware discovery
extension execution and extension definition overrides in
the wicked-config.
- Fix use-after-free in debug mode (bsc#1206447)
- Replace transitional `%usrmerged` macro with regular
version check (bsc#1206798)
- Improve to show `no-carrier` in ifstatus output
- Cleanup inclusions and update uapi header to 6.0
- Link mode nwords cleanup and new advertise mode names
- Enable raw-ip support for wwan-qmi interfaces (jsc#PED-90)
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2023:2898-1
Released: Thu Jul 20 09:15:33 2023
Summary: Recommended update for python-instance-billing-flavor-check
Type: feature
Severity: critical
References:
This update for python-instance-billing-flavor-check fixes the following issues:
- Include PAYG checker package in SLE (jsc#PED-4791)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2905-1
Released: Thu Jul 20 10:17:54 2023
Summary: Recommended update for fstrm
Type: recommended
Severity: moderate
References:
This update for fstrm fixes the following issues:
- Update to 0.6.1:
- fstrm_capture: ignore SIGPIPE, which will cause the
interrupted connections to generate an EPIPE instead.
- Fix truncation in snprintf calls in argument processing.
- fstrm_capture: Fix output printf format.
- Update to 0.6.0
It adds a new feature for fstrm_capture. It can perform output
file rotation when a SIGUSR1 signal is received by fstrm_capture.
(See the --gmtime or --localtime options.) This allows
fstrm_capture's output file to be rotated by logrotate or a
similar external utility. (Output rotation is suppressed if
fstrm_capture is writing to stdout.)
Update to 0.5.0
- Change license to modern MIT license for compatibility with
GPLv2 software. Contact software at farsightsecurity.com for
alternate licensing.
- src/fstrm_replay.c: For OpenBSD and Posix portability include
netinet/in.h and sys/socket.h to get struct sockaddr_in and the
AF_* defines respectively.
- Fix various compiler warnings.
Update to 0.4.0
The C implementation of the Frame Streams data transport
protocol, fstrm version 0.4.0, was released. It adds TCP support,
a new tool, new documentation, and several improvements.
- Added manual pages for fstrm_capture and fstrm_dump.
- Added new tool, fstrm_replay, for replaying saved Frame Streams
data to a socket connection.
- Adds TCP support. Add tcp_writer to the core library which
implements a bi-directional Frame Streams writer as a TCP
socket client. Introduces new developer API:
fstrm_tcp_writer_init, fstrm_tcp_writer_options_init,
fstrm_tcp_writer_options_destroy,
fstrm_tcp_writer_options_set_socket_address, and
fstrm_tcp_writer_options_set_socket_port.
- fstrm_capture: new options for reading from TCP socket.
- fstrm_capture: add '-c' / '--connections' option to limit the
number of concurrent connections it will accept.
- fstrm_capture: add '-b / --buffer-size' option to set the read
buffer size (effectively the maximum frame size) to a value
other than the default 256 KiB.
- fstrm_capture: skip oversize messages to fix stalled
connections caused by messages larger than the read highwater
mark of the input buffer. Discarded messages are logged for the
purposes of tuning the input buffer size.
- fstrm_capture: complete sending of FINISH frame before closing
connection.
- Various test additions and improvements.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2909-1
Released: Thu Jul 20 10:59:11 2023
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1204563
This update for grub2 fixes the following issues:
- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2918-1
Released: Thu Jul 20 12:00:17 2023
Summary: Recommended update for gpgme
Type: recommended
Severity: moderate
References: 1089497
This update for gpgme fixes the following issues:
gpgme:
- Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497)
libassuan:
- Version upgrade to 2.5.5 in LTSS to address gpgme new requirements
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2945-1
Released: Mon Jul 24 09:37:30 2023
Summary: Security update for openssh
Type: security
Severity: important
References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408
This update for openssh fixes the following issues:
- CVE-2023-38408: Fixed a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
execution via a forwarded agent socket if those libraries were present on the
victim's system and if the agent was forwarded to an attacker-controlled
system. [bsc#1213504, CVE-2023-38408]
- Close the right filedescriptor and also close fdh in read_hmac to avoid file
descriptor leaks. [bsc#1209536]
- Attempts to mitigate instances of secrets lingering in memory after a session
exits. [bsc#1186673, bsc#1213004, bsc#1213008]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2954-1
Released: Mon Jul 24 13:01:46 2023
Summary: Security update for bind
Type: security
Severity: important
References: 1212544,CVE-2023-2828
This update for bind fixes the following issues:
- CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2956-1
Released: Tue Jul 25 08:33:38 2023
Summary: Security update for libcap
Type: security
Severity: moderate
References: 1211419,CVE-2023-2603
This update for libcap fixes the following issues:
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2994-1
Released: Thu Jul 27 06:45:29 2023
Summary: Recommended update for nfs-utils
Type: recommended
Severity: moderate
References: 1157881,1200710,1209859
This update for nfs-utils fixes the following issues:
- SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710)
- Avoid unhelpful warnings (bsc#1157881)
- Fix rpc.nfsd man pages (bsc#1209859)
- Allow scope to be set in sysconfig: NFSD_SCOPE
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3060-1
Released: Mon Jul 31 13:27:42 2023
Summary: Security update for samba
Type: security
Severity: important
References: 1213171,1213172,1213173,1213174,1213384,CVE-2022-2127,CVE-2023-34966,CVE-2023-34967,CVE-2023-34968
This update for samba fixes the following issues:
- CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174).
- CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173).
- CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172).
- CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171).
Bugfixes:
- Fixed trust relationship failure (bsc#1213384).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3173-1
Released: Thu Aug 3 08:56:10 2023
Summary: Recommended update for perl-Bootloader
Type: recommended
Severity: moderate
References: 1201399,1208003,1210799
This update for perl-Bootloader fixes the following issues:
- Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799)
- UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399)
- Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003)
- Add basic support for systemd-boot
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3179-1
Released: Thu Aug 3 13:59:38 2023
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1201627,1207534,1213487,CVE-2022-4304,CVE-2023-3446
This update for openssl-1_1 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
- Update further expiring certificates that affect tests [bsc#1201627]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3196-1
Released: Fri Aug 4 10:02:04 2023
Summary: Recommended update for protobuf-c
Type: recommended
Severity: moderate
References: 1213443
This update for protobuf-c fixes the following issues:
- Include executables required to generate Protocol Buffers glue code in the devel subpackage (bsc#1213443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3210-1
Released: Mon Aug 7 15:20:04 2023
Summary: Security update for pcre2
Type: security
Severity: moderate
References: 1213514,CVE-2022-41409
This update for pcre2 fixes the following issues:
- CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3218-1
Released: Mon Aug 7 16:52:13 2023
Summary: Recommended update for cryptsetup
Type: recommended
Severity: moderate
References: 1211079
This update for cryptsetup fixes the following issues:
- Handle system with low memory and no swap space (bsc#1211079)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3270-1
Released: Thu Aug 10 19:34:35 2023
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1211461
This update for vim fixes the following issues:
- Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3282-1
Released: Fri Aug 11 10:26:23 2023
Summary: Recommended update for blog
Type: recommended
Severity: moderate
References:
This update for blog fixes the following issues:
- Fix big endian cast problems to be able to read commands and ansers as well as passphrases
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2023:3283-1
Released: Fri Aug 11 10:28:34 2023
Summary: Feature update for cloud-init
Type: feature
Severity: moderate
References: 1184758,1210273,1212879,CVE-2021-3429,CVE-2023-1786
This update for cloud-init fixes the following issues:
- Default route is not configured (bsc#1212879)
- cloud-final service failing in powerVS (bsc#1210273)
- Randomly generated passwords logged in clear-text to world-readable file (bsc#1184758, CVE-2021-3429)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3284-1
Released: Fri Aug 11 10:29:50 2023
Summary: Recommended update for shadow
Type: recommended
Severity: moderate
References: 1206627,1213189
This update for shadow fixes the following issues:
- Prevent lock files from remaining after power interruptions (bsc#1213189)
- Add --prefix support to passwd, chpasswd and chage (bsc#1206627)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3288-1
Released: Fri Aug 11 12:30:14 2023
Summary: Recommended update for python-apipkg
Type: recommended
Severity: moderate
References: 1213582
This update for python-apipkg provides python3-apipkg to SUSE Linux Enterprise Micro 5.2.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3291-1
Released: Fri Aug 11 12:51:21 2023
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1213517,1213853,CVE-2023-3817
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3294-1
Released: Fri Aug 11 13:51:51 2023
Summary: Recommended update for hwinfo
Type: recommended
Severity: moderate
References: 1200975,1204294,1212756
This update for hwinfo fixes the following issues:
- Avoid linking problems with libsamba (bsc#1212756)
- Update to version 21.85
- Create xen usb controller device if necessary (bsc#1204294)
- Improve treatment of NVME devices (bsc#1200975)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3301-1
Released: Mon Aug 14 07:24:59 2023
Summary: Security update for libyajl
Type: security
Severity: moderate
References: 1212928,CVE-2023-33460
This update for libyajl fixes the following issues:
- CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3330-1
Released: Wed Aug 16 08:59:33 2023
Summary: Recommended update for python-pyasn1
Type: recommended
Severity: important
References: 1207805
This update for python-pyasn1 fixes the following issues:
- To avoid users of this package having to recompile bytecode
files, change the mtime of any __init__.py. (bsc#1207805)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3365-1
Released: Fri Aug 18 20:35:01 2023
Summary: Security update for krb5
Type: security
Severity: important
References: 1214054,CVE-2023-36054
This update for krb5 fixes the following issues:
- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3369-1
Released: Tue Aug 22 11:12:02 2023
Summary: Security update for python-configobj
Type: security
Severity: low
References: 1210070,CVE-2023-26112
This update for python-configobj fixes the following issues:
- CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3371-1
Released: Tue Aug 22 13:30:18 2023
Summary: Recommended update for liblognorm
Type: recommended
Severity: moderate
References:
This update for liblognorm fixes the following issues:
- Update to liblognorm v2.0.6 (jsc#PED-4883)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3373-1
Released: Tue Aug 22 13:48:25 2023
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1211757,1213212
This update for rsyslog fixes the following issues:
- Fix removal of imfile state files (bsc#1213212)
- Fix segfaults in modExit() of imklog.c (bsc#1211757)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3391-1
Released: Wed Aug 23 17:29:26 2023
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1199304,1206418,1207270,1210584,1211131,1211738,1211867,1212301,1212741,1212835,1212846,1213059,1213061,1213167,1213245,1213286,1213287,1213354,1213543,1213585,1213586,1213588,1213653,1213868,CVE-2022-40982,CVE-2023-0459,CVE-2023-20569,CVE-2023-20593,CVE-2023-2156,CVE-2023-2985,CVE-2023-3117,CVE-2023-31248,CVE-2023-3390,CVE-2023-35001,CVE-2023-3567,CVE-2023-3609,CVE-2023-3611,CVE-2023-3776,CVE-2023-3812
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
The following non-security bugs were fixed:
- arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- block, bfq: fix division by zero error on zero wsum (bsc#1213653).
- get module prefix from kmod (bsc#1212835).
- init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).
- init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).
- init: provide arch_cpu_finalize_init() (bsc#1206418).
- init: remove check_bugs() leftovers (bsc#1206418).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304).
- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
- kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.
- kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
- keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354).
- lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567).
- locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567).
- locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567).
- locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567).
- locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567).
- locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567).
- locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567).
- locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567).
- locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567).
- locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567).
- locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net: mana: add support for vlan tagging (bsc#1212301).
- ocfs2: fix a deadlock when commit trans (bsc#1199304).
- ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304).
- ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304).
- remove more packaging cruft for sle < 12 sp3
- rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.
- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
- rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567).
- rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567).
- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- usrmerge: adjust module path in the kernel sources (bsc#1212835).
- x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
- x86/microcode/AMD: Make stub function static inline (bsc#1213868).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3440-1
Released: Mon Aug 28 08:57:10 2023
Summary: Security update for gawk
Type: security
Severity: low
References: 1214025,CVE-2023-4156
This update for gawk fixes the following issues:
- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3446-1
Released: Mon Aug 28 10:56:49 2023
Summary: Security update for xen
Type: security
Severity: moderate
References: 1027519,1204489,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593
This update for xen fixes the following issues:
- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3452-1
Released: Mon Aug 28 12:41:11 2023
Summary: Recommended update for supportutils-plugin-suse-public-cloud
Type: recommended
Severity: moderate
References: 1213951
This update for supportutils-plugin-suse-public-cloud fixes the following issues:
- Update from version 1.0.7 to 1.0.8 (bsc#1213951)
- Capture CSP billing adapter config and log
- Accept upper case Amazon string in DMI table
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3454-1
Released: Mon Aug 28 13:43:18 2023
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: important
References: 1214248
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3461-1
Released: Mon Aug 28 17:25:09 2023
Summary: Security update for freetype2
Type: security
Severity: moderate
References: 1210419,CVE-2023-2004
This update for freetype2 fixes the following issues:
- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3467-1
Released: Tue Aug 29 07:39:36 2023
Summary: Recommended update for samba
Type: recommended
Severity: moderate
References: 1213940
This update for samba fixes the following issues:
- Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3470-1
Released: Tue Aug 29 10:49:33 2023
Summary: Recommended update for parted
Type: recommended
Severity: low
References: 1182142,1193412
This update for parted fixes the following issues:
- fix null pointer dereference (bsc#1193412)
- update mkpart options in manpage (bsc#1182142)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3472-1
Released: Tue Aug 29 10:55:16 2023
Summary: Security update for procps
Type: security
Severity: low
References: 1214290,CVE-2023-4016
This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3487-1
Released: Tue Aug 29 14:28:35 2023
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1214071
This update for lvm2 fixes the following issues:
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3515-1
Released: Fri Sep 1 15:54:25 2023
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1158763,1210740,1213231,1213557,1213673
This update for libzypp, zypper fixes the following issues:
- Fix occasional isue with downloading very small files (bsc#1213673)
- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)
- Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)
- Revised explanation of --force-resolution in man page (bsc#1213557)
- Print summary hint if policies were violated due to --force-resolution (bsc#1213557)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3521-1
Released: Tue Sep 5 08:56:45 2023
Summary: Recommended update for python-iniconfig
Type: recommended
Severity: moderate
References: 1213582
This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3536-1
Released: Tue Sep 5 15:00:27 2023
Summary: Security update for docker
Type: security
Severity: moderate
References: 1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842
This update for docker fixes the following issues:
- Update to Docker 24.0.5-ce.
See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2405> bsc#1213229
- Update to Docker 24.0.4-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500
- Update to Docker 24.0.3-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Recommend docker-rootless-extras instead of Require(ing) it, given
it's an additional functionality and not inherently required for
docker to function.
- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless)
- Update to Docker 24.0.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
* Includes the upstreamed fix for the mount table pollution issue.
bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
being provided by this package.
- was rebuilt against current GO compiler.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3540-1
Released: Tue Sep 5 16:44:44 2023
Summary: Recommended update for dracut
Type: recommended
Severity: important
References: 1214081
This update for dracut fixes the following issues:
- Exit if resolving executable dependencies fails (bsc#1214081)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3543-1
Released: Wed Sep 6 08:27:22 2023
Summary: Recommended update for protobuf-c
Type: recommended
Severity: moderate
References: 1214006
This update for protobuf-c fixes the following issues:
- Add missing Provides/Obsoletes after package merge (bsc#1214006)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3546-1
Released: Wed Sep 6 14:07:17 2023
Summary: Recommended update for open-iscsi
Type: recommended
Severity: low
References: 1207157
This update for open-iscsi fixes the following issues:
-Set 'safe_logout' and 'startup' in iscsid.conf (bsc#1207157)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3639-1
Released: Mon Sep 18 13:33:16 2023
Summary: Security update for libeconf
Type: security
Severity: moderate
References: 1198165,1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
The following non-security bug was fixed:
- Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3661-1
Released: Mon Sep 18 21:44:09 2023
Summary: Security update for gcc12
Type: security
Severity: important
References: 1214052,CVE-2023-4039
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3684-1
Released: Tue Sep 19 17:12:12 2023
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1023051,1203517,1210448,1213272,1213546,1213601,1213666,1213916,1213927,1213968,1213969,1213970,1213971,1214019,1214120,1214149,1214275,1214297,1214348,1214350,1214451,CVE-2022-36402,CVE-2023-2007,CVE-2023-20588,CVE-2023-21400,CVE-2023-34319,CVE-2023-3772,CVE-2023-3863,CVE-2023-4128,CVE-2023-4132,CVE-2023-4133,CVE-2023-4134,CVE-2023-4147,CVE-2023-4194,CVE-2023-4273,CVE-2023-4385,CVE-2023-4387,CVE-2023-4459
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
The following non-security bugs were fixed:
- ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- Do not add and remove genksyms ifdefs
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- e1000: Fix fall-through warnings for Clang (jsc#PED-5738).
- e1000: Fix typos in comments (jsc#PED-5738).
- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738).
- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- intel: remove checker warning (jsc#PED-5738).
- kabi/severities: Ignore newly added SRSO mitigation functions
- md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: Fix performance regression for large sequential writes (bsc#1213916).
- net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738).
- net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/rtas: move syscall filter setup into separate function (bsc#1023051).
- powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051).
- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- timers: Add shutdown mechanism to the internal functions (bsc#1213970).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- timers: Silently ignore timers with a NULL function (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214275).
- xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275).
- xfs: update superblock counters correctly for !lazysbcount (bsc#1214275).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3698-1
Released: Wed Sep 20 11:01:15 2023
Summary: Security update for libxml2
Type: security
Severity: important
References: 1214768,CVE-2023-39615
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3707-1
Released: Wed Sep 20 17:12:03 2023
Summary: Security update for cups
Type: security
Severity: important
References: 1214254,1215204,CVE-2023-32360,CVE-2023-4504
This update for cups fixes the following issues:
- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3814-1
Released: Wed Sep 27 18:08:17 2023
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1211829,1212819,1212910
This update for glibc fixes the following issues:
- nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415)
- Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457)
- elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688)
- elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676)
- ld.so: Always use MAP_COPY to map the first segment (BZ #30452)
- add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3817-1
Released: Wed Sep 27 18:31:14 2023
Summary: Security update for containerd
Type: security
Severity: important
References: 1212475
This update of containerd fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3822-1
Released: Wed Sep 27 18:40:14 2023
Summary: Security update for supportutils
Type: security
Severity: moderate
References: 1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154
This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3828-1
Released: Wed Sep 27 19:07:38 2023
Summary: Security update for python3
Type: security
Severity: important
References: 1214692,CVE-2023-40217
This update for python3 fixes the following issues:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3843-1
Released: Wed Sep 27 20:18:06 2023
Summary: Recommended update for suse-build-key
Type: recommended
Severity: important
References:
This update for suse-build-key fixes the following issues:
This update adds and runs a import-suse-build-key script.
It is run after installation with libzypp based installers. (jsc#PED-2777)
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3903-1
Released: Fri Sep 29 15:14:18 2023
Summary: Security update for xen
Type: security
Severity: important
References: 1213616,1215145,1215474,CVE-2023-20588,CVE-2023-20593,CVE-2023-34322
This update for xen fixes the following issues:
- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
- CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3934-1
Released: Mon Oct 2 12:04:33 2023
Summary: Security update for bind
Type: security
Severity: important
References: 1213748,1215472,CVE-2023-3341
This update for bind fixes the following issues:
Security fixes:
- CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472).
Other fixes:
- Add `dnstap` support (jsc#PED-4853, jsc#PED-4852, bsc#1213748)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3951-1
Released: Tue Oct 3 19:37:46 2023
Summary: Recommended update for python3-jmespath, python3-ply
Type: recommended
Severity: moderate
References: 1209233
This update for python3-jmespath and python3-ply fixes the following issue:
- the packages are required as dependencies for python3-salt, and were missing
on aarch64 based SLE Micro flavors so far.
There are no functional changes.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3952-1
Released: Tue Oct 3 20:06:23 2023
Summary: Security update for runc
Type: security
Severity: important
References: 1212475
This update of runc fixes the following issues:
- Update to runc v1.1.8.
Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.8>.
- rebuild the package with the go 1.21 security release (bsc#1212475).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3955-1
Released: Tue Oct 3 21:27:58 2023
Summary: Security update for vim
Type: security
Severity: important
References: 1214922,1214924,1214925,1215004,1215006,1215033,CVE-2023-4733,CVE-2023-4734,CVE-2023-4735,CVE-2023-4738,CVE-2023-4752,CVE-2023-4781
This update for vim fixes the following issues:
Security fixes:
- CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004).
- CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925).
- CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924).
- CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922).
- CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006).
- CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033).
Other fixes:
- Update to version 9.0 with patch level 1894,
for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894
- Use app icons generated from vimlogo.eps in the source tarball;
add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3997-1
Released: Fri Oct 6 14:13:56 2023
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1215713,CVE-2023-35945
This update for nghttp2 fixes the following issues:
- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4006-1
Released: Mon Oct 9 08:35:50 2023
Summary: Recommended update for zypper
Type: recommended
Severity: moderate
References: 1213854,1214292,1214395,1215007
This update for zypper fixes the following issues:
- Fix name of the bash completion script (bsc#1215007)
- Update notes about failing signature checks (bsc#1214395)
- Improve the SIGINT handler to be signal safe (bsc#1214292)
- Update to version 1.14.64
- Changed location of bash completion script (bsc#1213854).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4027-1
Released: Tue Oct 10 13:59:02 2023
Summary: Security update for shadow
Type: security
Severity: low
References: 1214806,CVE-2023-4641
This update for shadow fixes the following issues:
- CVE-2023-4641: Fixed potential password leak (bsc#1214806).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4045-1
Released: Wed Oct 11 09:10:43 2023
Summary: Security update for curl
Type: security
Severity: moderate
References: 1215889,CVE-2023-38546
This update for curl fixes the following issues:
- CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4095-1
Released: Tue Oct 17 15:03:04 2023
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1176588,1202845,1207036,1207270,1208995,1210169,1210643,1210658,1212703,1213812,1214233,1214351,1214380,1214386,1215115,1215117,1215150,1215221,1215275,1215299,1215322,1215356,CVE-2020-36766,CVE-2023-1192,CVE-2023-1206,CVE-2023-1859,CVE-2023-2177,CVE-2023-23454,CVE-2023-4004,CVE-2023-40283,CVE-2023-42753,CVE-2023-4389,CVE-2023-4622,CVE-2023-4623,CVE-2023-4881,CVE-2023-4921
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges on the system. (bsc#1215150)
- CVE-2023-4389: Fixed a a double decrement of the reference count flaw in the btrfs filesystem a double decrement of the reference count, which may have allowed a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. (bsc#1214351)
- CVE-2023-4921: Fixed a use-after-free vulnerability in the sch_qfq component which could be exploited to achieve local privilege escalation. (bsc#1215275)
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the af_unix component which could be exploited to achieve local privilege escalation. (bsc#1215117)
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2020-36766: Fixed an issue in drivers/media/cec/core/cec-api.c which could leaks one byte of kernel memory on specific hardware to unprivileged users. (bsc#1215299)
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. (bsc#1210169)
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system or potentially cause a denial of service. (bsc#1210643)
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- locking/rwsem: Disable reader optimistic spinning (bnc#1176588).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4096-1
Released: Tue Oct 17 15:04:04 2023
Summary: Security update for samba
Type: security
Severity: important
References: 1215904,1215905,1215908,CVE-2023-4091,CVE-2023-4154,CVE-2023-42669
This update for samba fixes the following issues:
- CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904)
- CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905)
- CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4106-1
Released: Wed Oct 18 09:10:14 2023
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: moderate
References: 1170267,1212799,1214781
This update for suseconnect-ng fixes the following issues:
This update ships suseconnect-ng, the SUSEConnect replacement, to SUSE Linux Enterprise 15 SP1, SP2, and SP3.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4108-1
Released: Wed Oct 18 11:51:12 2023
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1215968,CVE-2023-43804
This update for python-urllib3 fixes the following issues:
- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
the user manually set the corresponding header (bsc#1215968).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4110-1
Released: Wed Oct 18 12:35:26 2023
Summary: Security update for glibc
Type: security
Severity: important
References: 1215286,1215891,CVE-2023-4813
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)
Also a regression from a previous update was fixed:
- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4130-1
Released: Thu Oct 19 09:53:13 2023
Summary: Security update for grub2
Type: security
Severity: important
References: 1215935,1215936,CVE-2023-4692,CVE-2023-4693
This update for grub2 fixes the following issues:
- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935)
- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4139-1
Released: Fri Oct 20 10:06:58 2023
Summary: Recommended update for containerd, runc
Type: recommended
Severity: moderate
References: 1215323
This update for containerd, runc fixes the following issues:
runc was updated to v1.1.9. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.9
containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes:
- https://github.com/containerd/containerd/releases/tag/v1.7.7
- https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323
- Add `Provides: cri-runtime` to use containerd as container runtime in Factory
Kubernetes packages
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4154-1
Released: Fri Oct 20 19:33:25 2023
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1107342,1215434
This update for aaa_base fixes the following issues:
- Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4158-1
Released: Mon Oct 23 09:52:06 2023
Summary: Security update for suse-module-tools
Type: security
Severity: important
References: 1205767,1207853,1210335,CVE-2023-1829,CVE-2023-23559
This update for suse-module-tools fixes the following issues:
- Updated to version 15.3.17:
- CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier
module (bsc#1210335).
- CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules
(bsc#1205767, jsc#PED-5731).
- Updated to version 15.3.16:
- Fixed a build issue for s390x (bsc#1207853).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4162-1
Released: Mon Oct 23 15:33:03 2023
Summary: Security update for gcc13
Type: security
Severity: important
References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4174-1
Released: Tue Oct 24 12:36:41 2023
Summary: Security update for xen
Type: security
Severity: important
References: 1215744,1215746,1215747,1215748,CVE-2023-34323,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328
This update for xen fixes the following issues:
- CVE-2023-34323: Fixed a potential crash in C Xenstored due to an
incorrect assertion (XSA-440) (bsc#1215744).
- CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems
with IOMMU hardware and PCI passthrough enabled (XSA-442)
(bsc#1215746).
- CVE-2023-34325: Fixed multiple parsing issues in libfsimage
(XSA-443) (bsc#1215747).
- CVE-2023-34327, CVE-2023-34328: Fixed multiple issues with AMD x86
debugging functionality for guests (XSA-444) (bsc#1215748).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4200-1
Released: Wed Oct 25 12:04:29 2023
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1216123,1216174,CVE-2023-44487
This update for nghttp2 fixes the following issues:
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4217-1
Released: Thu Oct 26 12:20:27 2023
Summary: Security update for zlib
Type: security
Severity: moderate
References: 1216378,CVE-2023-45853
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4226-1
Released: Fri Oct 27 11:14:10 2023
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1215215
This update for openssl-1_1 fixes the following issues:
- Displays 'fips' in the version string (bsc#1215215)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4237-1
Released: Mon Oct 30 03:42:23 2023
Summary: Recommended update for perl-Bootloader
Type: recommended
Severity: moderate
References: 1215064
This update for perl-Bootloader fixes the following issues:
- `bootloader_entry` script can have an optional 'force-default' argument (bsc#1215064)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4268-1
Released: Mon Oct 30 16:51:57 2023
Summary: Recommended update for pciutils
Type: recommended
Severity: important
References: 1215265
This update for pciutils fixes the following issues:
- Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4310-1
Released: Tue Oct 31 14:10:47 2023
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This Update for libtirpc to 1.3.4, fixing the following issues:
Update to 1.3.4 (bsc#1199467)
* binddynport.c honor ip_local_reserved_ports
- replaces: binddynport-honor-ip_local_reserved_ports.patch
* gss-api: expose gss major/minor error in authgss_refresh()
* rpcb_clnt.c: Eliminate double frees in delete_cache()
* rpcb_clnt.c: memory leak in destroy_addr
* portmapper: allow TCP-only portmapper
* getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
* clnt_raw.c: fix a possible null pointer dereference
* bindresvport.c: fix a potential resource leakage
Update to 1.3.3:
* Fix DoS vulnerability in libtirpc
- replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch
* _rpc_dtablesize: use portable system call
* libtirpc: Fix use-after-free accessing the error number
* Fix potential memory leak of parms.r_addr
- replaces 0001-fix-parms.r_addr-memory-leak.patch
* rpcb_clnt.c add mechanism to try v2 protocol first
- preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
* Eliminate deadlocks in connects with an MT environment
* clnt_dg_freeres() uncleared set active state may deadlock
* thread safe clnt destruction
* SUNRPC: mutexed access blacklist_read state variable
* SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c
Update to 1.3.2:
* Replace the final SunRPC licenses with BSD licenses
* blacklist: Add a few more well known ports
* libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
Update to 1.3.1:
* Remove AUTH_DES interfaces from auth_des.h
The unsupported AUTH_DES authentication has be
compiled out since commit d918e41d889 (Wed Oct 9 2019)
replaced by API routines that return errors.
* svc_dg: Free xp_netid during destroy
* Fix memory management issues of fd locks
* libtirpc: replace array with list for per-fd locks
* __svc_vc_dodestroy: fix double free of xp_ltaddr.buf
* __rpc_dtbsize: rlim_cur instead of rlim_max
* pkg-config: use the correct replacements for libdir/includedir
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4348-1
Released: Thu Nov 2 15:38:52 2023
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1210778,1210853,1212051,1214842,1215095,1215467,1215518,1215745,1215858,1215860,1215861,1216046,1216051,1216134,CVE-2023-2163,CVE-2023-31085,CVE-2023-3111,CVE-2023-34324,CVE-2023-3777,CVE-2023-39189,CVE-2023-39192,CVE-2023-39193,CVE-2023-39194,CVE-2023-42754,CVE-2023-45862
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
The following non-security bugs were fixed:
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4453-1
Released: Wed Nov 15 14:24:58 2023
Summary: Recommended update for libjansson
Type: recommended
Severity: moderate
References: 1216541
This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4458-1
Released: Thu Nov 16 14:38:48 2023
Summary: Security update for gcc13
Type: security
Severity: important
References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Work around third party app crash during C++ standard library initialization. [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4461-1
Released: Thu Nov 16 15:03:33 2023
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1210286
This update for rsyslog fixes the following issue:
- fix rsyslog crash in imrelp (bsc#1210286)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4464-1
Released: Thu Nov 16 17:56:12 2023
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1216129,CVE-2023-45322
This update for libxml2 fixes the following issues:
- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4466-1
Released: Thu Nov 16 17:57:03 2023
Summary: Security update for xen
Type: security
Severity: important
References: 1216654,1216807,CVE-2023-46835,CVE-2023-46836
This update for xen fixes the following issues:
- CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654).
- CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4467-1
Released: Thu Nov 16 17:57:51 2023
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1216377,CVE-2023-45803
This update for python-urllib3 fixes the following issues:
- CVE-2023-45803: Fix a request body leak that could occur when
receiving a 303 HTTP response (bsc#1216377).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4519-1
Released: Tue Nov 21 17:39:58 2023
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1216922,CVE-2023-5678
This update for openssl-1_1 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4535-1
Released: Thu Nov 23 08:17:40 2023
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1041742,1203760,1212422,1215979,1216091
This update for libzypp, zypper fixes the following issues:
- Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091)
- Fix comment typo on zypp.conf (bsc#1215979)
- Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742)
- Make sure the old target is deleted before a new one is created (bsc#1203760)
- Return 104 also if info suggests near matches
- Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422)
- commit: Insert a headline to separate output of different rpm scripts (bsc#1041742)
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2023:4583-1
Released: Mon Nov 27 10:16:11 2023
Summary: Feature update for python-psutil
Type: feature
Severity: moderate
References: 1111622,1170175,1176785,1184753,1199282
This update for python-psutil, python-requests fixes the following issues:
- update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043)
- Fix tests: setuptools changed the builddir library path and does not find the
module from it. Use the installed platlib instead and exclude psutil.tests only later.
- remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS
- Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192)
- Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4587-1
Released: Mon Nov 27 14:25:52 2023
Summary: Security update for vim
Type: security
Severity: important
References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535
This update for vim fixes the following issues:
- CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940)
- CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001)
- CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167)
- CVE-2023-46246: Integer Overflow in :history command (bsc#1216696)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4619-1
Released: Thu Nov 30 10:13:52 2023
Summary: Security update for sqlite3
Type: security
Severity: important
References: 1210660,CVE-2023-2137
This update for sqlite3 fixes the following issues:
- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4672-1
Released: Wed Dec 6 14:37:37 2023
Summary: Security update for suse-build-key
Type: security
Severity: important
References: 1216410,1217215
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4699-1
Released: Mon Dec 11 07:02:10 2023
Summary: Recommended update for gpg2
Type: recommended
Severity: moderate
References: 1217212
This update for gpg2 fixes the following issues:
- `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4704-1
Released: Mon Dec 11 07:20:53 2023
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1192986
This update for dracut fixes the following issues:
- Update to version 049.1+suse.257.gf94c3fd1
- Fix network device naming in udev-rules (bsc#1192986)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4713-1
Released: Mon Dec 11 13:23:12 2023
Summary: Security update for curl
Type: security
Severity: moderate
References: 1217573,CVE-2023-46218
This update for curl fixes the following issues:
- CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4723-1
Released: Tue Dec 12 09:57:51 2023
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1216862
This update for libtirpc fixes the following issue:
- fix sed parsing in specfile (bsc#1216862)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4727-1
Released: Tue Dec 12 12:27:39 2023
Summary: Security update for catatonit, containerd, runc
Type: security
Severity: important
References: 1200528,CVE-2022-1996
This update of runc and containerd fixes the following issues:
containerd:
- Update to containerd v1.7.8. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.8
* CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528)
catatonit:
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Update to catatont v0.1.7
* This release adds the ability for catatonit to be used as the only
process in a pause container, by passing the -P flag (in this mode no
subprocess is spawned and thus no signal forwarding is done).
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such as
passing file descriptors).
runc:
- Update to runc v1.1.10. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.10
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4811-1
Released: Wed Dec 13 19:01:09 2023
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1084909,1210780,1214037,1214344,1214764,1215371,1216058,1216259,1216584,1216965,1216976,1217140,1217332,1217408,1217780,CVE-2023-31083,CVE-2023-39197,CVE-2023-39198,CVE-2023-45863,CVE-2023-45871,CVE-2023-5717,CVE-2023-6176
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
The following non-security bugs were fixed:
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- Call flush_delayed_fput() from nfsd main-loop (bsc#1217408).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4891-1
Released: Mon Dec 18 16:31:49 2023
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1201384,1218014,CVE-2023-50495
This update for ncurses fixes the following issues:
- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4902-1
Released: Tue Dec 19 13:09:42 2023
Summary: Security update for openssh
Type: security
Severity: important
References: 1214788,1217950,CVE-2023-48795
This update for openssh fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950).
the following non-security bug was fixed:
- Fix the 'no route to host' error when connecting via ProxyJump
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4910-1
Released: Tue Dec 19 16:02:41 2023
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473
This update for avahi fixes the following issues:
- CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419).
- CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4921-1
Released: Wed Dec 20 09:51:31 2023
Summary: Security update for python-cryptography
Type: security
Severity: moderate
References: 1217592,CVE-2023-49083
This update for python-cryptography fixes the following issues:
- CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4936-1
Released: Wed Dec 20 17:18:21 2023
Summary: Security update for docker, rootlesskit
Type: security
Severity: important
References: 1170415,1170446,1178760,1210141,1213229,1213500,1215323,1217513,CVE-2020-12912,CVE-2020-8694,CVE-2020-8695
This update for docker, rootlesskit fixes the following issues:
docker:
- Update to Docker 24.0.7-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
* Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Update to Docker 24.0.6-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323
- Add a docker.socket unit file, but with socket activation effectively
disabled to ensure that Docker will always run even if you start the socket
individually. Users should probably just ignore this unit file. bsc#1210141
- Update to Docker 24.0.5-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229
This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)
rootlesskit:
- new package, for docker rootless support. (jsc#PED-6180)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4963-1
Released: Fri Dec 22 14:37:08 2023
Summary: Recommended update for curl
Type: recommended
Severity: important
References: 1216987
This update for curl fixes the following issues:
- libssh: Implement SFTP packet size limit (bsc#1216987)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4986-1
Released: Thu Dec 28 16:05:33 2023
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1217277,CVE-2023-5981
This update for gnutls fixes the following issues:
- CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:9-1
Released: Tue Jan 2 13:20:01 2024
Summary: Recommended update for samba
Type: recommended
Severity: moderate
References: 1214076
This update for samba fixes the following issues:
- Add 'net offlinejoin composeodj' command (bsc#1214076)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:11-1
Released: Tue Jan 2 13:24:52 2024
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1029961,1158830,1206798,1209122
This update for procps fixes the following issues:
- Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369)
- For support up to 2048 CPU as well (bsc#1185417)
- Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122)
- Get the first CPU summary correct (bsc#1121753)
- Enable pidof for SLE-15 as this is provided by sysvinit-tools
- Use a check on syscall __NR_pidfd_open to decide if
the pwait tool and its manual page will be build
- Do not truncate output of w with option -n
- Prefer logind over utmp (jsc#PED-3144)
- Don't install translated man pages for non-installed binaries
(uptime, kill).
- Fix directory for Ukrainian man pages translations.
- Move localized man pages to lang package.
- Update to procps-ng-3.3.17
* library: Incremented to 8:3:0
(no removals or additions, internal changes only)
* all: properly handle utf8 cmdline translations
* kill: Pass int to signalled process
* pgrep: Pass int to signalled process
* pgrep: Check sanity of SG_ARG_MAX
* pgrep: Add older than selection
* pidof: Quiet mode
* pidof: show worker threads
* ps.1: Mention stime alias
* ps: check also match on truncated 16 char comm names
* ps: Add exe output option
* ps: A lot more sorting available
* pwait: New command waits for a process
* sysctl: Match systemd directory order
* sysctl: Document directory order
* top: ensure config file backward compatibility
* top: add command line 'e' for symmetry with 'E'
* top: add '4' toggle for two abreast cpu display
* top: add '!' toggle for combining multiple cpus
* top: fix potential SEGV involving -p switch
* vmstat: Wide mode gives wider proc columns
* watch: Add environment variable for interval
* watch: Add no linewrap option
* watch: Support more colors
* free,uptime,slabtop: complain about extra ops
- Package translations in procps-lang.
- Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited.
- Enable pidof by default
- Update to procps-ng-3.3.16
* library: Increment to 8:2:0
No removals or functions
Internal changes only, so revision is incremented.
Previous version should have been 8:1:0 not 8:0:1
* docs: Use correct symbols for -h option in free.1
* docs: ps.1 now warns about command name length
* docs: install translated man pages
* pgrep: Match on runstate
* snice: Fix matching on pid
* top: can now exploit 256-color terminals
* top: preserves 'other filters' in configuration file
* top: can now collapse/expand forest view children
* top: parent %CPU time includes collapsed children
* top: improve xterm support for vim navigation keys
* top: avoid segmentation fault at program termination
* 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:43-1
Released: Fri Jan 5 14:49:13 2024
Summary: Recommended update for libsolv, zypper, libzypp
Type: recommended
Severity: moderate
References: 1212160,1215294,1216412,1217593,1217873,1218291
This update for libsolv, zypper, libzypp fixes the following issues:
- Expand RepoVars in URLs downloading a .repo file (bsc#1212160)
- Fix search/info commands ignoring --ignore-unknown (bsc#1217593)
- CheckAccessDeleted: fix 'running in container' filter (bsc#1218291)
- Open rpmdb just once during execution of %posttrans scripts (bsc#1216412)
- Make sure reboot-needed is remembered until next boot (bsc#1217873)
- Stop using boost version 1 timer library (bsc#1215294)
- Updated to version 0.7.27
- Add zstd support for the installcheck tool
- Add putinowndirpool cache to make file list handling in repo_write much faster
- Do not use deprecated headerUnload with newer rpm versions
- Support complex deps in SOLVABLE_PREREQ_IGNOREINST
- Fix minimization not prefering installed packages in some cases
- Reduce memory usage in repo_updateinfoxml
- Fix lock-step interfering with architecture selection
- Fix choice rule handing for package downgrades
- Fix complex dependencies with an 'else' part sometimes leading to unsolved dependencies
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:50-1
Released: Mon Jan 8 03:18:56 2024
Summary: Recommended update for python-instance-billing-flavor-check
Type: recommended
Severity: moderate
References: 1217695,1217696
This update for python-instance-billing-flavor-check fixes the following issues:
- Run the command as sudo only (bsc#1217696, bsc#1217695)
- Handle exception for Python 3.4
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:62-1
Released: Mon Jan 8 11:44:47 2024
Summary: Recommended update for libxcrypt
Type: recommended
Severity: moderate
References: 1215496
This update for libxcrypt fixes the following issues:
- fix variable name for datamember [bsc#1215496]
- added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:70-1
Released: Tue Jan 9 18:29:39 2024
Summary: Security update for tar
Type: security
Severity: low
References: 1217969,CVE-2023-39804
This update for tar fixes the following issues:
- CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:126-1
Released: Tue Jan 16 13:48:02 2024
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: moderate
References: 1218364
This update for suseconnect-ng fixes the following issues:
- Update to version 1.5.0
- Configure docker credentials for registry authentication
- Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364)
- Add --json output option
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:128-1
Released: Tue Jan 16 13:50:37 2024
Summary: Security update for cloud-init
Type: security
Severity: moderate
References: 1198269,1201010,1214169,1215740,1215794,1216007,1216011,CVE-2023-1786
This update for cloud-init contains the following fixes:
- Move fdupes call back to %install.(bsc#1214169)
- Update to version 23.3. (bsc#1216011)
* (bsc#1215794)
* (bsc#1215740)
* (bsc#1216007)
+ Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support (#4390)
+ Fix cc_keyboard in mantic (LP: #2030788)
+ ec2: initialize get_instance_userdata return value to bytes (#4387)
[Noah Meyerhans]
+ cc_users_groups: Add doas/opendoas support (#4363) [dermotbradley]
+ Fix pip-managed ansible
+ status: treat SubState=running and MainPID=0 as service exited
+ azure/imds: increase read-timeout to 30s (#4372) [Chris Patterson]
+ collect-logs fix memory usage (SC-1590) (#4289)
[Alec Warren] (LP: #1980150)
+ cc_mounts: Use fallocate to create swapfile on btrfs (#4369)
+ Undocument nocloud-net (#4318)
+ feat(akamai): add akamai to settings.py and apport.py (#4370)
+ read-version: fallback to get_version when git describe fails (#4366)
+ apt: fix cloud-init status --wait blocking on systemd v 253 (#4364)
+ integration tests: Pass username to pycloudlib (#4324)
+ Bump pycloudlib to 1!5.1.0 (#4353)
+ cloud.cfg.tmpl: reorganise, minimise/reduce duplication (#4272)
[dermotbradley]
+ analyze: fix (unexpected) timestamp parsing (#4347) [Mina Galić]
+ cc_growpart: fix tests to run on FreeBSD (#4351) [Mina Galić]
+ subp: Fix spurious test failure on FreeBSD (#4355) [Mina Galić]
+ cmd/clean: fix tests on non-Linux platforms (#4352) [Mina Galić]
+ util: Fix get_proc_ppid() on non-Linux systems (#4348) [Mina Galić]
+ cc_wireguard: make tests pass on FreeBSD (#4346) [Mina Galić]
+ unittests: fix breakage in test_read_cfg_paths_fetches_cached_datasource
(#4328) [Ani Sinha]
+ Fix test_tools.py collection (#4315)
+ cc_keyboard: add Alpine support (#4278) [dermotbradley]
+ Flake8 fixes (#4340) [Robert Schweikert]
+ cc_mounts: Fix swapfile not working on btrfs (#4319) [王煎饼] (LP: #1884127)
+ ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen (#4281)
[Wei Zhou]
+ ec2: Support double encoded userdata (#4275) [Noah Meyerhans]
+ cc_mounts: xfs is a Linux only FS (#4334) [Mina Galić]
+ tests/net: fix TestGetInterfaces' mock coverage for get_master (#4336)
[Chris Patterson]
+ change openEuler to openeuler and fix some bugs in openEuler (#4317)
[sxt1001]
+ Replace flake8 with ruff (#4314)
+ NM renderer: set default IPv6 addr-gen-mode for all interfaces to eui64
(#4291) [Ani Sinha]
+ cc_ssh_import_id: add Alpine support and add doas support (#4277)
[dermotbradley]
+ sudoers not idempotent (SC-1589) (#4296) [Alec Warren] (LP: #1998539)
+ Added support for Akamai Connected Cloud (formerly Linode) (#4167)
[Will Smith]
+ Fix reference before assignment (#4292)
+ Overhaul module reference page (#4237) [Sally]
+ replaced spaces with commas for setting passenv (#4269) [Alec Warren]
+ DS VMware: modify a few log level (#4284) [PengpengSun]
+ tools/read-version refactors and unit tests (#4268)
+ Ensure get_features() grabs all features (#4285)
+ Don't always require passlib dependency (#4274)
+ tests: avoid leaks into host system checking of ovs-vsctl cmd (#4275)
+ Fix NoCloud kernel commandline key parsing (#4273)
+ testing: Clear all LRU caches after each test (#4249)
+ Remove the crypt dependency (#2139) [Gonéri Le Bouder]
+ logging: keep current file mode of log file if its stricter than the
new mode (#4250) [Ani Sinha]
+ Remove default membership in redundant groups (#4258)
[Dave Jones] (LP: #1923363)
+ doc: improve datasource_creation.rst (#4262)
+ Remove duplicate Integration testing button (#4261) [Rishita Shaw]
+ tools/read-version: fix the tool so that it can handle version parsing
errors (#4234) [Ani Sinha]
+ net/dhcp: add udhcpc support (#4190) [Jean-François Roche]
+ DS VMware: add i386 arch dir to deployPkg plugin search path
[PengpengSun]
+ LXD moved from linuxcontainers.org to Canonical [Simon Deziel]
+ cc_mounts.py: Add note about issue with creating mounts inside mounts
(#4232) [dermotbradley]
+ lxd: install lxd from snap, not deb if absent in image
+ landscape: use landscape-config to write configuration
+ Add deprecation log during init of DataSourceDigitalOcean (#4194)
[tyb-truth]
+ doc: fix typo on apt.primary.arches (#4238) [Dan Bungert]
+ Inspect systemd state for cloud-init status (#4230)
+ instance-data: add system-info and features to combined-cloud-config
(#4224)
+ systemd: Block login until config stage completes (#2111) (LP: #2013403)
+ tests: proposed should invoke apt-get install -t=<release>-proposed
(#4235)
+ cloud.cfg.tmpl: reinstate ca_certs entry (#4236) [dermotbradley]
+ Remove feature flag override ability (#4228)
+ tests: drop stray unrelated file presence test (#4227)
+ Update LXD URL (#4223) [Sally]
+ schema: add network v1 schema definition and validation functions
+ tests: daily PPA for devel series is version 99.daily update tests to
match (#4225)
+ instance-data: write /run/cloud-init/combined-cloud-config.json
+ mount parse: Fix matching non-existent directories (#4222) [Mina Galić]
+ Specify build-system for pep517 (#4218)
+ Fix network v2 metric rendering (#4220)
+ Migrate content out of FAQ page (SD-1187) (#4205) [Sally]
+ setup: fix generation of init templates (#4209) [Mina Galić]
+ docs: Correct some bootcmd example wording
+ fix changelog
+ tests: reboot client to assert x-shellscript-per-boot is triggered
+ nocloud: parse_cmdline no longer detects nocloud-net datasource (#4204)
(LP: 4203, #2025180)
+ Add docstring and typing to mergemanydict (#4200)
+ BSD: add dsidentify to early startup scripts (#4182) [Mina Galić]
+ handler: report errors on skipped merged cloud-config.txt parts
(LP: #1999952)
+ Add cloud-init summit writeups (#4179) [Sally]
+ tests: Update test_clean_log for oci (#4187)
+ gce: improve ephemeral fallback NIC selection (CPC-2578) (#4163)
+ tests: pin pytest 7.3.1 to avoid adverse testpaths behavior (#4184)
+ Ephemeral Networking for FreeBSD (#2165) [Mina Galić]
+ Clarify directory syntax for nocloud local filesystem. (#4178)
+ Set default renderer as sysconfig for centos/rhel (#4165) [Ani Sinha]
+ Test static routes and netplan 0.106
+ FreeBSD fix parsing of mount and mount options (#2146) [Mina Galić]
+ test: add tracking bug id (#4164)
+ tests: can't match MAC for LXD container veth due to netplan 0.106
(#4162)
+ Add kaiwalyakoparkar as a contributor (#4156) [Kaiwalya Koparkar]
+ BSD: remove datasource_list from cloud.cfg template (#4159) [Mina Galić]
+ launching salt-minion in masterless mode (#4110) [Denis Halturin]
+ tools: fix run-container builds for rockylinux/8 git hash mismatch
(#4161)
+ fix doc lint: spellchecker tripped up (#4160) [Mina Galić]
+ Support Ephemeral Networking for BSD (#2127)
+ Added / fixed support for static routes on OpenBSD and FreeBSD (#2157)
[Kadir Mueller]
+ cc_rsyslog: Refactor for better multi-platform support (#4119)
[Mina Galić] (LP: #1798055)
+ tests: fix test_lp1835584 (#4154)
+ cloud.cfg mod names: docs and rename salt_minion and set_password (#4153)
+ vultr: remove check_route check (#2151) [Jonas Chevalier]
+ Update SECURITY.md (#4150) [Indrranil Pawar]
+ Update CONTRIBUTING.rst (#4149) [Indrranil Pawar]
+ Update .github-cla-signers (#4151) [Indrranil Pawar]
+ Standardise module names in cloud.cfg.tmpl to only use underscore
(#4128) [dermotbradley]
+ Modify PR template so autoclose works
>From 23.2.2
+ Fix NoCloud kernel commandline key parsing (#4273) (Fixes: #4271)
(LP: #2028562)
+ Fix reference before assignment (#4292) (Fixes: #4288) (LP: #2028784)
>From 23.2.1
+ nocloud: Fix parse_cmdline detection of nocloud-net datasource (#4204)
(Fixes: 4203) (LP: #2025180)
>From 23.2
+ BSD: simplify finding MBR partitions by removing duplicate code
[Mina Galić]
+ tests: bump pycloudlib version for mantic builds
+ network-manager: Set higher autoconnect priority for nm keyfiles (#3671)
[Ani Sinha]
+ alpine.py: change the locale file used (#4139) [dermotbradley]
+ cc_ntp: Sync up with current FreeBSD ntp.conf (#4122) [Mina Galić]
+ config: drop refresh_rmc_and_interface as RHEL 7 no longer supported
[Robert Schweikert]
+ docs: Add feedback button to docs
+ net/sysconfig: enable sysconfig renderer if network manager has ifcfg-rh
plugin (#4132) [Ani Sinha]
+ For Alpine use os-release PRETTY_NAME (#4138) [dermotbradley]
+ network_manager: add a method for ipv6 static IP configuration (#4127)
[Ani Sinha]
+ correct misnamed template file host.mariner.tmpl (#4124) [dermotbradley]
+ nm: generate ipv6 stateful dhcp config at par with sysconfig (#4115)
[Ani Sinha]
+ Add templates for GitHub Issues
+ Add 'peers' and 'allow' directives in cc_ntp (#3124) [Jacob Salmela]
+ FreeBSD: Fix user account locking (#4114) [Mina Galić] (GH: #1854594)
+ FreeBSD: add ResizeGrowFS class to cc_growpart (#2334) [Mina Galić]
+ Update tests in Azure TestCanDevBeReformatted class (#2771)
[Ksenija Stanojevic]
+ Replace Launchpad references with GitHub Issues
+ Fix KeyError in iproute pformat (#3287) [Dmitry Zykov]
+ schema: read_cfg_paths call init.fetch to lookup /v/l/c/instance
+ azure/errors: introduce reportable errors for imds (#3647)
[Chris Patterson]
+ FreeBSD (and friends): better identify MBR slices (#2168)
[Mina Galić] (LP: #2016350)
+ azure/errors: add host reporting for dhcp errors (#2167)
[Chris Patterson]
+ net: purge blacklist_drivers across net and azure (#2160)
[Chris Patterson]
+ net: refactor hyper-v VF filtering and apply to get_interfaces() (#2153)
[Chris Patterson]
+ tests: avoid leaks to underlying filesystem for /etc/cloud/clean.d
(#2251)
+ net: refactor find_candidate_nics_on_linux() to use get_interfaces()
(#2159) [Chris Patterson]
+ resolv_conf: Allow > 3 nameservers (#2152) [Major Hayden]
+ Remove mount NTFS error message (#2134) [Ksenija Stanojevic]
+ integration tests: fix image specification parsing (#2166)
+ ci: add hypothesis scheduled GH check (#2149)
+ Move supported distros list to docs (#2162)
+ Fix logger, use instance rather than module function (#2163)
+ README: Point to Github Actions build status (#2158)
+ Revert 'fix linux-specific code on bsd (#2143)' (#2161)
+ Do not generate dsa and ed25519 key types when crypto FIPS mode is
enabled (#2142) [Ani Sinha] (LP: 2017761)
+ Add documentation label automatically (#2156)
+ sources/azure: report success to host and introduce kvp module (#2141)
[Chris Patterson]
+ setup.py: use pkg-config for udev/rules path (#2137) [dankm]
+ openstack/static: honor the DNS servers associated with a network
(#2138) [Gonéri Le Bouder]
+ fix linux-specific code on bsd (#2143)
+ cli: schema validation of jinja template user-data (SC-1385) (#2132)
(LP: #1881925)
+ gce: activate network discovery on every boot (#2128)
+ tests: update integration test to assert 640 across reboots (#2145)
+ Make user/vendor data sensitive and remove log permissions (#2144)
(LP: #2013967)
+ Update kernel command line docs (SC-1457) (#2133)
+ docs: update network configuration path links (#2140) [d1r3ct0r]
+ sources/azure: report failures to host via kvp (#2136) [Chris Patterson]
+ net: Document use of `ip route append` to add routes (#2130)
+ dhcp: Add missing mocks (#2135)
+ azure/imds: retry fetching metadata up to 300 seconds (#2121)
[Chris Patterson]
+ [1/2] DHCP: Refactor dhcp client code (#2122)
+ azure/errors: treat traceback_base64 as string (#2131) [Chris Patterson]
+ azure/errors: introduce reportable errors (#2129) [Chris Patterson]
+ users: schema permit empty list to indicate create no users
+ azure: introduce identity module (#2116) [Chris Patterson]
+ Standardize disabling cloud-init on non-systemd (#2112)
+ Update .github-cla-signers (#2126) [Rob Tongue]
+ NoCloud: Use seedfrom protocol to determine mode (#2107)
+ rhel: Remove sysvinit files. (#2114)
+ tox.ini: set -vvvv --showlocals for pytest (#2104) [Chris Patterson]
+ Fix NoCloud kernel commandline semi-colon args
+ run-container: make the container/VM timeout configurable (#2118)
[Paride Legovini]
+ suse: Remove sysvinit files. (#2115)
+ test: Backport assert_call_count for old requests (#2119)
+ Add 'licebmi' as contributor (#2113) [Mark Martinez]
+ Adapt DataSourceScaleway to upcoming IPv6 support (#2033)
[Louis Bouchard]
+ rhel: make sure previous-hostname file ends with a new line (#2108)
[Ani Sinha]
+ Adding contributors for DataSourceAkamai (#2110) [acourdavAkamai]
+ Cleanup ephemeral IP routes on exception (#2100) [sxt1001]
+ commit 09a64badfb3f51b1b391fa29be19962381a4bbeb [sxt1001] (LP: #2011291)
+ Standardize kernel commandline user interface (#2093)
+ config/cc_resizefs: fix do_resize arguments (#2106) [Chris Patterson]
+ Fix test_dhclient_exits_with_error (#2105)
+ net/dhcp: catch dhclient failures and raise NoDHCPLeaseError (#2083)
[Chris Patterson]
+ sources/azure: move pps handling out of _poll_imds() (#2075)
[Chris Patterson]
+ tests: bump pycloudlib version (#2102)
+ schema: do not manipulate draft4 metaschema for jsonschema 2.6.0 (#2098)
+ sources/azure/imds: don't count timeout errors as connection errors
(#2074) [Chris Patterson]
+ Fix Python 3.12 unit test failures (#2099)
+ integration tests: Refactor instance checking (#1989)
+ ci: migrate remaining jobs from travis to gh (#2085)
+ missing ending quote in instancedata docs(#2094) [Hong L]
+ refactor: stop passing log instances to cc_* handlers (#2016) [d1r3ct0r]
+ tests/vmware: fix test_no_data_access_method failure (#2092)
[Chris Patterson]
+ Don't change permissions of netrules target (#2076) (LP: #2011783)
+ tests/sources: patch util.get_cmdline() for datasource tests (#2091)
[Chris Patterson]
+ macs: ignore duplicate MAC for devs with driver driver qmi_wwan (#2090)
(LP: #2008888)
+ Fedora: Enable CA handling (#2086) [František Zatloukal]
+ Send dhcp-client-identifier for InfiniBand ports (#2043) [Waleed Mousa]
+ cc_ansible: complete the examples and doc (#2082) [Yves]
+ bddeb: for dev package, derive debhelper-compat from host system
+ apport: only prompt for cloud_name when instance-data.json is absent
+ datasource: Optimize datasource detection, fix bugs (#2060)
+ Handle non existent ca-cert-config situation (#2073) [Shreenidhi Shedi]
+ sources/azure: add networking check for all source PPS (#2061)
[Chris Patterson]
+ do not attempt dns resolution on ip addresses (#2040)
+ chore: fix style tip (#2071)
+ Fix metadata IP in instancedata.rst (#2063) [Brian Haley]
+ util: Pass deprecation schedule in deprecate_call() (#2064)
+ config: Update grub-dpkg docs (#2058)
+ docs: Cosmetic improvements and styling (#2057) [s-makin]
+ cc_grub_dpkg: Added UEFI support (#2029) [Alexander Birkner]
+ tests: Write to /var/spool/rsyslog to adhere to apparmor profile (#2059)
+ oracle-ds: prefer system_cfg over ds network config source (#1998)
(LP: #1956788)
+ Remove dead code (#2038)
+ source: Force OpenStack when it is only option (#2045) (LP: #2008727)
+ cc_ubuntu_advantage: improve UA logs discovery
+ sources/azure: fix regressions in IMDS behavior (#2041) [Chris Patterson]
+ tests: fix test_schema (#2042)
+ dhcp: Cleanup unused kwarg (#2037)
+ sources/vmware/imc: fix-missing-catch-few-negtive-scenarios (#2027)
[PengpengSun]
+ dhclient_hook: remove vestigal dhclient_hook command (#2015)
+ log: Add standardized deprecation tooling (SC-1312) (#2026)
+ Enable SUSE based distros for ca handling (#2036) [Robert Schweikert]
>From 23.1.2
+ Make user/vendor data sensitive and remove log permissions
(LP: #2013967) (CVE-2023-1786)
- Remove six dependency (bsc#1198269)
- Update to version 22.4 (bsc#1201010)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:136-1
Released: Thu Jan 18 09:53:47 2024
Summary: Security update for pam
Type: security
Severity: moderate
References: 1217000,1218475,CVE-2024-22365
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:153-1
Released: Thu Jan 18 15:04:35 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1179610,1215237,1215375,1217250,1217709,1217946,1217947,1218105,1218253,1218258,1218559,CVE-2020-26555,CVE-2023-51779,CVE-2023-6121,CVE-2023-6606,CVE-2023-6610,CVE-2023-6931,CVE-2023-6932
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
The following non-security bugs were fixed:
- clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105).
- clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105).
- doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021)
- doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021)
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021).
- efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375).
- io_uring: fix 32-bit compatability with sendmsg/recvmsg (bsc#1217709).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:161-1
Released: Thu Jan 18 18:40:46 2024
Summary: Recommended update for dpdk22
Type: recommended
Severity: moderate
References:
This update of dpdk22 fixes the following issue:
- DPDK 22.11.1 is shipped to SLE Micro 5.5. (jsc#PED-7147)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:164-1
Released: Fri Jan 19 05:47:58 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: important
References: 1207987
This update for util-linux fixes the following issues:
- Instead of explicitly truncating clocks.txt file, pad with whitespaces in the end of file.
This is done to improve performance of libuuid on xfs.
(bsc#1207987)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:187-1
Released: Tue Jan 23 13:38:00 2024
Summary: Recommended update for python-chardet
Type: recommended
Severity: moderate
References: 1218765
This update for python-chardet fixes the following issues:
- Fix update-alternative in %postun (bsc#1218765)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:189-1
Released: Tue Jan 23 13:54:18 2024
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: critical
References: 1217961,1218649
This update for suseconnect-ng contains the following fix:
- Update to version 1.6.0:
* Disable EULA display for addons. (bsc#1218649 and bsc#1217961)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:232-1
Released: Thu Jan 25 11:58:05 2024
Summary: Recommended update for suse-module-tools
Type: recommended
Severity: moderate
References: 1217775
This update for suse-module-tools fixes the following issues:
- Update to version 15.3.18
- Add symlink /boot/.vmlinuz.hmac (bsc#1217775)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:254-1
Released: Fri Jan 26 17:19:30 2024
Summary: Recommended update for containerd
Type: recommended
Severity: moderate
References: 1217952
This update for containerd fixes the following issues:
- Fix permissions of address file (bsc#1217952)
- Update to version 1.7.10
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:264-1
Released: Tue Jan 30 14:19:02 2024
Summary: Security update for xen
Type: security
Severity: moderate
References: 1218851,CVE-2023-46839
This update for xen fixes the following issues:
- CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:295-1
Released: Thu Feb 1 08:23:17 2024
Summary: Security update for runc
Type: security
Severity: important
References: 1218894,CVE-2024-21626
This update for runc fixes the following issues:
Update to runc v1.1.11:
- CVE-2024-21626: Fixed container breakout. (bsc#1218894)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:306-1
Released: Thu Feb 1 17:58:09 2024
Summary: Recommended update for python-instance-billing-flavor-check
Type: recommended
Severity: moderate
References: 1218561,1218739
This update for python-instance-billing-flavor-check fixes the following issues:
- Support proxy setup on the client to access the update infrastructure API (bsc#1218561)
- Add IPv6 support (bsc#1218739)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:322-1
Released: Fri Feb 2 15:13:26 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1107342,1215434
This update for aaa_base fixes the following issues:
- Set JAVA_HOME correctly (bsc#1107342, bsc#1215434)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:427-1
Released: Thu Feb 8 12:56:57 2024
Summary: Recommended update for supportutils
Type: recommended
Severity: moderate
References: 1183663,1193173,1196293,1211547,1216049,1216388,1216390,1216522,1216827,1217287,1218201,1218282
This update for supportutils fixes the following issues:
- Update to version 3.1.28
- Correctly detects Xen Dom0 (bsc#1218201)
- Fixed smart disk error (bsc#1218282)
- Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173)
- Added missing klp information to kernel-livepatch.txt (bsc#1216390)
- Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388)
- Provides long listing for /etc/sssd/sssd.conf (bsc#1211547)
- Optimize lsof usage (bsc#1183663)
- Collects chrony or ntp as needed (bsc#1196293)
- Fixed podman display issue (bsc#1217287)
- Added nvme-stas configuration to nvme.txt (bsc#1216049)
- Added timed command to fs-files.txt (bsc#1216827)
- Collects zypp history file issue#166 (bsc#1216522)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:444-1
Released: Fri Feb 9 16:39:32 2024
Summary: Security update for suse-build-key
Type: security
Severity: important
References: 1219123,1219189
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
Bugfix added since last update:
- run rpm commands in import script only when libzypp is not
active. bsc#1219189 bsc#1219123
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:458-1
Released: Tue Feb 13 14:34:14 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issues:
- Update to version 0.378
- Update pci, usb and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:459-1
Released: Tue Feb 13 15:28:56 2024
Summary: Security update for runc
Type: security
Severity: important
References: 1218894,CVE-2024-21626
This update for runc fixes the following issues:
- Update to runc v1.1.12 (bsc#1218894)
The following CVE was already fixed with the previous release.
- CVE-2024-21626: Fixed container breakout.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:474-1
Released: Wed Feb 14 18:00:29 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1108281,1193285,1215275,1216702,1217987,1217988,1217989,1218713,1218730,1218752,1218757,1218768,1218804,1218832,1218836,1219053,1219120,1219412,1219434,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-4921,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0565,CVE-2024-0775,CVE-2024-1086
The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
The following non-security bugs were fixed:
- Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:475-1
Released: Wed Feb 14 19:08:44 2024
Summary: Recommended update for libsolv
Type: recommended
Severity: important
References: 1215698,1218782,1218831,1219442
This update for libsolv, libzypp fixes the following issues:
- build for multiple python versions [jsc#PED-6218]
- applydeltaprm: Create target directory if it does not exist (bsc#1219442)
- Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698)
- CheckAccessDeleted: fix running_in_container detection (bsc#1218782)
- Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:525-1
Released: Mon Feb 19 08:03:59 2024
Summary: Security update for libssh
Type: security
Severity: important
References: 1158095,1168699,1174713,1189608,1211188,1211190,1218126,1218186,1218209,CVE-2019-14889,CVE-2020-16135,CVE-2020-1730,CVE-2021-3634,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918
This update for libssh fixes the following issues:
Update to version 0.9.8 (jsc#PED-7719):
* Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209)
* Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126)
* Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186)
* Allow @ in usernames when parsing from URI composes
Update to version 0.9.7:
* Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm
guessing (bsc#1211188)
* Fix CVE-2023-2283: a possible authorization bypass in
pki_verify_data_signature under low-memory conditions (bsc#1211190)
* Fix several memory leaks in GSSAPI handling code
Update to version 0.9.6 (bsc#1189608, CVE-2021-3634):
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6
Update to 0.9.5 (bsc#1174713, CVE-2020-16135):
* CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
* Improve handling of library initialization (T222)
* Fix parsing of subsecond times in SFTP (T219)
* Make the documentation reproducible
* Remove deprecated API usage in OpenSSL
* Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
* Define version in one place (T226)
* Prevent invalid free when using different C runtimes than OpenSSL (T229)
* Compatibility improvements to testsuite
Update to version 0.9.4
* https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
* Fix possible Denial of Service attack when using AES-CTR-ciphers
CVE-2020-1730 (bsc#1168699)
Update to version 0.9.3
* Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095)
* SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
* SSH-01-006 General: Various unchecked Null-derefs cause DOS
* SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
* SSH-01-010 SSH: Deprecated hash function in fingerprinting
* SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
* SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
* SSH-01-001 State Machine: Initial machine states should be set explicitly
* SSH-01-002 Kex: Differently bound macros used to iterate same array
* SSH-01-005 Code-Quality: Integer sign confusion during assignments
* SSH-01-008 SCP: Protocol Injection via unescaped File Names
* SSH-01-009 SSH: Update documentation which RFCs are implemented
* SSH-01-012 PKI: Information leak via uninitialized stack buffer
Update to version 0.9.2
* Fixed libssh-config.cmake
* Fixed issues with rsa algorithm negotiation (T191)
* Fixed detection of OpenSSL ed25519 support (T197)
Update to version 0.9.1
* Added support for Ed25519 via OpenSSL
* Added support for X25519 via OpenSSL
* Added support for localuser in Match keyword
* Fixed Match keyword to be case sensitive
* Fixed compilation with LibreSSL
* Fixed error report of channel open (T75)
* Fixed sftp documentation (T137)
* Fixed known_hosts parsing (T156)
* Fixed build issue with MinGW (T157)
* Fixed build with gcc 9 (T164)
* Fixed deprecation issues (T165)
* Fixed known_hosts directory creation (T166)
- Split out configuration to separate package to not mess up the
library packaging and coinstallation
Update to verion 0.9.0
* Added support for AES-GCM
* Added improved rekeying support
* Added performance improvements
* Disabled blowfish support by default
* Fixed several ssh config parsing issues
* Added support for DH Group Exchange KEX
* Added support for Encrypt-then-MAC mode
* Added support for parsing server side configuration file
* Added support for ECDSA/Ed25519 certificates
* Added FIPS 140-2 compatibility
* Improved known_hosts parsing
* Improved documentation
* Improved OpenSSL API usage for KEX, DH, and signatures
- Add libssh client and server config files
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:534-1
Released: Tue Feb 20 08:48:52 2024
Summary: Recommended update for supportutils-plugin-suse-public-cloud
Type: recommended
Severity: moderate
References: 1218762,1218763
This update for supportutils-plugin-suse-public-cloud fixes the following issues:
- Update to version 1.0.9 (bsc#1218762, bsc#1218763)
- Remove duplicate data collection for the plugin itself
- Collect archive metering data when available
- Query billing flavor status
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:569-1
Released: Wed Feb 21 07:19:46 2024
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: important
References: 1219425
This update for suseconnect-ng fixes the following issues:
- Allow SUSEConnect on read write transactional systems (bsc#1219425)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:581-1
Released: Wed Feb 21 14:08:16 2024
Summary: Security update for python3
Type: security
Severity: moderate
References: 1210638,CVE-2023-27043
This update for python3 fixes the following issues:
- CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:586-1
Released: Thu Feb 22 09:54:21 2024
Summary: Security update for docker
Type: security
Severity: important
References: 1219267,1219268,1219438,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653
This update for docker fixes the following issues:
Vendor latest buildkit v0.11 including bugfixes for the following:
* CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438).
* CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268).
* CVE-2024-23651: Fixed race condition in mount (bsc#1219267).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:596-1
Released: Thu Feb 22 20:05:29 2024
Summary: Security update for openssh
Type: security
Severity: important
References: 1218215,CVE-2023-51385
This update for openssh fixes the following issues:
- CVE-2023-51385: Limit the use of shell metacharacters in host- and
user names to avoid command injection. (bsc#1218215)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:615-1
Released: Mon Feb 26 11:32:32 2024
Summary: Recommended update for netcfg
Type: recommended
Severity: moderate
References: 1211886
This update for netcfg fixes the following issues:
- Add krb-prop entry (bsc#1211886)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:725-1
Released: Thu Feb 29 11:03:34 2024
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1219123,1219189
This update for suse-build-key fixes the following issues:
- Switch container key to be default RSA 4096bit. (jsc#PED-2777)
- run import script also in %posttrans section, but only when
libzypp is not active. bsc#1219189 bsc#1219123
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:792-1
Released: Thu Mar 7 09:55:23 2024
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References:
This update for timezone fixes the following issues:
- Update to version 2024a
- Kazakhstan unifies on UTC+5
- Palestine springs forward a week later than previously predicted in 2024 and 2025
- Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00
- From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00
- In 1911 Miquelon adopted standard time on June 15, not May 15
- The FROM and TO columns of Rule lines can no longer be 'minimum'
- localtime no longer mishandle some timestamps
- strftime %s now uses tm_gmtoff if available
- Ittoqqortoormiit, Greenland changes time zones on 2024-03-31
- Vostok, Antarctica changed time zones on 2023-12-18
- Casey, Antarctica changed time zones five times since 2020
- Code and data fixes for Palestine timestamps starting in 2072
- A new data file zonenow.tab for timestamps starting now
- Much of Greenland changed its standard time from -03 to -02 on 2023-03-25
- localtime.c no longer mishandles TZif files that contain a single transition into a DST regime
- tzselect no longer creates temporary files
- tzselect no longer mishandles the following:
* Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION.
* TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/
* ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments
* Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension
* zic no longer mishandles data for Palestine after the year 2075
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:824-1
Released: Fri Mar 8 17:34:36 2024
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1218571,1219238,CVE-2023-7207
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:832-1
Released: Mon Mar 11 10:30:30 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1219243,CVE-2024-0727
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:834-1
Released: Mon Mar 11 14:22:12 2024
Summary: Security update for sudo
Type: security
Severity: important
References: 1219026,1220389,CVE-2023-42465
This update for sudo fixes the following issues:
- CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026).
Fixed issues introduced by first patches for CVE-2023-42465 (bsc#1220389).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:849-1
Released: Tue Mar 12 15:38:04 2024
Summary: Recommended update for cloud-init
Type: recommended
Severity: important
References: 1198533,1214169,1218952
This update for cloud-init contains the following fixes:
- Skip tests with empty config.
- Support reboot on package update/upgrade via the cloud-init
config. (bsc#1198533, bsc#1218952, jsc#SMO-326)
- Switch build dependency to the generic distribution-release package.
- Move fdupes call back to %install. (bsc#1214169)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:853-1
Released: Tue Mar 12 17:20:28 2024
Summary: Recommended update for qrencode
Type: recommended
Severity: moderate
References:
This update for qrencode fixes the following issues:
- update to 4.1.1 (jsc#PED-7296):
* Some minor bugs in Micro QR Code generation have been fixed.
* The data capacity calculations are now correct. These bugs probably did not
affect the Micro QR Code generation.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:857-1
Released: Wed Mar 13 01:07:44 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1200599,1207653,1212514,1213456,1216223,1218195,1218689,1218915,1219127,1219128,1219146,1219295,1219653,1219827,1219835,1219915,1220009,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220253,1220255,1220328,1220330,1220344,1220398,1220409,1220416,1220418,1220421,1220436,1220444,1220459,1220469,1220482,1220526,1220538,1220570,1220572,1220599,1220627,1220641,1220649,1220660,1220689,1220700,1220735,1220736,1220737,1220742,1220745,1220767,1220796,1220825,1220826,1220831,1220845,1220860,1220863,1220870,1220917,1220918,1220930,1220931,1220932,1221039,1221040,CVE-2019-25162,CVE-2020-36777,CVE-2020-36784,CVE-2021-46904,CVE-2021-46905,CVE-2021-46906,CVE-2021-46915,CVE-2021-46924,CVE-2021-46929,CVE-2021-46932,CVE-2021-46934,CVE-2021-46953,CVE-2021-46964,CVE-2021-46966,CVE-2021-46968,CVE-2021-46974,CVE-2021-46989,CVE-2021-47005,CVE-2021-47012,CVE-2021-47013,CVE-2021-47054,CVE-2021-47060,CVE-2021-47061,CVE-2021-47069,CVE-2021-47076,CVE-2021-47078,CVE-2021-47083,CVE-2022-201
54,CVE-2022-48627,CVE-2023-28746,CVE-2023-35827,CVE-2023-46343,CVE-2023-51042,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52463,CVE-2023-52475,CVE-2023-52478,CVE-2023-52482,CVE-2023-52502,CVE-2023-52530,CVE-2023-52531,CVE-2023-52532,CVE-2023-52569,CVE-2023-52574,CVE-2023-52597,CVE-2023-52605,CVE-2023-6817,CVE-2024-0340,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23851,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-26593,CVE-2024-26595,CVE-2024-26602,CVE-2024-26607,CVE-2024-26622
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big†packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863)
- CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860)
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52482: Fixex a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660).
- CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742).
- CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627).
- CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737).
- CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745).
The following non-security bugs were fixed:
- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330)
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes).
- KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes).
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add the removed mds_user_clear symbol to kABI severities as it is exposed just for KVM module and is generally a core kernel component so removing it is low risk.
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes).
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:860-1
Released: Wed Mar 13 08:45:21 2024
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1218865,CVE-2023-5981,CVE-2024-0553
This update for gnutls fixes the following issues:
- CVE-2024-0553: Fixed insufficient mitigation for side channel attack in RSA-PSK, aka CVE-2023-5981 (bsc#1218865).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:861-1
Released: Wed Mar 13 09:12:30 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1218232
This update for aaa_base fixes the following issues:
- Silence the output in the case of broken symlinks (bsc#1218232)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:870-1
Released: Wed Mar 13 13:05:14 2024
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1217445,1217589,1218866
This update for glibc fixes the following issues:
Security issues fixed:
- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)
Other issues fixed:
- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:871-1
Released: Wed Mar 13 13:07:46 2024
Summary: Security update for vim
Type: security
Severity: important
References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667
This update for vim fixes the following issues:
- CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326).
- CVE-2023-48236: Fixed overflow in get_number (bsc#1217329).
- CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330).
- CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005).
Updated to version 9.1 with patch level 0111:
https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:896-1
Released: Thu Mar 14 15:54:44 2024
Summary: Recommended update for wicked
Type: recommended
Severity: moderate
References: 1215692,1218926,1218927,1219265
This update for wicked fixes the following issues:
- ifreload: VLAN changes require device deletion (bsc#1218927)
- ifcheck: fix config changed check (bsc#1218926)
- client: fix exit code for no-carrier status (bsc#1219265)
- dhcp6: omit the SO_REUSEPORT option (bsc#1215692)
- duid: fix comment for v6time
- rtnl: fix peer address parsing for non ptp-interfaces
- system-updater: parse updater format from XML configuration to ensure install calls can run
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:901-1
Released: Thu Mar 14 17:49:10 2024
Summary: Security update for python3
Type: security
Severity: important
References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597
This update for python3 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:904-1
Released: Fri Mar 15 08:42:04 2024
Summary: Recommended update for supportutils
Type: recommended
Severity: moderate
References: 1214713,1218632,1218812,1218814,1219241,1219639
This update for supportutils fixes the following issues:
- Update toversion 3.1.29
- Extended scaling for performance (bsc#1214713)
- Fixed kdumptool output error (bsc#1218632)
- Corrected podman ID errors (bsc#1218812)
- Duplicate non root podman entries removed (bsc#1218814)
- Corrected get_sles_ver for SLE Micro (bsc#1219241)
- Check nvidida-persistenced state (bsc#1219639)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:935-1
Released: Tue Mar 19 13:03:44 2024
Summary: Security update for xen
Type: security
Severity: moderate
References: 1219885,CVE-2023-46841
This update for xen fixes the following issues:
- CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:944-1
Released: Wed Mar 20 09:15:53 2024
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: important
References: 1220679
This update for suseconnect-ng fixes the following issues:
- Allow '--rollback' flag to run on readonly filesystem (bsc#1220679)
- Update to version 1.7.0
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:980-1
Released: Mon Mar 25 06:18:28 2024
Summary: Recommended update for pam-config
Type: recommended
Severity: moderate
References: 1219767
This update for pam-config fixes the following issues:
- Fix pam_gnome_keyring module for AUTH (bsc#1219767)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:984-1
Released: Mon Mar 25 16:04:44 2024
Summary: Recommended update for runc
Type: recommended
Severity: important
References: 1192051,1221050
This update for runc fixes the following issues:
- Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to
properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050
This allows running 15 SP6 containers on older distributions.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1001-1
Released: Wed Mar 27 01:48:30 2024
Summary: Security update for krb5
Type: security
Severity: important
References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1015-1
Released: Thu Mar 28 06:08:11 2024
Summary: Recommended update for sed
Type: recommended
Severity: important
References: 1221218
This update for sed fixes the following issues:
- 'sed -i' now creates temporary files with correct umask (bsc#1221218)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1104-1
Released: Wed Apr 3 14:29:59 2024
Summary: Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs
Type: recommended
Severity: important
References:
This update for docker fixes the following issues:
- Overlay files are world-writable (bsc#1220339)
- Allow disabling apparmor support (some products only support SELinux)
The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs)
are no-change rebuilds required because the corresponding binary packages were missing in a number
of repositories, thus making docker not installable on some products.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1118-1
Released: Fri Apr 5 06:33:40 2024
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1216594,1216598,CVE-2023-38469,CVE-2023-38471
This update for avahi fixes the following issues:
- CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594).
- CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1120-1
Released: Fri Apr 5 14:03:46 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1126-1
Released: Mon Apr 8 07:06:47 2024
Summary: Recommended update for wicked
Type: recommended
Severity: important
References: 1220996,1221194,1221358
This update for wicked fixes the following issues:
- Fix fallback-lease drop in addrconf (bsc#1220996)
- Use upstream `nvme nbft show` (bsc#1221358)
- Hide secrets in debug log (bsc#1221194)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1133-1
Released: Mon Apr 8 11:29:02 2024
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1220061,CVE-2023-45918
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1136-1
Released: Mon Apr 8 11:30:15 2024
Summary: Security update for c-ares
Type: security
Severity: moderate
References: 1220279,CVE-2024-25629
This update for c-ares fixes the following issues:
- CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1152-1
Released: Mon Apr 8 11:36:50 2024
Summary: Security update for xen
Type: security
Severity: moderate
References: 1221332,1221334,CVE-2023-28746,CVE-2024-2193
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1167-1
Released: Mon Apr 8 15:11:11 2024
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1221399,CVE-2024-28182
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1170-1
Released: Tue Apr 9 09:51:25 2024
Summary: Security update for util-linux
Type: security
Severity: important
References: 1194038,1207987,1221831,CVE-2024-28085
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1176-1
Released: Tue Apr 9 10:43:33 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issues:
- Update to 0.380
- Update pci, usb and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1180-1
Released: Tue Apr 9 21:13:49 2024
Summary: Recommended update for python-azure-agent
Type: recommended
Severity: important
References: 1217301,1217302
This update for python-azure-agent contains the following fixes:
- Recognise SLE-Micro as a SLE based distro.
- Create sub-packages for the config (jsc#PED-7869)
+ Remove config manipulation from image building
+ Set up a config for SLE-Micro
+ Makes deafult upstream config available
- Update to 2.9.1.1 (bsc#1217301, bsc#1217302)
+ Update unittest.mock
+ Download certificates when goal state source is fast track #2761
+ Increase the max number of extension events by 20% #2785
+ Remove version suffix from extension slice #2782
+ Support int type for eventPid and eventTid fields #2786
+ Improve log for swap counter not found #2789
+ Remove cgroup files during deprovisioning #2790
+ Log VM architecture in heartbeat telemetry for arm64 adoption
monitoring #2818
+ Enforce memory usage for agent #2671
+ Use common download logic for agent downloads #2682
+ Implement Fedora distro #2642
+ Report message in handler heartbeat #2688
+ Remove dependency on pathlib from makepkg #2717
+ Do not fetch extensions goal state in log collector #2713
+ Update log collector unit file to remove memory limit #2757
+ Fix bug in get_dhcp_pid (CoreOS) #2784
+ Fetch full distro version for mariner #2773
>From 2.9.04
+ Resource Governance on extensions (CPU monitoring and enforcing & Memory
monitoring) #2632 #2581 #2555
+ Agent resource governance #2597 #2591 #2546
+ monitor system-wide memory metrics (#2610)
+ Additional telemetry for goal state (#2675)
+ HostGAPlugin usage improvements #2662 #2673 #2655 #2651
+ Add logging statements for mrseq migration during update (#2667)
+ Logcollector memory usage #2658 #2637
+ Update Log Collector default in Comments and Readme (#2608)
+ Improve telemetry success and failure markers (#2605) #2604 #2599
+ Fix formatting of exceptions on Python 3.10
(traceback.format's etype argument) (#2663)
+ Fix UNKNOWN(Zombie) Process in unexpected processes check (#2644)
+ SUSE: Fix valid values for DHCLIENT_HOSTNAME_OPTION (#2643)
+ Debian - string conversion for systemd service (#2574)
+ Do not set a CPU quota on the agent for RHEL and Centos (#2685) #2689 #2693
+ support rhel distro (#2620) #2598
+ Added support for devuan linux distribution (#2553)
No incremental updates between 2.8.011 and 2.9.0.4
- Clean up conditions in spec file:
+ There is no maintained distro > 1315 (SLE12) AND < 1500
(SLE15). Only openSUSE 13.2 and 13.3 lived in that space, but
they are clearly not the target of this spec file.
+ if 0%{?Suse_version} && 0{?suse_version} > 1315: no need to
first validate suse_version being defined: whenever it
is > 1315, must be defined.
- Add patch to use unittest.mock first, falling back to mock if required.
- Tighten Requires against python3-mock.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1190-1
Released: Wed Apr 10 03:28:33 2024
Summary: Security update for less
Type: security
Severity: important
References: 1219901,CVE-2022-48624
This update for less fixes the following issues:
- CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1202-1
Released: Thu Apr 11 10:49:35 2024
Summary: Recommended update for libzypp, zypper, PackageKit
Type: recommended
Severity: moderate
References: 1175678,1218171,1218544,1221525,CVE-2024-0217
This update for libzypp, zypper, PackageKit fixes the following issues:
- Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544)
- Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525)
- New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- Add default stripe minimum
- Don't expose std::optional where YAST/PK explicitly use c++11.
- Digest: Avoid using the deprecated OPENSSL_config
- version 17.32.0
- ProblemSolution::skipsPatchesOnly overload to handout the patches
- Show active dry-run/download-only at the commit propmpt
- Add --skip-not-applicable-patches option
- Fix printing detailed solver problem description
- Fix bash-completion to work with right adjusted numbers in the 1st column too
- Set libzypp shutdown request signal on Ctrl+C
- In the detailed view show all baseurls not just the first one (bsc#1218171)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1231-1
Released: Thu Apr 11 15:20:40 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1220441
This update for glibc fixes the following issues:
- duplocale: protect use of global locale (bsc#1220441, BZ #23970)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1253-1
Released: Fri Apr 12 08:15:18 2024
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239
This update for gcc13 fixes the following issues:
- Fix unwinding for JIT code. [bsc#1221239]
- Revert libgccjit dependency change. [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
breaks them. [bsc#1219520]
- Add support for -fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM. [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686. [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
%product_libs_llvm_ver where available and adjust tool discovery
accordingly. This should also properly trigger re-builds when
the patchlevel version of llvmVER changes, possibly changing
the binary names we link to. [bsc#1217450]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1279-1
Released: Fri Apr 12 21:35:09 2024
Summary: Recommended update for python3
Type: recommended
Severity: moderate
References: 1222109
This update for python3 fixes the following issue:
- Fix syslog making default 'ident' from sys.argv (bsc#1222109)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1302-1
Released: Tue Apr 16 07:23:44 2024
Summary: Recommended update for python-azure-agent
Type: recommended
Severity: critical
References: 1222620
This update for python-azure-agent fixes the following issues:
- Keep the existing config file (bsc#1222620)
- Do not force wicked dependency for networking, allow NM in SLE Micro 5.5
and for ALP based products
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1335-1
Released: Thu Apr 18 14:44:22 2024
Summary: Recommended update for wicked
Type: recommended
Severity: moderate
References: 1222105
This update for wicked fixes the following issues:
- Do not convert sec to msec twice (bsc#1222105)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1352-1
Released: Fri Apr 19 15:28:38 2024
Summary: Recommended update for cloud-init
Type: recommended
Severity: important
References: 1220132,1221132,1221726,1222113
This update for cloud-init contains the following fixes:
- Add cloud-init-no-nmcfg-needed.patch (bsc#1221726)
+ Do not require a NetworkManager config file in order to detect
NetworkManager as the renderer
- Add cloud-init-no-openstack-guess.patch (bsc#1222113)
+ Do not guess if we are running on OpenStack or not. Only recognize
the known markers and enable cloud-init if we know for sure.
- Do not guess a data source when checking for a CloudStack
environment. (bsc#1221132)
- Hardcode distribution to suse for proper cloud.cfg generation
(bsc#1220132).
- Prepare for RPM 4.20 switch patch syntax
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1366-1
Released: Mon Apr 22 11:04:32 2024
Summary: Recommended update for openssh
Type: recommended
Severity: moderate
References: 1216474,1218871,1221123,1222831
This update for openssh fixes the following issues:
- Fix hostbased ssh login failing occasionally with 'signature
unverified: incorrect signature' by fixing a typo in patch (bsc#1221123)
- Avoid closing IBM Z crypto devices nodes. (bsc#1218871)
- Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474)
- Change the default value of UpdateHostKeys to Yes (unless
VerifyHostKeyDNS is enabled).
This makes ssh update the known_hosts stored keys with all published
versions by the server (after it's authenticated with an existing
key), which will allow to identify the server with a different key if
the existing key is considered insecure at some point in the future
(bsc#1222831).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1368-1
Released: Mon Apr 22 11:06:29 2024
Summary: Security update for shim
Type: security
Severity: important
References: 1198101,1205588,1205855,1210382,1213945,1215098,1215099,1215100,1215101,1215102,1215103,1219460,CVE-2022-28737,CVE-2023-40546,CVE-2023-40547,CVE-2023-40548,CVE-2023-40549,CVE-2023-40550,CVE-2023-40551
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
- Generate dbx during build so we don't include binary files in sources
- Don't require grub so shim can still be used with systemd-boot
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
- Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1375-1
Released: Mon Apr 22 14:56:13 2024
Summary: Security update for glibc
Type: security
Severity: important
References: 1222992,CVE-2024-2961
This update for glibc fixes the following issues:
- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1398-1
Released: Tue Apr 23 13:58:22 2024
Summary: Recommended update for systemd-default-settings
Type: recommended
Severity: moderate
References:
This update for systemd-default-settings fixes the following issues:
- Disable pids controller limit under user instances (jsc#SLE-10123)
- Disable controllers by default (jsc#PED-2276)
- The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP,
hence the early drop-ins SUSE specific 'feature' has been abandoned.
- User priority '26' for SLE-Micro
- Convert more drop-ins into early ones
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1429-1
Released: Wed Apr 24 15:13:10 2024
Summary: Recommended update for ca-certificates
Type: recommended
Severity: moderate
References: 1188500,1221184
This update for ca-certificates fixes the following issue:
- Update version (bsc#1221184)
* Use flock to serialize calls (bsc#1188500)
* Make certbundle.run container friendly
* Create /var/lib/ca-certificates if needed
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1433-1
Released: Wed Apr 24 21:41:41 2024
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1221525,1221963,1222086,1222398,1223094
This update for libzypp, zypper fixes the following issues:
- Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398)
- Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094)
- Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086)
- TmpFile: Don't call chmod if makeSibling failed
- Do not try to refresh repo metadata as non-root user (bsc#1222086)
- man: Explain how to protect orphaned packages by collecting them in a plaindir repo
- packages: Add --autoinstalled and --userinstalled options to list them
- Don't print 'reboot required' message if download-only or dry-run
- Resepect zypper.conf option `showAlias` search commands (bsc#1221963)
- dup: New option --remove-orphaned to remove all orphaned packages in dup (bsc#1221525)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1434-1
Released: Thu Apr 25 09:11:03 2024
Summary: Recommended update for systemd-presets-common-SUSE
Type: recommended
Severity: moderate
References: 1200731
This update for systemd-presets-common-SUSE fixes the following issues:
- Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked
(bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84)
Support both the old and new service to avoid complex version interdependency.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1439-1
Released: Thu Apr 25 23:41:12 2024
Summary: Security update for python-idna
Type: security
Severity: moderate
References: 1222842,CVE-2024-3651
This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1459-1
Released: Mon Apr 29 07:48:02 2024
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1220763
This update for vim fixes the following issues:
- Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1474-1
Released: Tue Apr 30 06:21:02 2024
Summary: Recommended update for cups
Type: recommended
Severity: important
References: 1217119
This update for cups fixes the following issues:
- Fix occasional stuck on poll() loop (bsc#1217119)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1487-1
Released: Thu May 2 10:43:53 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1211721,1221361,1221407,1222547
This update for aaa_base fixes the following issues:
- home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile
- drop the stderr redirection for csh (bsc#1221361)
- drop sysctl.d/50-default-s390.conf (bsc#1211721)
- make sure the script does not exit with 1 if a file with content is found (bsc#1222547)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1488-1
Released: Thu May 2 15:29:32 2024
Summary: Recommended update for chrony
Type: recommended
Severity: moderate
References: 1213551
This update for chrony fixes the following issues:
- Use shorter NTS-KE retry interval when network is down (bsc#1213551)
- Use make quickcheck instead of make check to avoid more than 1h build
times and failures due to timeouts. This was the default before
3.2 but it changed to make tests more reliable
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1489-1
Released: Fri May 3 09:36:22 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1184942,1186060,1192145,1194516,1208995,1209635,1209657,1212514,1213456,1217987,1217988,1217989,1218336,1218447,1218479,1218562,1219170,1219264,1220320,1220340,1220366,1220400,1220411,1220413,1220414,1220425,1220426,1220429,1220432,1220442,1220445,1220465,1220468,1220475,1220484,1220486,1220487,1220516,1220521,1220528,1220529,1220532,1220554,1220556,1220557,1220560,1220561,1220566,1220575,1220580,1220583,1220611,1220615,1220621,1220625,1220630,1220631,1220638,1220639,1220640,1220641,1220662,1220663,1220669,1220670,1220677,1220678,1220685,1220687,1220688,1220692,1220697,1220703,1220706,1220733,1220734,1220739,1220743,1220745,1220749,1220751,1220753,1220758,1220759,1220764,1220768,1220769,1220777,1220779,1220785,1220790,1220794,1220824,1220826,1220829,1220836,1220846,1220850,1220861,1220871,1220883,1220946,1220954,1220969,1220979,1220982,1220985,1220987,1221015,1221044,1221058,1221061,1221077,1221088,1221276,1221293,1221532,1221534,1221541,1221548,1221552,1221575,1221605,1
221606,1221608,1221830,1221931,1221932,1221934,1221935,1221949,1221952,1221965,1221966,1221969,1221973,1221974,1221978,1221989,1221990,1221991,1221992,1221993,1221994,1221996,1221997,1221998,1221999,1222000,1222001,1222002,1222003,1222004,1222117,1222422,1222585,1222619,1222660,1222664,1222669,1222706,CVE-2020-36780,CVE-2020-36781,CVE-2020-36782,CVE-2020-36783,CVE-2021-23134,CVE-2021-29155,CVE-2021-46908,CVE-2021-46909,CVE-2021-46911,CVE-2021-46914,CVE-2021-46917,CVE-2021-46918,CVE-2021-46919,CVE-2021-46920,CVE-2021-46921,CVE-2021-46922,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46938,CVE-2021-46939,CVE-2021-46943,CVE-2021-46944,CVE-2021-46950,CVE-2021-46951,CVE-2021-46956,CVE-2021-46958,CVE-2021-46959,CVE-2021-46960,CVE-2021-46961,CVE-2021-46962,CVE-2021-46963,CVE-2021-46971,CVE-2021-46976,CVE-2021-46980,CVE-2021-46981,CVE-2021-46983,CVE-2021-46984,CVE-2021-46988,CVE-2021-46990,CVE-2021-46991,CVE-2021-46992,CVE-2021-46998,CVE-2021-47000,CVE-2021-47001,CVE-2021-47003,CVE-
2021-47006,CVE-2021-47009,CVE-2021-47013,CVE-2021-47014,CVE-2021-47015,CVE-2021-47017,CVE-2021-47020,CVE-2021-47026,CVE-2021-47034,CVE-2021-47035,CVE-2021-47038,CVE-2021-47044,CVE-2021-47045,CVE-2021-47046,CVE-2021-47049,CVE-2021-47051,CVE-2021-47055,CVE-2021-47056,CVE-2021-47058,CVE-2021-47061,CVE-2021-47063,CVE-2021-47065,CVE-2021-47068,CVE-2021-47069,CVE-2021-47070,CVE-2021-47071,CVE-2021-47073,CVE-2021-47077,CVE-2021-47082,CVE-2021-47087,CVE-2021-47095,CVE-2021-47097,CVE-2021-47100,CVE-2021-47101,CVE-2021-47109,CVE-2021-47110,CVE-2021-47112,CVE-2021-47114,CVE-2021-47117,CVE-2021-47118,CVE-2021-47119,CVE-2021-47120,CVE-2021-47130,CVE-2021-47136,CVE-2021-47137,CVE-2021-47138,CVE-2021-47139,CVE-2021-47141,CVE-2021-47142,CVE-2021-47144,CVE-2021-47150,CVE-2021-47153,CVE-2021-47160,CVE-2021-47161,CVE-2021-47164,CVE-2021-47165,CVE-2021-47166,CVE-2021-47167,CVE-2021-47168,CVE-2021-47169,CVE-2021-47170,CVE-2021-47171,CVE-2021-47172,CVE-2021-47173,CVE-2021-47174,CVE-2021-47175,CVE-2021-47
176,CVE-2021-47177,CVE-2021-47179,CVE-2021-47180,CVE-2021-47181,CVE-2021-47183,CVE-2021-47185,CVE-2021-47189,CVE-2022-0487,CVE-2022-4744,CVE-2022-48626,CVE-2023-0160,CVE-2023-1192,CVE-2023-28746,CVE-2023-35827,CVE-2023-52454,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52476,CVE-2023-52477,CVE-2023-52492,CVE-2023-52500,CVE-2023-52508,CVE-2023-52509,CVE-2023-52572,CVE-2023-52575,CVE-2023-52583,CVE-2023-52590,CVE-2023-52591,CVE-2023-52607,CVE-2023-52628,CVE-2023-6270,CVE-2023-6356,CVE-2023-6531,CVE-2023-6535,CVE-2023-6536,CVE-2023-7042,CVE-2023-7192,CVE-2024-22099,CVE-2024-26600,CVE-2024-26614,CVE-2024-26642,CVE-2024-26704,CVE-2024-26733
The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557).
- CVE-2021-46911: Fixed kernel panic (bsc#1220400).
- CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465).
- CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432).
- CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429).
- CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414).
- CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426).
- CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516).
- CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734).
- CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529).
- CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697).
- CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621).
- CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663).
- CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639).
- CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706).
- CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670).
- CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677).
- CVE-2021-47009: Fixed memory leak on object td (bsc#1220733).
- CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630).
- CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678).
- CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685).
- CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688).
- CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753).
- CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759).
- CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534).
- CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552).
- CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932).
- CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973).
- CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974).
- CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978).
- CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990).
- CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
The following non-security bugs were fixed:
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
- group-source-files.pl: Quote filenames (boo#1221077).
- kernel-binary: certs: Avoid trailing space
- mm: fix gup_pud_range (bsc#1220824).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1534-1
Released: Mon May 6 14:55:19 2024
Summary: Security update for less
Type: security
Severity: important
References: 1222849,CVE-2024-32487
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1540-1
Released: Tue May 7 09:24:25 2024
Summary: Security update for xen
Type: security
Severity: moderate
References: 1221984,1222302,1222453,CVE-2023-46842,CVE-2024-2201,CVE-2024-31142
This update for xen fixes the following issues:
- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
- CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1567-1
Released: Thu May 9 12:33:42 2024
Summary: Recommended update for catatonit
Type: recommended
Severity: moderate
References:
This update for catatonit fixes the following issues:
- Update to catatonit v0.2.0
- Change license to GPL-2.0-or-later
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1569-1
Released: Thu May 9 13:17:26 2024
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1216853,CVE-2023-38472
This update for avahi fixes the following issues:
- CVE-2023-38472: Fix reachable assertion in avahi_rdata_parse() (bsc#1216853).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1633-1
Released: Tue May 14 11:35:56 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1222548,CVE-2024-2511
This update for openssl-1_1 fixes the following issues:
- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1642-1
Released: Tue May 14 15:38:24 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1190576,1192145,1200313,1201489,1203906,1203935,1204614,1211592,1218562,1218917,1219169,1219170,1219264,1220513,1220755,1220854,1221113,1221299,1221543,1221545,1222449,1222482,1222503,1222559,1222585,1222624,1222666,1222669,1222709,1222790,1222792,1222829,1222876,1222878,1222881,1222883,1222894,1222976,1223016,1223057,1223111,1223187,1223202,1223475,1223482,1223509,1223513,1223522,1223824,1223921,1223923,1223931,1223941,1223948,1223952,1223963,CVE-2021-46955,CVE-2021-47041,CVE-2021-47074,CVE-2021-47113,CVE-2021-47131,CVE-2021-47184,CVE-2021-47185,CVE-2021-47194,CVE-2021-47198,CVE-2021-47201,CVE-2021-47202,CVE-2021-47203,CVE-2021-47206,CVE-2021-47207,CVE-2021-47212,CVE-2021-47216,CVE-2022-48631,CVE-2022-48638,CVE-2022-48650,CVE-2022-48651,CVE-2022-48654,CVE-2022-48672,CVE-2022-48686,CVE-2022-48687,CVE-2022-48693,CVE-2022-48695,CVE-2022-48701,CVE-2022-48702,CVE-2023-2860,CVE-2023-6270,CVE-2024-0639,CVE-2024-0841,CVE-2024-22099,CVE-2024-23307,CVE-2024-26610,CVE-2024-26688,C
VE-2024-26689,CVE-2024-26733,CVE-2024-26739,CVE-2024-26744,CVE-2024-26816,CVE-2024-26840,CVE-2024-26852,CVE-2024-26862,CVE-2024-26898,CVE-2024-26903,CVE-2024-26906,CVE-2024-27043
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543).
- CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755).
- CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854).
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449).
The following non-security bugs were fixed:
- dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113).
- dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113).
- net/tls: Remove the context from the list in tls_device_down (bsc#1221545).
- tls: Fix context leak on tls_device_down (bsc#1221545).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1666-1
Released: Thu May 16 08:00:53 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1221632
This update for coreutils fixes the following issues:
- ls: avoid triggering automounts (bsc#1221632)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1762-1
Released: Wed May 22 16:14:17 2024
Summary: Security update for perl
Type: security
Severity: important
References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1775-1
Released: Fri May 24 15:20:59 2024
Summary: Security update for libfastjson
Type: security
Severity: important
References: 1171479,CVE-2020-12762
This update for libfastjson fixes the following issues:
- CVE-2020-12762: Fixed integer overflow and out-of-bounds write via a large JSON file (bsc#1171479).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1778-1
Released: Fri May 24 17:40:50 2024
Summary: Recommended update for systemd-presets-branding-SLE
Type: recommended
Severity: moderate
References:
This update for systemd-presets-branding-SLE fixes the following issues:
- Enable sysctl-logger (jsc#PED-5024)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1792-1
Released: Mon May 27 18:05:34 2024
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: important
References: 1220679,1223107
This update for suseconnect-ng fixes the following issues:
- Version update
* Fix certificate import for Yast when using a registration proxy with
self-signed SSL certificate (bsc#1223107)
* Allow '--rollback' flag to run on readonly filesystem (bsc#1220679)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:461-1
Released: Wed May 29 09:34:10 2024
Summary: Security update for libxml2
Type: security
Severity: important
References: 1219576,CVE-2024-25062
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1826-1
Released: Wed May 29 10:43:45 2024
Summary: Recommended update for wicked
Type: recommended
Severity: important
References: 1205604,1218926,1219108,1224100
This update for wicked fixes the following issues:
- client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100)
- Update to version 0.6.75:
- cleanup: fix ni_fsm_state_t enum-int-mismatch warnings
- cleanup: fix overflow warnings in a socket testcase on i586
- ifcheck: report new and deleted configs as changed (bsc#1218926)
- man: improve ARP configuration options in the wicked-config.5
- bond: add ports when master is UP to avoid port MTU revert (bsc#1219108)
- cleanup: fix interface dependencies and shutdown order (bsc#1205604)
- Remove port arrays from bond,team,bridge,ovs-bridge (redundant)
and consistently use config and state info attached to the port
interface as in rtnetlink(7).
- Cleanup ifcfg parsing, schema configuration and service properties
- Migrate ports in xml config and policies already applied in nanny
- Remove 'missed config' generation from finite state machine, which
is completed while parsing the config or while xml config migration.
- Issue a warning when 'lower' interface (e.g. eth0) config is missed
while parsing config depending on it (e.g. eth0.42 vlan).
- Resolve ovs master to the effective bridge in config and wickedd
- Implement netif-check-state require checks using system relations
from wickedd/kernel instead of config relations for ifdown and add
linkDown and deleteDevice checks to all master and lower references.
- Add a `wicked <ifup|ifdown|ifreload> --dry-run …` option to show the
system/config interface hierarchies as notice with +/- marked
interfaces to setup and/or shutdown.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1848-1
Released: Thu May 30 06:52:35 2024
Summary: Recommended update for supportutils
Type: recommended
Severity: important
References: 1220082,1222021
This update for supportutils fixes the following issues:
- Suppress file descriptor leak warnings from lvm commands (bsc#1220082)
- Add -V key:value pair option (bsc#1222021, PED-8211)
- Avoid getting duplicate kernel verifications in boot.text
- Include container log timestamps
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1863-1
Released: Thu May 30 14:18:27 2024
Summary: Security update for python-Jinja2
Type: security
Severity: moderate
References: 1218722,1223980,CVE-2024-22195,CVE-2024-34064
This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1876-1
Released: Fri May 31 06:47:32 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1221361
This update for aaa_base fixes the following issues:
- Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1880-1
Released: Fri May 31 08:45:12 2024
Summary: Security update for python-requests
Type: security
Severity: moderate
References: 1224788,CVE-2024-35195
This update for python-requests fixes the following issues:
- CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1895-1
Released: Mon Jun 3 09:00:20 2024
Summary: Security update for glibc
Type: security
Severity: important
References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602
This update for glibc fixes the following issues:
- CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
- CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
- CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
- Avoid creating userspace live patching prologue for _start routine (bsc#1221940)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1982-1
Released: Tue Jun 11 12:12:44 2024
Summary: Security update for bind
Type: security
Severity: important
References: 1219823,1219826,1219851,1219852,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-6516
This update for bind fixes the following issues:
- CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851)
- CVE-2023-50387: Fixed denial of service during DNS messages validation with DNSSEC signatures (bsc#1219823)
- CVE-2023-50868: Fixed denial of service during NSEC3 closest encloser proof preparation (bsc#1219826)
- CVE-2023-5517: Fixed denial of service caused by specific queries with nxdomain-redirect enabled (bsc#1219852)
- CVE-2023-6516: Fixed denial of service caused by specific queries that continuously triggered cache database maintenance (bsc#1219854)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2003-1
Released: Wed Jun 12 07:30:30 2024
Summary: Security update for cups
Type: security
Severity: important
References: 1223179,1225365,CVE-2024-35235
This update for cups fixes the following issues:
- CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365)
- Handle local 'Negotiate' authentication response for cli clients (bsc#1223179)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2009-1
Released: Wed Jun 12 13:47:43 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1219273,CVE-2023-27534
This update for curl fixes the following issues:
- CVE-2023-27534: Properly resolve ~ when used in a SFTP path. (bsc#1219273)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2033-1
Released: Sun Jun 16 12:19:55 2024
Summary: Security update for bind
Type: security
Severity: important
References: 1219823,1219826,1219851,1219852,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-6516
This update for bind fixes the following issues:
- CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851)
- CVE-2023-50387: Fixed denial of service during DNS messages validation with DNSSEC signatures (bsc#1219823)
- CVE-2023-50868: Fixed denial of service during NSEC3 closest encloser proof preparation (bsc#1219826)
- CVE-2023-5517: Fixed denial of service caused by specific queries with nxdomain-redirect enabled (bsc#1219852)
- CVE-2023-6516: Fixed denial of service caused by specific queries that continuously triggered cache database maintenance (bsc#1219854)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2035-1
Released: Mon Jun 17 09:29:26 2024
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1225551,CVE-2024-4741
This update for openssl-1_1 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
-----------------------------------------------------------------
Advisory ID: 33666
Released: Wed Jun 19 08:36:53 2024
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: important
References: 1222086,1223430,1223766
This update for libsolv, libzypp, zypper fixes the following issues:
- Improve updating of installed multiversion packages
- Fix decision introspection going into an endless loop in some cases
- Split libsolv-tools into libsolv-tools-base [jsc#PED-8153]
- Improve checks against corrupt rpm
- Fixed check for outdated repo metadata as non-root user (bsc#1222086)
- Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153)
- Dynamically resolve libproxy (jsc#PED-8153)
- Fix download from gpgkey URL (bsc#1223430)
- Delay zypp lock until command options are parsed (bsc#1223766)
- Unify message format
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2085-1
Released: Wed Jun 19 11:36:00 2024
Summary: recommended update for python-requests
Type: recommended
Severity: moderate
References: 1225912
This update for python-requests fixes the following issue:
- Allow the usage of 'verify' parameter as a directory. (bsc#1225912)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2086-1
Released: Wed Jun 19 11:48:24 2024
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References: 1188441
This update for gcc13 fixes the following issues:
Update to GCC 13.3 release
- Removed Fiji support from the GCN offload compiler as that is requiring
Code Object version 3 which is no longer supported by llvm18.
- Avoid combine spending too much compile-time and memory doing nothing
on s390x. [bsc#1188441]
- Make requirement to lld version specific to avoid requiring the
meta-package.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2108-1
Released: Thu Jun 20 19:35:51 2024
Summary: Security update for containerd
Type: security
Severity: important
References: 1221400,1224323,CVE-2023-45288
This update for containerd fixes the following issues:
Update to containerd v1.7.17.
- CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400).
- Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2174-1
Released: Mon Jun 24 07:20:48 2024
Summary: Security update for wget
Type: security
Severity: moderate
References: 1226419,CVE-2024-38428
This update for wget fixes the following issues:
- CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2185-1
Released: Mon Jun 24 21:04:36 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1151927,1152472,1154353,1156395,1174585,1176447,1176774,1176869,1178134,1181147,1184631,1185570,1185589,1185902,1186885,1187357,1188616,1188772,1189883,1190795,1191452,1192107,1194288,1194591,1196956,1197760,1198029,1199304,1200619,1203389,1206646,1209657,1210335,1210629,1213476,1215420,1216702,1217169,1220137,1220144,1220754,1220877,1220960,1221044,1221113,1221829,1222251,1222619,1222838,1222867,1223084,1223138,1223384,1223390,1223512,1223932,1223934,1224099,1224174,1224438,1224482,1224511,1224592,1224816,1224826,1224830,1224831,1224832,1224834,1224841,1224842,1224843,1224844,1224846,1224849,1224852,1224853,1224854,1224859,1224882,1224886,1224888,1224889,1224891,1224892,1224893,1224899,1224904,1224907,1224909,1224916,1224917,1224922,1224923,1224924,1224926,1224928,1224953,1224954,1224955,1224957,1224961,1224963,1224965,1224966,1224968,1224981,1224982,1224983,1224984,1224987,1224990,1224993,1224996,1224997,1225026,1225030,1225058,1225060,1225083,1225084,1225091,1
225112,1225113,1225128,1225140,1225143,1225148,1225155,1225164,1225177,1225178,1225181,1225192,1225193,1225198,1225201,1225206,1225207,1225208,1225214,1225223,1225224,1225230,1225232,1225233,1225237,1225238,1225243,1225244,1225247,1225251,1225252,1225256,1225261,1225262,1225263,1225301,1225303,1225316,1225318,1225320,1225321,1225322,1225326,1225327,1225328,1225330,1225333,1225336,1225341,1225346,1225351,1225354,1225355,1225357,1225358,1225360,1225361,1225366,1225367,1225369,1225370,1225372,1225374,1225384,1225386,1225387,1225390,1225393,1225400,1225404,1225405,1225409,1225411,1225424,1225427,1225435,1225437,1225438,1225439,1225446,1225447,1225448,1225450,1225453,1225455,1225468,1225499,1225500,1225508,1225534,CVE-2020-36788,CVE-2021-3743,CVE-2021-39698,CVE-2021-43056,CVE-2021-43527,CVE-2021-47104,CVE-2021-47192,CVE-2021-47200,CVE-2021-47220,CVE-2021-47227,CVE-2021-47228,CVE-2021-47229,CVE-2021-47230,CVE-2021-47231,CVE-2021-47235,CVE-2021-47236,CVE-2021-47237,CVE-2021-47239,CVE-2021-
47240,CVE-2021-47241,CVE-2021-47246,CVE-2021-47252,CVE-2021-47253,CVE-2021-47254,CVE-2021-47255,CVE-2021-47258,CVE-2021-47259,CVE-2021-47260,CVE-2021-47261,CVE-2021-47263,CVE-2021-47265,CVE-2021-47267,CVE-2021-47269,CVE-2021-47270,CVE-2021-47274,CVE-2021-47275,CVE-2021-47276,CVE-2021-47280,CVE-2021-47281,CVE-2021-47284,CVE-2021-47285,CVE-2021-47288,CVE-2021-47289,CVE-2021-47296,CVE-2021-47301,CVE-2021-47302,CVE-2021-47305,CVE-2021-47307,CVE-2021-47308,CVE-2021-47314,CVE-2021-47315,CVE-2021-47320,CVE-2021-47321,CVE-2021-47323,CVE-2021-47324,CVE-2021-47329,CVE-2021-47330,CVE-2021-47332,CVE-2021-47333,CVE-2021-47334,CVE-2021-47337,CVE-2021-47338,CVE-2021-47340,CVE-2021-47341,CVE-2021-47343,CVE-2021-47344,CVE-2021-47347,CVE-2021-47348,CVE-2021-47350,CVE-2021-47353,CVE-2021-47354,CVE-2021-47356,CVE-2021-47369,CVE-2021-47375,CVE-2021-47378,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47387,CVE-2021-47388,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47395,CVE-2021-47396,C
VE-2021-47399,CVE-2021-47402,CVE-2021-47404,CVE-2021-47405,CVE-2021-47409,CVE-2021-47413,CVE-2021-47416,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47428,CVE-2021-47431,CVE-2021-47434,CVE-2021-47435,CVE-2021-47436,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47451,CVE-2021-47456,CVE-2021-47458,CVE-2021-47460,CVE-2021-47464,CVE-2021-47465,CVE-2021-47468,CVE-2021-47473,CVE-2021-47478,CVE-2021-47480,CVE-2021-47482,CVE-2021-47483,CVE-2021-47485,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-2021-47509,CVE-2021-47511,CVE-2021-47512,CVE-2021-47516,CVE-2021-47518,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47535,CVE-2021-47536,CVE-2021-47538,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47549,CVE-2021-47557,CVE-2021-47562,CVE-2021
-47563,CVE-2021-47565,CVE-2022-1195,CVE-2022-20132,CVE-2022-48636,CVE-2022-48673,CVE-2022-48704,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-2176,CVE-2023-4244,CVE-2023-47233,CVE-2023-52433,CVE-2023-52581,CVE-2023-52591,CVE-2023-52654,CVE-2023-52655,CVE-2023-52686,CVE-2023-52840,CVE-2023-52871,CVE-2023-52880,CVE-2023-6531,CVE-2024-26581,CVE-2024-26643,CVE-2024-26828,CVE-2024-26921,CVE-2024-26925,CVE-2024-26929,CVE-2024-26930,CVE-2024-27398,CVE-2024-27413,CVE-2024-35811,CVE-2024-35895,CVE-2024-35914
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201).
- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)
- CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
- CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934).
- CVE-2023-52871: Handle a second device without data corruption (bsc#1225534)
- CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355).
- CVE-2021-47500: Fixed trigger reference couting (bsc#1225360).
- CVE-2024-27413: Fix incorrect allocation size (bsc#1224438).
- CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208).
- CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411).
- CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928).
- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)
- CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729).
The following non-security bugs were fixed:
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- btrfs: do not start relocation until in progress drops are done (bsc#1222251).
- btrfs: do not start relocation until in progress drops are done (bsc#1222251).
- cifs: add missing spinlock around tcon refcount (bsc#1213476).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476).
- cifs: avoid race conditions with parallel reconnects (bsc#1213476).
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476).
- cifs: avoid use of global locks for high contention data (bsc#1213476).
- cifs: check only tcon status on tcon related functions (bsc#1213476).
- cifs: do all necessary checks for credits within or before locking (bsc#1213476).
- cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476).
- cifs: do not refresh cached referrals from unactive mounts (bsc#1213476).
- cifs: do not take exclusive lock for updating target hints (bsc#1213476).
- cifs: fix confusing debug message (bsc#1213476).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476).
- cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476).
- cifs: fix refresh of cached referrals (bsc#1213476).
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476).
- cifs: fix source pathname comparison of dfs supers (bsc#1213476).
- cifs: fix status checks in cifs_tree_connect (bsc#1213476).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476).
- cifs: get rid of dns resolve worker (bsc#1213476).
- cifs: get rid of mount options string parsing (bsc#1213476).
- cifs: handle cache lookup errors different than -ENOENT (bsc#1213476).
- cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476).
- cifs: match even the scope id for ipv6 addresses (bsc#1213476).
- cifs: optimize reconnect of nested links (bsc#1213476).
- cifs: prevent data race in smb2_reconnect() (bsc#1213476).
- cifs: refresh root referrals (bsc#1213476).
- cifs: remove duplicate code in __refresh_tcon() (bsc#1213476).
- cifs: remove unused function (bsc#1213476).
- cifs: remove unused smb3_fs_context::mount_options (bsc#1213476).
- cifs: return DFS root session id in DebugData (bsc#1213476).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476).
- cifs: set correct ipc status after initial tree connect (bsc#1213476).
- cifs: set correct status of tcon ipc when reconnecting (bsc#1213476).
- cifs: set correct tcon status after initial tree connect (bsc#1213476).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476).
- cifs: set resolved ip in sockaddr (bsc#1213476).
- cifs: share dfs connections and supers (bsc#1213476).
- cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476).
- cifs: use fs_context for automounts (bsc#1213476).
- cifs: use origin fullpath for automounts (bsc#1213476).
- cifs: use tcon allocation functions even for dummy tcon (bsc#1213476).
- netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes).
- netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes).
- netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes).
- netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes).
- netfilter: nf_tables: GC transaction race with abort path (git-fixes).
- netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes).
- netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes).
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes).
- netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes).
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes).
- netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes).
- netfilter: nf_tables: use correct lock to protect gc_list (git-fixes).
- netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes).
- netfilter: nft_set_rbtree: Add missing expired checks (git-fixes).
- netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes).
- netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes).
- netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes).
- netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes).
- netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes).
- netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes).
- netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes).
- netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes).
- netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes).
- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes).
- netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes).
- netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes).
- netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes).
- netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes).
- netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes).
- NFC: nxp: add NXP1002 (bsc#1185589).
- PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243).
- smb: client: fix dfs link mount against w2k8 (git-fixes).
- smb: client: fix null auth (bsc#1213476).
- smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes).
- x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2215-1
Released: Tue Jun 25 17:15:25 2024
Summary: Recommended update for python-azure-agent
Type: recommended
Severity: moderate
References: 1225946
This update for python-azure-agent fixes the following issue:
- Use the -Z option for mv and cp in the posttrans to properly handle
SELinux context (bsc#1225946)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2222-1
Released: Tue Jun 25 18:10:29 2024
Summary: Recommended update for cloud-init
Type: recommended
Severity: important
References: 1219680,1223469
This update for cloud-init fixes the following issues:
- Brute force approach to skip renames if the device is already present
(bsc#1219680)
- Handle the existence of /usr/etc/sudoers to search for the expected
include location (bsc#1223469)
- Do not enable cloud-init on systems where there is no DMI just
because no data source has been found. No data source means
cloud-init will not run.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2233-1
Released: Wed Jun 26 10:02:07 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: important
References: 1215918
This update for util-linux fixes the following issue:
- fix Xen virtualization type misidentification (bsc#1215918)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2240-1
Released: Wed Jun 26 15:20:30 2024
Summary: Recommended update for wicked
Type: recommended
Severity: important
References: 1218668
This update for wicked fixes the following issues:
- Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2247-1
Released: Sun Jun 30 15:21:38 2024
Summary: Security update for glib2
Type: security
Severity: low
References: 1224044,CVE-2024-34397
This update for glib2 fixes the following issues:
- CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2252-1
Released: Mon Jul 1 14:58:17 2024
Summary: Recommended update for sle-module-containers-release
Type: recommended
Severity: low
References:
This update for sle-module-containers-release contains the following fix:
- Remove EOL Date from release package.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2253-1
Released: Mon Jul 1 18:33:02 2024
Summary: Recommended update for containerd
Type: recommended
Severity: moderate
References:
This update for containerd fixes the following issues:
- Revert the noarch change for devel subpackage
Switching to noarch causes issues on SLES maintenance updates, reverting it
fixes our image builds
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2267-1
Released: Tue Jul 2 10:33:36 2024
Summary: Security update for libxml2
Type: security
Severity: low
References: 1224282,CVE-2024-34459
This update for libxml2 fixes the following issues:
- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2024:2282-1
Released: Tue Jul 2 22:41:27 2024
Summary: Optional update for openscap, scap-security-guide
Type: optional
Severity: moderate
References:
This update for scap-security-guide and openscap provides the SCAP tooling
for SLE Micro 5.3, 5.4, 5.5.
This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2303-1
Released: Thu Jul 4 16:25:35 2024
Summary: Security update for krb5
Type: security
Severity: important
References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2310-1
Released: Mon Jul 8 09:15:35 2024
Summary: Recommended update for libssh
Type: recommended
Severity: moderate
References: 1227396
This update for libssh fixes the following issue:
- Fix regression parsing IPv6 addresses provided as hostname (bsc#1227396)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2362-1
Released: Tue Jul 9 16:02:10 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1156395,1171988,1176447,1176774,1181147,1191958,1195065,1195254,1195798,1202623,1218148,1219224,1219633,1222015,1223011,1223384,1224671,1224703,1224749,1224764,1224765,1224766,1224865,1225010,1225047,1225109,1225161,1225184,1225203,1225487,1225518,1225611,1225732,1225749,1225840,1225866,1226226,1226537,1226552,1226554,1226557,1226558,1226562,1226563,1226575,1226583,1226585,1226587,1226595,1226614,1226619,1226621,1226624,1226643,1226644,1226645,1226647,1226650,1226669,1226670,1226672,1226674,1226679,1226686,1226691,1226692,1226698,1226703,1226708,1226709,1226711,1226712,1226713,1226715,1226716,1226720,1226721,1226732,1226758,1226762,1226786,1226962,CVE-2021-3896,CVE-2021-43389,CVE-2021-4439,CVE-2021-47247,CVE-2021-47311,CVE-2021-47328,CVE-2021-47368,CVE-2021-47372,CVE-2021-47379,CVE-2021-47571,CVE-2021-47576,CVE-2021-47583,CVE-2021-47589,CVE-2021-47595,CVE-2021-47596,CVE-2021-47600,CVE-2021-47602,CVE-2021-47609,CVE-2021-47611,CVE-2021-47612,CVE-2021-47617,CVE-2021-47618,C
VE-2021-47619,CVE-2021-47620,CVE-2022-0435,CVE-2022-22942,CVE-2022-2938,CVE-2022-48711,CVE-2022-48715,CVE-2022-48717,CVE-2022-48722,CVE-2022-48724,CVE-2022-48726,CVE-2022-48728,CVE-2022-48730,CVE-2022-48732,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48746,CVE-2022-48747,CVE-2022-48748,CVE-2022-48749,CVE-2022-48752,CVE-2022-48754,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48767,CVE-2022-48768,CVE-2022-48771,CVE-2023-24023,CVE-2023-52707,CVE-2023-52752,CVE-2023-52881,CVE-2024-26822,CVE-2024-26923,CVE-2024-35789,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35878,CVE-2024-35950,CVE-2024-36894,CVE-2024-36904,CVE-2024-36940,CVE-2024-36964,CVE-2024-38541,CVE-2024-38545,CVE-2024-38559,CVE-2024-38560
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865).
- CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010).
- CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161).
- CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
- CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712).
- CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595)
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
The following non-security bugs were fixed:
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- psi: Fix uaf issue when psi trigger is destroyed while being
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2401-1
Released: Thu Jul 11 06:36:43 2024
Summary: Security update for oniguruma
Type: security
Severity: moderate
References: 1141157,CVE-2019-13225
This update for oniguruma fixes the following issues:
- CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2406-1
Released: Thu Jul 11 11:27:05 2024
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1227429
This update for suse-build-key fixes the following issue:
- Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import
them (bsc#1227429)
- gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key
- gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2479-1
Released: Mon Jul 15 10:33:22 2024
Summary: Security update for python3
Type: security
Severity: important
References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2533-1
Released: Tue Jul 16 14:12:31 2024
Summary: Security update for xen
Type: security
Severity: important
References: 1222453,1227355,CVE-2024-2201,CVE-2024-31143
This update for xen fixes the following issues:
- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2609-1
Released: Fri Jul 26 18:07:05 2024
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1227681
This update for suse-build-key fixes the following issue:
- fixed syntax error in auto import shell script (bsc#1227681)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2648-1
Released: Tue Jul 30 12:03:47 2024
Summary: Security update for shadow
Type: security
Severity: important
References: 916845,CVE-2013-4235
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2662-1
Released: Tue Jul 30 15:41:34 2024
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1226469,CVE-2024-37891
This update for python-urllib3 fixes the following issues:
- CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2671-1
Released: Tue Jul 30 21:10:57 2024
Summary: Recommended update for cups
Type: recommended
Severity: moderate
References: 1226192
This update for cups fixes the following issues:
- Require the exact matching version-release of all libcups* sub-packages (bsc#1226192)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2674-1
Released: Wed Jul 31 06:57:02 2024
Summary: Recommended update for wicked
Type: recommended
Severity: important
References: 1225976,1226125,1226664
This update for wicked fixes the following issues:
- Update to version 0.6.76
- compat-suse: warn user and create missing parent config of infiniband children
- client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125)
- ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976)
- wireless: add frequency-list in station mode (jsc#PED-8715)
- client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664)
- man: add supported bonding options to ifcfg-bonding(5) man page
- arputil: Document minimal interval for getopts
- man: (re)generate man pages from md sources
- client: warn on interface wait time reached
- compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces
- compat-suse: fix infiniband and infiniband child type detection from ifname
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2024:2688-1
Released: Thu Aug 1 06:59:58 2024
Summary: Feature update for Public Cloud
Type: feature
Severity: important
References: 1222075,1227067,1227106,1227711
This update for Public Cloud fixes the following issues:
- Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345):
* google-guest-agent (no source changes)
* google-guest-configs (no source changes)
* google-guest-oslogin (no source changes)
* google-osconfig-agent (no source changes)
* growpart-rootgrow (no source changes)
* python-azure-agent (includes bug fixes see below)
* python-cssselect (no source changes)
* python-instance-billing-flavor-check (no source changes)
* python-toml (no source changes)
* python3-lxml (inlcudes a bug fix, see below)
- python-azure-agent received the following fixes:
* Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists
(bsc#1227711)
* Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106)
* Do not package `waagent2.0` in Python 3 builds
* Do not require `wicked` in non-SUSE build environments
* Apply python3 interpreter patch in non SLE build environments (bcs#1227067)
- python3-lxml also received the following fix:
* Fixed compatibility with system libexpat in tests (bnc#1222075)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2745-1
Released: Mon Aug 5 17:58:41 2024
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: important
References: 1219004,1223107,1226128
This update for suseconnect-ng fixes the following issues:
- Version update:
* Added uname as collector
* Added SAP workload detection
* Added detection of container runtimes
* Multiple fixes on ARM64 detection
* Use `read_values` for the CPU collector on Z
* Fixed data collection for ppc64le
* Grab the home directory from /etc/passwd if needed (bsc#1226128)
* Build zypper-migration and zypper-packages-search as standalone
binaries rather then one single binary
* Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004)
* Include /etc/products.d in directories whose content are backed
up and restored if a zypper-migration rollback happens (bsc#1219004)
* Add the ability to upload the system uptime logs, produced by the
suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report
(jsc#PED-7982) (jsc#PED-8018)
* Add support for third party packages in SUSEConnect
* Refactor existing system information collection implementation
self-signed SSL certificate (bsc#1223107)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2791-1
Released: Tue Aug 6 16:35:10 2024
Summary: Recommended update for various 32bit packages
Type: recommended
Severity: moderate
References: 1228322
This update of various packages delivers 32bit variants to allow running Wine
on SLE PackageHub 15 SP6.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2799-1
Released: Wed Aug 7 08:19:10 2024
Summary: Recommended update for runc
Type: recommended
Severity: important
References: 1214960
This update for runc fixes the following issues:
- Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13
- Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2806-1
Released: Wed Aug 7 09:49:03 2024
Summary: Security update for shadow
Type: security
Severity: moderate
References: 1228770,CVE-2013-4235
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2810-1
Released: Wed Aug 7 09:50:10 2024
Summary: Security update for bind
Type: security
Severity: important
References: 1228256,1228257,CVE-2024-1737,CVE-2024-1975
This update for bind fixes the following issues:
- CVE-2024-1737: It is possible to craft excessively large numbers of
resource record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (bsc#1228256)
- CVE-2024-1975: Validating DNS messages signed using the SIG(0)
protocol (RFC 2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(bsc#1228257)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated
- bind-utils-9.16.6-150300.22.47.1 updated
- blog-2.26-150300.4.6.1 updated
- ca-certificates-mozilla-2.62-150200.30.1 updated
- ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated
- catatonit-0.2.0-150300.10.8.1 updated
- chrony-pool-suse-4.1-150300.16.14.3 updated
- chrony-4.1-150300.16.14.3 updated
- cloud-init-config-suse-23.3-150100.8.82.3 updated
- cloud-init-23.3-150100.8.82.3 updated
- containerd-ctr-1.7.17-150000.114.1 updated
- containerd-1.7.17-150000.114.1 updated
- coreutils-8.32-150300.3.8.1 updated
- cpio-2.12-150000.3.12.1 updated
- cups-config-2.2.7-150000.3.62.1 updated
- curl-7.66.0-150200.4.72.1 updated
- dbus-1-1.12.2-150100.8.17.1 updated
- dhcp-client-4.3.6.P1-150000.6.19.1 updated
- dhcp-4.3.6.P1-150000.6.19.1 updated
- docker-25.0.6_ce-150000.203.1 updated
- dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 updated
- gawk-4.2.1-150000.3.3.1 updated
- glibc-locale-base-2.31-150300.83.1 updated
- glibc-locale-2.31-150300.83.1 updated
- glibc-2.31-150300.83.1 updated
- gpg2-2.2.27-150300.3.8.1 updated
- grub2-i386-pc-2.04-150300.22.43.1 updated
- grub2-x86_64-efi-2.04-150300.22.43.1 updated
- grub2-2.04-150300.22.43.1 updated
- hwdata-0.380-150000.3.68.1 updated
- hwinfo-21.85-150300.3.6.1 updated
- kernel-default-5.3.18-150300.59.167.1 updated
- krb5-1.19.2-150300.19.1 updated
- less-530-150000.3.9.1 updated
- libassuan0-2.5.5-150000.4.7.1 updated
- libavahi-client3-0.7-150100.3.35.1 updated
- libavahi-common3-0.7-150100.3.35.1 updated
- libbind9-1600-9.16.6-150300.22.47.1 updated
- libblkid1-2.36.2-150300.4.44.12 updated
- libblogger2-2.26-150300.4.6.1 updated
- libcap2-2.26-150000.4.9.1 updated
- libcares2-1.19.1-150000.3.26.1 updated
- libcrypt1-4.4.15-150300.4.7.1 updated
- libcryptsetup12-2.3.7-150300.3.8.1 updated
- libcups2-2.2.7-150000.3.62.1 updated
- libcurl4-7.66.0-150200.4.72.1 updated
- libdbus-1-3-1.12.2-150100.8.17.1 updated
- libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 updated
- libdns1605-9.16.6-150300.22.47.1 updated
- libeconf0-0.5.2-150300.3.11.1 updated
- libfastjson4-0.99.8-150000.3.3.1 updated
- libfdisk1-2.36.2-150300.4.44.12 updated
- libfreetype6-2.10.4-150000.4.15.1 updated
- libfstrm0-0.6.1-150300.9.5.1 added
- libgcc_s1-13.3.0+git8781-150000.1.12.1 updated
- libglib-2_0-0-2.62.6-150200.3.18.1 updated
- libgnutls30-3.6.7-150200.14.31.1 updated
- libirs1601-9.16.6-150300.22.47.1 updated
- libisc1606-9.16.6-150300.22.47.1 updated
- libisccc1600-9.16.6-150300.22.47.1 updated
- libisccfg1600-9.16.6-150300.22.47.1 updated
- libjansson4-2.14-150000.3.5.1 updated
- libldap-2_4-2-2.4.46-150200.14.17.1 updated
- libldap-data-2.4.46-150200.14.17.1 updated
- liblognorm5-2.0.6-150000.3.3.1 updated
- libmetalink3-0.1.3-150000.3.2.1 updated
- libmount1-2.36.2-150300.4.44.12 updated
- libncurses6-6.1-150000.5.24.1 updated
- libnghttp2-14-1.40.0-150200.17.1 updated
- libns1604-9.16.6-150300.22.47.1 updated
- libonig4-6.7.0-150000.3.6.1 updated
- libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 updated
- libopenssl1_1-1.1.1d-150200.11.91.1 updated
- libparted0-3.2-150300.21.3.1 updated
- libpci3-3.5.6-150300.13.6.1 updated
- libpcre2-8-0-10.31-150000.3.15.1 updated
- libprocps8-3.3.17-150000.7.39.1 added
- libprotobuf-c1-1.3.2-150200.3.9.1 added
- libprotobuf-lite20-3.9.2-150200.4.21.1 updated
- libpython3_6m1_0-3.6.15-150300.10.65.1 updated
- libqrencode4-4.1.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.44.12 updated
- libsolv-tools-base-0.7.29-150200.34.1 added
- libsolv-tools-0.7.29-150200.34.1 updated
- libsqlite3-0-3.44.0-150000.3.23.1 updated
- libssh-config-0.9.8-150200.13.6.2 added
- libssh4-0.9.8-150200.13.6.2 updated
- libstdc++6-13.3.0+git8781-150000.1.12.1 updated
- libtirpc-netconfig-1.3.4-150300.3.23.1 updated
- libtirpc3-1.3.4-150300.3.23.1 updated
- libuuid1-2.36.2-150300.4.44.12 updated
- libuv1-1.18.0-150000.3.2.1 updated
- libxml2-2-2.9.7-150000.3.70.1 updated
- libxslt1-1.1.32-150000.3.14.1 added
- libyajl2-2.1.0-150000.4.6.1 updated
- libz1-1.2.11-150000.3.48.1 updated
- libzypp-17.34.1-150200.106.2 updated
- login_defs-4.8.1-150300.4.18.1 updated
- ncurses-utils-6.1-150000.5.24.1 updated
- netcfg-11.6-150000.3.6.1 updated
- nfs-client-2.1.1-150100.10.37.1 updated
- open-iscsi-2.1.7-150300.32.24.1 updated
- openssh-clients-8.4p1-150300.3.37.1 updated
- openssh-common-8.4p1-150300.3.37.1 updated
- openssh-server-8.4p1-150300.3.37.1 updated
- openssh-8.4p1-150300.3.37.1 updated
- openssl-1_1-1.1.1d-150200.11.91.1 updated
- pam-config-1.1-150200.3.6.1 updated
- pam-1.3.0-150000.6.66.1 updated
- parted-3.2-150300.21.3.1 updated
- pciutils-3.5.6-150300.13.6.1 updated
- perl-Bootloader-0.945-150300.3.12.1 updated
- perl-base-5.26.1-150300.17.17.1 updated
- perl-5.26.1-150300.17.17.1 updated
- procps-3.3.17-150000.7.39.1 updated
- python-azure-agent-config-server-2.9.1.1-150400.3.41.1 added
- python-azure-agent-2.9.1.1-150400.3.41.1 updated
- python-instance-billing-flavor-check-0.0.6-150400.1.11.7 added
- python3-Jinja2-2.10.1-150000.3.13.1 updated
- python3-PyJWT-2.4.0-150200.3.8.1 updated
- python3-apipkg-1.4-150000.3.6.1 updated
- python3-attrs-19.3.0-150200.3.6.1 updated
- python3-base-3.6.15-150300.10.65.1 updated
- python3-bind-9.16.6-150300.22.47.1 updated
- python3-blinker-1.4-150000.3.6.1 updated
- python3-chardet-3.0.4-150000.5.3.1 updated
- python3-configobj-5.0.6-150000.3.3.1 updated
- python3-cryptography-3.3.2-150200.22.1 updated
- python3-cssselect-1.0.3-150400.3.7.4 added
- python3-idna-2.6-150000.3.3.1 updated
- python3-importlib-metadata-1.5.0-150100.3.5.1 updated
- python3-iniconfig-1.1.1-150000.1.11.1 updated
- python3-jsonpatch-1.23-150100.3.5.1 updated
- python3-jsonpointer-1.14-150000.3.2.1 updated
- python3-jsonschema-3.2.0-150200.9.5.1 updated
- python3-lxml-4.7.1-150200.3.12.1 added
- python3-netifaces-0.10.6-150000.3.2.1 updated
- python3-oauthlib-2.0.6-150000.3.6.1 updated
- python3-passlib-1.7.4-150300.3.2.1 added
- python3-ply-3.10-150000.3.5.1 updated
- python3-pyasn1-0.4.2-150000.3.5.1 updated
- python3-pyrsistent-0.14.4-150100.3.4.1 updated
- python3-pyserial-3.4-150000.3.4.1 updated
- python3-requests-2.25.1-150300.3.12.2 updated
- python3-urllib3-1.25.10-150300.4.12.1 updated
- python3-zipp-0.6.0-150100.3.5.1 updated
- python3-3.6.15-150300.10.65.2 updated
- rsyslog-module-relp-8.2106.0-150200.4.43.2 updated
- rsyslog-8.2106.0-150200.4.43.2 updated
- runc-1.1.13-150000.67.1 updated
- samba-client-libs-4.15.13+git.710.7032820fcd-150300.3.66.2 updated
- sed-4.4-150300.13.3.1 updated
- shadow-4.8.1-150300.4.18.1 updated
- shim-15.8-150300.4.20.2 updated
- sle-module-containers-release-15.3-150300.58.3.2 updated
- sudo-1.9.5p2-150300.3.33.1 updated
- supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 updated
- supportutils-3.1.30-150300.7.35.30.1 updated
- suse-build-key-12.0-150000.8.49.2 updated
- suse-module-tools-15.3.18-150300.3.25.1 updated
- suseconnect-ng-1.11.0-150100.3.33.2 added
- systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated
- systemd-default-settings-0.10-150300.3.7.1 updated
- systemd-presets-branding-SLE-15.1-150100.20.14.1 updated
- systemd-presets-common-SUSE-15-150100.8.23.1 updated
- tar-1.34-150000.3.34.1 updated
- terminfo-base-6.1-150000.5.24.1 updated
- terminfo-6.1-150000.5.24.1 updated
- timezone-2024a-150000.75.28.1 updated
- util-linux-systemd-2.36.2-150300.4.44.11 updated
- util-linux-2.36.2-150300.4.44.12 updated
- vim-data-common-9.1.0330-150000.5.63.1 updated
- vim-9.1.0330-150000.5.63.1 updated
- wget-1.20.3-150000.3.20.1 updated
- wicked-service-0.6.76-150300.4.35.1 updated
- wicked-0.6.76-150300.4.35.1 updated
- xen-libs-4.14.6_16-150300.3.75.1 updated
- zypper-1.14.73-150200.81.6 updated
- SUSEConnect-0.3.36-150300.20.6.1 removed
- fdupes-1.61-1.452 removed
- libprocps7-3.3.15-150000.7.31.1 removed
- libruby2_5-2_5-2.5.9-150000.4.26.1 removed
- libyaml-0-2-0.1.7-1.17 removed
- ruby-common-2.1-3.15 removed
- ruby2.5-2.5.9-150000.4.26.1 removed
- ruby2.5-rubygem-gem2rpm-0.10.1-3.45 removed
- ruby2.5-stdlib-2.5.9-150000.4.26.1 removed
- samba-libs-4.15.13+git.636.53d93c5b9d6-150300.3.52.1 removed
- sysfsutils-2.1.0-3.3.1 removed
- xxd-9.0.1443-150000.5.43.1 removed
- zypper-migration-plugin-0.12.1618498507.b68ecea-1.1 removed
More information about the sle-container-updates
mailing list