From sle-container-updates at lists.suse.com Mon Dec 2 12:18:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:18:23 +0100 (CET) Subject: SUSE-CU-2024:5951-1: Security update of suse/pcp Message-ID: <20241202121823.6008CFD85@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5951-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-40.4 , suse/pcp:latest Container Release : 40.4 Severity : moderate Type : security References : 1219724 CVE-2024-24806 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4109-1 Released: Thu Nov 28 17:15:36 2024 Summary: Security update for libuv Type: security Severity: moderate References: 1219724,CVE-2024-24806 This update for libuv fixes the following issues: - CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724) The following package changes have been done: - libuv1-1.44.2-150500.3.5.1 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:18:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:18:25 +0100 (CET) Subject: SUSE-IU-2024:1591-1: Recommended update of containers/apache-tomcat Message-ID: <20241202121825.17A8DFD85@maintenance.suse.de> SUSE Image Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1591-1 Image Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1-openjdk17-8.5 , containers/apache-tomcat:10.1.25-openjdk17 , containers/apache-tomcat:10.1.25-openjdk17-8.5 Image Release : 8.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:bci-bci-base-15.6-5e115737ddaf4439a9195f5a529adfaae4b4edd662ad49662a36df1f53ed1642-0 updated - container:registry.suse.com-bci-bci-micro-15.6-5e115737ddaf4439a9195f5a529adfaae4b4edd662ad49662a36df1f53ed1642-0 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:18:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:18:28 +0100 (CET) Subject: SUSE-IU-2024:1640-1: Security update of containers/apache-tomcat Message-ID: <20241202121828.9F30EFD85@maintenance.suse.de> SUSE Image Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1640-1 Image Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11-56.1 Image Release : 56.1 Severity : moderate Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.3.1 added From sle-container-updates at lists.suse.com Mon Dec 2 12:18:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:18:29 +0100 (CET) Subject: SUSE-IU-2024:1650-1: Recommended update of containers/apache-tomcat Message-ID: <20241202121829.53B1AFD85@maintenance.suse.de> SUSE Image Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1650-1 Image Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11-57.3 Image Release : 57.3 Severity : moderate Type : recommended References : 1231833 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3865-1 Released: Fri Nov 1 16:10:37 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1231833 This update for gcc14 fixes the following issues: - Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.6.1 updated - libstdc++6-14.2.0+git10526-150000.1.6.1 updated - container:bci-bci-base-15.6-9f77af222d3839b51642d1cba74bedd918f0532d7a63584b6cc9144a6d8fa7e6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-9f77af222d3839b51642d1cba74bedd918f0532d7a63584b6cc9144a6d8fa7e6-0 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:18:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:18:33 +0100 (CET) Subject: SUSE-IU-2024:1849-1: Security update of containers/apache-tomcat Message-ID: <20241202121833.97EC0FD85@maintenance.suse.de> SUSE Image Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1849-1 Image Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11-57.9 Image Release : 57.9 Severity : moderate Type : security References : 1220262 1230972 1232528 CVE-2023-50782 CVE-2024-9681 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3896-1 Released: Mon Nov 4 12:08:29 2024 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1230972 This update for shadow fixes the following issues: - Add useradd warnings when requested UID is outside the default range (bsc#1230972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3925-1 Released: Wed Nov 6 11:14:28 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3943-1 Released: Thu Nov 7 11:12:00 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.3.1 added - libopenssl3-3.1.4-150600.5.21.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated - libcurl4-8.6.0-150600.4.12.1 updated - login_defs-4.8.1-150600.17.9.1 updated - shadow-4.8.1-150600.17.9.1 updated - curl-8.6.0-150600.4.12.1 updated - openssl-3-3.1.4-150600.5.21.1 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:18:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:18:34 +0100 (CET) Subject: SUSE-IU-2024:1876-1: Recommended update of containers/apache-tomcat Message-ID: <20241202121834.D130EFD85@maintenance.suse.de> SUSE Image Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1876-1 Image Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11-59.3 Image Release : 59.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.3.1 added - patterns-base-fips-20200124-150600.32.3.2 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:18:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:18:42 +0100 (CET) Subject: SUSE-IU-2024:1879-1: Recommended update of containers/apache-tomcat Message-ID: <20241202121842.EC06DFD9F@maintenance.suse.de> SUSE Image Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1879-1 Image Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.91-openjdk11 , containers/apache-tomcat:9.0.91-openjdk11-59.3 Image Release : 59.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.3.1 added - patterns-base-fips-20200124-150600.32.3.2 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:18:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:18:38 +0100 (CET) Subject: SUSE-IU-2024:1909-1: Security update of containers/apache-tomcat Message-ID: <20241202121838.0B387FD9A@maintenance.suse.de> SUSE Image Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1909-1 Image Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.33-openjdk21 , containers/apache-tomcat:10.1.33-openjdk21-59.4 Image Release : 59.4 Severity : important Type : security References : 1227298 1228046 1228047 1228048 1228051 1228052 1231702 1231711 1231716 1231719 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21145 CVE-2024-21147 CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2578-1 Released: Mon Jul 22 12:36:15 2024 Summary: Security update for java-21-openjdk Type: security Severity: important References: 1227298,1228046,1228047,1228048,1228051,1228052,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21145,CVE-2024-21147 This update for java-21-openjdk fixes the following issues: Updated to version 21.0.4+7 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3954-1 Released: Fri Nov 8 14:10:00 2024 Summary: Security update for java-21-openjdk Type: security Severity: moderate References: 1231702,1231711,1231716,1231719,CVE-2024-21208,CVE-2024-21210,CVE-2024-21217,CVE-2024-21235 This update for java-21-openjdk fixes the following issues: - Update to upstream tag jdk-21.0.5+13 (October 2024 CPU) * Security fixes + JDK-8307383: Enhance DTLS connections + JDK-8311208: Improve CDS Support + JDK-8328286, CVE-2024-21208, bsc#1231702: Enhance HTTP client + JDK-8328544, CVE-2024-21210, bsc#1231711: Improve handling of vectorization + JDK-8328726: Better Kerberos support + JDK-8331446, CVE-2024-21217, bsc#1231716: Improve deserialization support + JDK-8332644, CVE-2024-21235, bsc#1231719: Improve graph optimizations + JDK-8335713: Enhance vectorization analysis * Other changes + JDK-6355567: AdobeMarkerSegment causes failure to read valid JPEG + JDK-6967482: TAB-key does not work in JTables after selecting details-view in JFileChooser + JDK-7022325: TEST_BUG: test/java/util/zip/ZipFile/ /ReadLongZipFileName.java leaks files if it fails + JDK-8051959: Add thread and timestamp options to java.security.debug system property + JDK-8073061: (fs) Files.copy(foo, bar, REPLACE_EXISTING) deletes bar even if foo is not readable + JDK-8166352: FilePane.createDetailsView() removes JTable TAB, SHIFT-TAB functionality + JDK-8170817: G1: Returning MinTLABSize from unsafe_max_tlab_alloc causes TLAB flapping + JDK-8211847: [aix] java/lang/ProcessHandle/InfoTest.java fails: 'reported cputime less than expected' + JDK-8211854: [aix] java/net/ServerSocket/ /AcceptInheritHandle.java fails: read times out + JDK-8222884: ConcurrentClassDescLookup.java times out intermittently + JDK-8238169: BasicDirectoryModel getDirectories and DoChangeContents.run can deadlock + JDK-8241550: [macOS] SSLSocketImpl/ReuseAddr.java failed due to 'BindException: Address already in use' + JDK-8242564: javadoc crashes:: class cast exception com.sun.tools.javac.code.Symtab$6 + JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/ /MouseEventAfterStartDragTest.html test failed + JDK-8261433: Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit + JDK-8269428: java/util/concurrent/ConcurrentHashMap/ /ToArray.java timed out + JDK-8269657: Test java/nio/channels/DatagramChannel/ /Loopback.java failed: Unexpected message + JDK-8280120: [IR Framework] Add attribute to @IR to enable/disable IR matching based on the architecture + JDK-8280392: java/awt/Focus/NonFocusableWindowTest/ /NonfocusableOwnerTest.java failed with 'RuntimeException: Test failed.' + JDK-8280988: [XWayland] Click on title to request focus test failures + JDK-8280990: [XWayland] XTest emulated mouse click does not bring window to front + JDK-8283223: gc/stringdedup/TestStringDeduplicationFullGC.java #Parallel failed with 'RuntimeException: String verification failed' + JDK-8287325: AArch64: fix virtual threads with -XX:UseBranchProtection=pac-ret + JDK-8291809: Convert compiler/c2/cr7200264/TestSSE2IntVect.java to IR verification test + JDK-8294148: Support JSplitPane for instructions and test UI + JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl when connection is idle + JDK-8299487: Test java/net/httpclient/whitebox/ /SSLTubeTestDriver.java timed out + JDK-8299790: os::print_hex_dump is racy + JDK-8299813: java/nio/channels/DatagramChannel/Disconnect.java fails with jtreg test timeout due to lost datagram + JDK-8301686: TLS 1.3 handshake fails if server_name doesn't match resuming session + JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test + JDK-8305072: Win32ShellFolder2.compareTo is inconsistent + JDK-8305825: getBounds API returns wrong value resulting in multiple Regression Test Failures on Ubuntu 23.04 + JDK-8307193: Several Swing jtreg tests use class.forName on L&F classes + JDK-8307352: AARCH64: Improve itable_stub + JDK-8307778: com/sun/jdi/cds tests fail with jtreg's Virtual test thread factory + JDK-8307788: vmTestbase/gc/gctests/LargeObjects/large003/ /TestDescription.java timed out + JDK-8308286: Fix clang warnings in linux code + JDK-8308660: C2 compilation hits 'node must be dead' assert + JDK-8309067: gtest/AsyncLogGtest.java fails again in stderrOutput_vm + JDK-8309621: [XWayland][Screencast] screen capture failure with sun.java2d.uiScale other than 1 + JDK-8309685: Fix -Wconversion warnings in assembler and register code + JDK-8309894: compiler/vectorapi/ /VectorLogicalOpIdentityTest.java fails on SVE system with UseSVE=0 + JDK-8310072: JComboBox/DisabledComboBoxFontTestAuto: Enabled and disabled ComboBox does not match in these LAFs: GTK+ + JDK-8310108: Skip ReplaceCriticalClassesForSubgraphs when EnableJVMCI is specified + JDK-8310201: Reduce verbose locale output in -XshowSettings launcher option + JDK-8310334: [XWayland][Screencast] screen capture error message in debug + JDK-8310628: GcInfoBuilder.c missing JNI Exception checks + JDK-8310683: Refactor StandardCharset/standard.java to use JUnit + JDK-8310906: Fix -Wconversion warnings in runtime, oops and some code header files. + JDK-8311306: Test com/sun/management/ThreadMXBean/ /ThreadCpuTimeArray.java failed: out of expected range + JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin + JDK-8311989: Test java/lang/Thread/virtual/Reflection.java timed out + JDK-8312049: runtime/logging/ClassLoadUnloadTest can be improved + JDK-8312111: open/test/jdk/java/awt/Robot/ModifierRobotKey/ /ModifierRobotKeyTest.java fails on ubuntu 23.04 + JDK-8312140: jdk/jshell tests failed with JDI socket timeouts + JDK-8312200: Fix Parse::catch_call_exceptions memory leak + JDK-8312229: Crash involving yield, switch and anonymous classes + JDK-8313674: (fc) java/nio/channels/FileChannel/ /BlockDeviceSize.java should test for more block devices + JDK-8313697: [XWayland][Screencast] consequent getPixelColor calls are slow + JDK-8313983: jmod create --target-platform should replace existing ModuleTarget attribute + JDK-8314163: os::print_hex_dump prints incorrectly for big endian platforms and unit sizes larger than 1 + JDK-8314225: SIGSEGV in JavaThread::is_lock_owned + JDK-8314515: java/util/concurrent/SynchronousQueue/ /Fairness.java failed with 'Error: fair=false i=8 j=0' + JDK-8314614: jdk/jshell/ImportTest.java failed with 'InternalError: Failed remote listen' + JDK-8315024: Vector API FP reduction tests should not test for exact equality + JDK-8315031: YoungPLABSize and OldPLABSize not aligned by ObjectAlignmentInBytes + JDK-8315422: getSoTimeout() would be in try block in SSLSocketImpl + JDK-8315505: CompileTask timestamp printed can overflow + JDK-8315576: compiler/codecache/CodeCacheFullCountTest.java fails after JDK-8314837 + JDK-8315804: Open source several Swing JTabbedPane JTextArea JTextField tests + JDK-8315923: pretouch_memory by atomic-add-0 fragments huge pages unexpectedly + JDK-8315965: Open source various AWT applet tests + JDK-8315969: compiler/rangechecks/ /TestRangeCheckHoistingScaledIV.java: make flagless + JDK-8316104: Open source several Swing SplitPane and RadioButton related tests + JDK-8316131: runtime/cds/appcds/TestParallelGCWithCDS.java fails with JNI error + JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak + JDK-8316211: Open source several manual applet tests + JDK-8316240: Open source several add/remove MenuBar manual tests + JDK-8316285: Opensource JButton manual tests + JDK-8316306: Open source and convert manual Swing test + JDK-8316328: Test jdk/jfr/event/oldobject/ /TestSanityDefault.java times out for some heap sizes + JDK-8316361: C2: assert(!failure) failed: Missed optimization opportunity in PhaseIterGVN with -XX:VerifyIterativeGVN=10 + JDK-8316389: Open source few AWT applet tests + JDK-8316756: C2 EA fails with 'missing memory path' when encountering unsafe_arraycopy stub call + JDK-8317112: Add screenshot for Frame/DefaultSizeTest.java + JDK-8317128: java/nio/file/Files/CopyAndMove.java failed with AccessDeniedException + JDK-8317240: Promptly free OopMapEntry after fail to insert the entry to OopMapCache + JDK-8317288: [macos] java/awt/Window/Grab/GrabTest.java: Press on the outside area didn't cause ungrab + JDK-8317299: safepoint scalarization doesn't keep track of the depth of the JVM state + JDK-8317360: Missing null checks in JfrCheckpointManager and JfrStringPool initialization routines + JDK-8317372: Refactor some NumberFormat tests to use JUnit + JDK-8317446: ProblemList gc/arguments/TestNewSizeFlags.java on macosx-aarch64 in Xcomp + JDK-8317449: ProblemList serviceability/jvmti/stress/ /StackTrace/NotSuspended/ /GetStackTraceNotSuspendedStressTest.java on several platforms + JDK-8317635: Improve GetClassFields test to verify correctness of field order + JDK-8317696: Fix compilation with clang-16 + JDK-8317738: CodeCacheFullCountTest failed with 'VirtualMachineError: Out of space in CodeCache for method handle intrinsic' + JDK-8317831: compiler/codecache/CheckLargePages.java fails on OL 8.8 with unexpected memory string + JDK-8318071: IgnoreUnrecognizedVMOptions flag still causes failure in ArchiveHeapTestClass + JDK-8318479: [jmh] the test security.CacheBench failed for multiple threads run + JDK-8318605: Enable parallelism in vmTestbase/nsk/stress/stack tests + JDK-8319197: Exclude hb-subset and hb-style from compilation + JDK-8319406: x86: Shorter movptr(reg, imm) for 32-bit immediates + JDK-8319773: Avoid inflating monitors when installing hash codes for LM_LIGHTWEIGHT + JDK-8319793: C2 compilation fails with 'Bad graph detected in build_loop_late' after JDK-8279888 + JDK-8319817: Charset constructor should make defensive copy of aliases + JDK-8319818: Address GCC 13.2.0 warnings (stringop-overflow and dangling-pointer) + JDK-8320079: The ArabicBox.java test has no control buttons + JDK-8320212: Disable GCC stringop-overflow warning for affected files + JDK-8320379: C2: Sort spilling/unspilling sequence for better ld/st merging into ldp/stp on AArch64 + JDK-8320602: Lock contention in SchemaDVFactory.getInstance() + JDK-8320608: Many jtreg printing tests are missing the @printer keyword + JDK-8320655: awt screencast robot spin and sync issues with native libpipewire api + JDK-8320675: PrinterJob/SecurityDialogTest.java hangs + JDK-8320945: problemlist tests failing on latest Windows 11 update + JDK-8321025: Enable Neoverse N1 optimizations for Neoverse V2 + JDK-8321176: [Screencast] make a second attempt on screencast failure + JDK-8321206: Make Locale related system properties `StaticProperty` + JDK-8321220: JFR: RecordedClass reports incorrect modifiers + JDK-8321278: C2: Partial peeling fails with assert 'last_peel <- first_not_peeled' + JDK-8321509: False positive in get_trampoline fast path causes crash + JDK-8321933: TestCDSVMCrash.java spawns two processes + JDK-8322008: Exclude some CDS tests from running with -Xshare:off + JDK-8322062: com/sun/jdi/JdwpAllowTest.java does not performs negative testing with prefix length + JDK-8322330: JavadocHelperTest.java OOMEs with Parallel GC and ZGC + JDK-8322726: C2: Unloaded signature class kills argument value + JDK-8322743: C2: prevent lock region elimination in OSR compilation + JDK-8322766: Micro bench SSLHandshake should use default algorithms + JDK-8322881: java/nio/file/Files/CopyMoveVariations.java fails with AccessDeniedException due to permissions of files in /tmp + JDK-8322971: KEM.getInstance() should check if a 3rd-party security provider is signed + JDK-8322996: BoxLockNode creation fails with assert(reg < CHUNK_SIZE) failed: sanity + JDK-8323122: AArch64: Increase itable stub size estimate + JDK-8323196: jdk/jfr/api/consumer/filestream/TestOrdered.java failed with 'Events are not ordered! Reuse = false' + JDK-8323274: C2: array load may float above range check + JDK-8323552: AbstractMemorySegmentImpl#mismatch returns -1 when comparing distinct areas of the same instance of MemorySegment + JDK-8323577: C2 SuperWord: remove AlignVector restrictions on IR tests added in JDK-8305055 + JDK-8323584: AArch64: Unnecessary ResourceMark in NativeCall::set_destination_mt_safe + JDK-8323670: A few client tests intermittently throw ConcurrentModificationException + JDK-8323682: C2: guard check is not generated in Arrays.copyOfRange intrinsic when allocation is eliminated by EA + JDK-8323782: Race: Thread::interrupt vs. AbstractInterruptibleChannel.begin + JDK-8323801: tag doesn't strikethrough the text + JDK-8323972: C2 compilation fails with assert(!x->as_Loop()->is_loop_nest_inner_loop()) failed: loop was transformed + JDK-8324174: assert(m->is_entered(current)) failed: invariant + JDK-8324577: [REDO] - [IMPROVE] OPEN_MAX is no longer the max limit on macOS >= 10.6 for RLIMIT_NOFILE + JDK-8324580: SIGFPE on THP initialization on kernels < 4.10 + JDK-8324641: [IR Framework] Add Setup method to provide custom arguments and set fields + JDK-8324668: JDWP process management needs more efficient file descriptor handling + JDK-8324755: Enable parallelism in vmTestbase/gc/gctests/LargeObjects tests + JDK-8324781: runtime/Thread/TestAlwaysPreTouchStacks.java failed with Expected a higher ratio between stack committed and reserved + JDK-8324808: Manual printer tests have no Pass/Fail buttons, instructions close set 3 + JDK-8324969: C2: prevent elimination of unbalanced coarsened locking regions + JDK-8324983: Race in CompileBroker::possibly_add_compiler_threads + JDK-8325022: Incorrect error message on client authentication + JDK-8325037: x86: enable and fix hotspot/jtreg/compiler/vectorization/TestRoundVectFloat.java + JDK-8325083: jdk/incubator/vector/Double512VectorTests.java crashes in Assembler::vex_prefix_and_encode + JDK-8325179: Race in BasicDirectoryModel.validateFileCache + JDK-8325218: gc/parallel/TestAlwaysPreTouchBehavior.java fails + JDK-8325382: (fc) FileChannel.transferTo throws IOException when position equals size + JDK-8325384: sun/security/ssl/SSLSessionImpl/ /ResumptionUpdateBoundValues.java failing intermittently when main thread is a virtual thread + JDK-8325469: Freeze/Thaw code can crash in the presence of OSR frames + JDK-8325494: C2: Broken graph after not skipping CastII node anymore for Assertion Predicates after JDK-8309902 + JDK-8325520: Vector loads and stores with indices and masks incorrectly compiled + JDK-8325542: CTW: Runner can produce negative StressSeed + JDK-8325587: Shenandoah: ShenandoahLock should allow blocking in VM + JDK-8325616: JFR ZGC Allocation Stall events should record stack traces + JDK-8325620: HTMLReader uses ConvertAction instead of specified CharacterAction for , , + JDK-8325754: Dead AbstractQueuedSynchronizer$ConditionNodes survive minor garbage collections + JDK-8325763: Revert properties: vm.opt.x.* + JDK-8326106: Write and clear stack trace table outside of safepoint + JDK-8326129: Java Record Pattern Match leads to infinite loop + JDK-8326332: Unclosed inline tags cause misalignment in summary tables + JDK-8326717: Disable stringop-overflow in shenandoahLock.cpp + JDK-8326734: text-decoration applied to lost when mixed with or + JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails + JDK-8327040: Problemlist ActionListenerCalledTwiceTest.java test failing in macos14 + JDK-8327137: Add test for ConcurrentModificationException in BasicDirectoryModel + JDK-8327401: Some jtreg tests fail on Wayland without any tracking bug + JDK-8327423: C2 remove_main_post_loops: check if main-loop belongs to pre-loop, not just assert + JDK-8327424: ProblemList serviceability/sa/TestJmapCore.java on all platforms with ZGC + JDK-8327501: Common ForkJoinPool prevents class unloading in some cases + JDK-8327650: Test java/nio/channels/DatagramChannel/ /StressNativeSignal.java timed out + JDK-8327787: Convert javax/swing/border/Test4129681.java applet test to main + JDK-8327840: Automate javax/swing/border/Test4129681.java + JDK-8327990: [macosx-aarch64] Various tests fail with -XX:+AssertWXAtThreadSync + JDK-8328011: Convert java/awt/Frame/GetBoundsResizeTest/ /GetBoundsResizeTest.java applet test to main + JDK-8328075: Shenandoah: Avoid forwarding when objects don't move in full-GC + JDK-8328110: Allow simultaneous use of PassFailJFrame with split UI and additional windows + JDK-8328115: Convert java/awt/font/TextLayout/ /TestJustification.html applet test to main + JDK-8328158: Convert java/awt/Choice/NonFocusablePopupMenuTest to automatic main test + JDK-8328218: Delete test java/awt/Window/FindOwner/FindOwner.html + JDK-8328234: Remove unused nativeUtils files + JDK-8328238: Convert few closed manual applet tests to main + JDK-8328269: NonFocusablePopupMenuTest.java should be marked as headful + JDK-8328273: sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java failed with java.rmi.server.ExportException: Port already in use + JDK-8328366: Thread.setContextClassloader from thread in FJP commonPool task no longer works after JDK-8327501 + JDK-8328560: java/awt/event/MouseEvent/ClickDuringKeypress/ /ClickDuringKeypress.java imports Applet + JDK-8328561: test java/awt/Robot/ManualInstructions/ /ManualInstructions.java isn't used + JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main + JDK-8328647: TestGarbageCollectorMXBean.java fails with C1-only and -Xcomp + JDK-8328697: SubMenuShowTest and SwallowKeyEvents tests stabilization + JDK-8328785: IOException: Symbol not found: C_GetInterface for PKCS11 interface prior to V3.0 + JDK-8328896: Fontmetrics for large Fonts has zero width + JDK-8328953: JEditorPane.read throws ChangedCharSetException + JDK-8328999: Update GIFlib to 5.2.2 + JDK-8329004: Update Libpng to 1.6.43 + JDK-8329088: Stack chunk thawing races with concurrent GC stack iteration + JDK-8329103: assert(!thread->in_asgct()) failed during multi-mode profiling + JDK-8329126: No native wrappers generated anymore with -XX:-TieredCompilation after JDK-8251462 + JDK-8329134: Reconsider TLAB zapping + JDK-8329258: TailCall should not use frame pointer register for jump target + JDK-8329510: Update ProblemList for JFileChooser/8194044/FileSystemRootTest.java + JDK-8329559: Test javax/swing/JFrame/bug4419914.java failed because The End and Start buttons are not placed correctly and Tab focus does not move as expected + JDK-8329665: fatal error: memory leak: allocating without ResourceMark + JDK-8329667: [macos] Issue with JTree related fix for JDK-8317771 + JDK-8329995: Restricted access to `/proc` can cause JFR initialization to crash + JDK-8330027: Identity hashes of archived objects must be based on a reproducible random seed + JDK-8330063: Upgrade jQuery to 3.7.1 + JDK-8330133: libj2pkcs11.so crashes on some pkcs#11 v3.0 libraries + JDK-8330146: assert(!_thread->is_in_any_VTMS_transition()) failed + JDK-8330520: linux clang build fails in os_linux.cpp with static_assert with no message is a C++17 extension + JDK-8330576: ZYoungCompactionLimit should have range check + JDK-8330611: AES-CTR vector intrinsic may read out of bounds (x86_64, AVX-512) + JDK-8330748: ByteArrayOutputStream.writeTo(OutputStream) pins carrier + JDK-8330814: Cleanups for KeepAliveCache tests + JDK-8330819: C2 SuperWord: bad dominance after pre-loop limit adjustment with base that has CastLL after pre-loop + JDK-8330849: Add test to verify memory usage with recursive locking + JDK-8330981: ZGC: Should not dedup strings in the finalizer graph + JDK-8331011: [XWayland] TokenStorage fails under Security Manager + JDK-8331063: Some HttpClient tests don't report leaks + JDK-8331077: nroff man page update for jar tool + JDK-8331142: Add test for number of loader threads in BasicDirectoryModel + JDK-8331153: JFR: Improve logging of jdk/jfr/api/consumer/filestream/TestOrdered.java + JDK-8331164: createJMHBundle.sh download jars fail when url needed to be redirected + JDK-8331266: Bump update version for OpenJDK: jdk-21.0.5 + JDK-8331405: Shenandoah: Optimize ShenandoahLock with TTAS + JDK-8331411: Shenandoah: Reconsider spinning duration in ShenandoahLock + JDK-8331421: ubsan: vmreg.cpp checking error member call on misaligned address + JDK-8331495: Limit BasicDirectoryModel/LoaderThreadCount.java to Windows only + JDK-8331518: Tests should not use the 'Classpath' exception form of the legal header + JDK-8331572: Allow using OopMapCache outside of STW GC phases + JDK-8331573: Rename CollectedHeap::is_gc_active to be explicitly about STW GCs + JDK-8331575: C2: crash when ConvL2I is split thru phi at LongCountedLoop + JDK-8331605: jdk/test/lib/TestMutuallyExclusivePlatformPredicates.java test failure + JDK-8331626: unsafe.cpp:162:38: runtime error in index_oop_from_field_offset_long - applying non-zero offset 4563897424 to null pointer + JDK-8331714: Make OopMapCache installation lock-free + JDK-8331731: ubsan: relocInfo.cpp:155:30: runtime error: applying non-zero offset to null pointer + JDK-8331746: Create a test to verify that the cmm id is not ignored + JDK-8331771: ZGC: Remove OopMapCacheAlloc_lock ordering workaround + JDK-8331789: ubsan: deoptimization.cpp:403:29: runtime error: load of value 208, which is not a valid value for type 'bool' + JDK-8331798: Remove unused arg of checkErgonomics() in TestMaxHeapSizeTools.java + JDK-8331854: ubsan: copy.hpp:218:10: runtime error: addition of unsigned offset to 0x7fc2b4024518 overflowed to 0x7fc2b4024510 + JDK-8331863: DUIterator_Fast used before it is constructed + JDK-8331885: C2: meet between unloaded and speculative types is not symmetric + JDK-8331931: JFR: Avoid loading regex classes during startup + JDK-8331999: BasicDirectoryModel/LoaderThreadCount.java frequently fails on Windows in CI + JDK-8332008: Enable issuestitle check + JDK-8332113: Update nsk.share.Log to be always verbose + JDK-8332154: Memory leak in SynchronousQueue + JDK-8332174: Remove 2 (unpaired) RLO Unicode characters in ff_Adlm.xml + JDK-8332248: (fc) java/nio/channels/FileChannel/ /BlockDeviceSize.java failed with RuntimeException + JDK-8332424: Update IANA Language Subtag Registry to Version 2024-05-16 + JDK-8332431: NullPointerException in JTable of SwingSet2 + JDK-8332473: ubsan: growableArray.hpp:290:10: runtime error: null pointer passed as argument 1, which is declared to never be null + JDK-8332490: JMH org.openjdk.bench.java.util.zip .InflaterInputStreams.inflaterInputStreamRead OOM + JDK-8332499: Gtest codestrings.validate_vm fail on linux x64 when hsdis is present + JDK-8332524: Instead of printing 'TLSv1.3,' it is showing 'TLS13' + JDK-8332589: ubsan: unix/native/libjava/ProcessImpl_md.c:562:5: runtime error: null pointer passed as argument 2, which is declared to never be null + JDK-8332675: test/hotspot/jtreg/gc/testlibrary/Helpers.java compileClass javadoc does not match after 8321812 + JDK-8332699: ubsan: jfrEventSetting.inline.hpp:31:43: runtime error: index 163 out of bounds for type 'jfrNativeEventSetting [162]' + JDK-8332717: ZGC: Division by zero in heuristics + JDK-8332720: ubsan: instanceKlass.cpp:3550:76: runtime error: member call on null pointer of type 'struct Array' + JDK-8332818: ubsan: archiveHeapLoader.cpp:70:27: runtime error: applying non-zero offset 18446744073707454464 to null pointer + JDK-8332825: ubsan: guardedMemory.cpp:35:11: runtime error: null pointer passed as argument 2, which is declared to never be null + JDK-8332885: Clarify failure_handler self-tests + JDK-8332894: ubsan: vmError.cpp:2090:26: runtime error: division by zero + JDK-8332898: failure_handler: log directory of commands + JDK-8332903: ubsan: opto/output.cpp:1002:18: runtime error: load of value 171, which is not a valid value for type 'bool' + JDK-8332904: ubsan ppc64le: c1_LIRGenerator_ppc.cpp:581:21: runtime error: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long int' + JDK-8332905: C2 SuperWord: bad AD file, with RotateRightV and first operand not a pack + JDK-8332920: C2: Partial Peeling is wrongly applied for CmpU with negative limit + JDK-8332935: Crash: assert(*lastPtr != 0) failed: Mismatched JNINativeInterface tables, check for new entries + JDK-8332936: Test vmTestbase/metaspace/gc/watermark_70_80/ /TestDescription.java fails with no GC's recorded + JDK-8332959: C2: ZGC fails with 'Incorrect load shift' when invoking Object.clone() reflectively on an array + JDK-8333088: ubsan: shenandoahAdaptiveHeuristics.cpp:245:44: runtime error: division by zero + JDK-8333093: Incorrect comment in zAddress_aarch64.cpp + JDK-8333099: Missing check for is_LoadVector in StoreNode::Identity + JDK-8333149: ubsan : memset on nullptr target detected in jvmtiEnvBase.cpp get_object_monitor_usage + JDK-8333178: ubsan: jvmti_tools.cpp:149:16: runtime error: null pointer passed as argument 2, which is declared to never be null + JDK-8333270: HandlersOnComplexResetUpdate and HandlersOnComplexUpdate tests fail with 'Unexpected reference' if timeoutFactor is less than 1/3 + JDK-8333277: ubsan: mlib_ImageScanPoly.c:292:43: runtime error: division by zero + JDK-8333353: Delete extra empty line in CodeBlob.java + JDK-8333354: ubsan: frame.inline.hpp:91:25: and src/hotspot/share/runtime/frame.inline.hpp:88:29: runtime error: member call on null pointer of type 'const struct SmallRegisterMap' + JDK-8333361: ubsan,test : libHeapMonitorTest.cpp:518:9: runtime error: null pointer passed as argument 2, which is declared to never be null + JDK-8333363: ubsan: instanceKlass.cpp: runtime error: member call on null pointer of type 'struct AnnotationArray' + JDK-8333366: C2: CmpU3Nodes are not pushed back to worklist in PhaseCCP leading to non-fixpoint assertion failure + JDK-8333398: Uncomment the commented test in test/jdk/java/ /util/jar/JarFile/mrjar/MultiReleaseJarAPI.java + JDK-8333462: Performance regression of new DecimalFormat() when compare to jdk11 + JDK-8333477: Delete extra empty spaces in Makefiles + JDK-8333542: Breakpoint in parallel code does not work + JDK-8333622: ubsan: relocInfo_x86.cpp:101:56: runtime error: pointer index expression with base (-1) overflowed + JDK-8333639: ubsan: cppVtables.cpp:81:55: runtime error: index 14 out of bounds for type 'long int [1]' + JDK-8333652: RISC-V: compiler/vectorapi/ /VectorGatherMaskFoldingTest.java fails when using RVV + JDK-8333716: Shenandoah: Check for disarmed method before taking the nmethod lock + JDK-8333724: Problem list security/infra/java/security/cert/ /CertPathValidator/certification/CAInterop.java #teliasonerarootcav1 + JDK-8333804: java/net/httpclient/ForbiddenHeadTest.java threw an exception with 0 failures + JDK-8333887: ubsan: unsafe.cpp:247:13: runtime error: store to null pointer of type 'volatile int' + JDK-8334078: RISC-V: TestIntVect.java fails after JDK-8332153 when running without RVV + JDK-8334123: log the opening of Type 1 fonts + JDK-8334166: Enable binary check + JDK-8334239: Introduce macro for ubsan method/function exclusions + JDK-8334297: (so) java/nio/channels/SocketChannel/OpenLeak.java should not depend on SecurityManager + JDK-8334332: TestIOException.java fails if run by root + JDK-8334333: MissingResourceCauseTestRun.java fails if run by root + JDK-8334339: Test java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java fails on alinux3 + JDK-8334418: Update IANA Language Subtag Registry to Version 2024-06-14 + JDK-8334421: assert(!oldbox->is_unbalanced()) failed: this should not be called for unbalanced region + JDK-8334482: Shenandoah: Deadlock when safepoint is pending during nmethods iteration + JDK-8334592: ProblemList serviceability/jvmti/stress/ /StackTrace/NotSuspended/ /GetStackTraceNotSuspendedStressTest.java in jdk21 on all platforms + JDK-8334594: Generational ZGC: Deadlock after OopMap rewrites in 8331572 + JDK-8334600: TEST java/net/MulticastSocket/IPMulticastIF.java fails on linux-aarch64 + JDK-8334618: ubsan: support setting additional ubsan check options + JDK-8334653: ISO 4217 Amendment 177 Update + JDK-8334769: Shenandoah: Move CodeCache_lock close to its use in ShenandoahConcurrentNMethodIterator + JDK-8334867: Add back assertion from JDK-8325494 + JDK-8335007: Inline OopMapCache table + JDK-8335134: Test com/sun/jdi/BreakpointOnClassPrepare.java timeout + JDK-8335150: Test LogGeneratedClassesTest.java fails on rpmbuild mock enviroment + JDK-8335237: ubsan: vtableStubs.hpp is_vtable_stub exclude from ubsan checks + JDK-8335283: Build failure due to 'no_sanitize' attribute directive ignored + JDK-8335409: Can't allocate and retain memory from resource area in frame::oops_interpreted_do oop closure after 8329665 + JDK-8335493: check_gc_overhead_limit should reset SoftRefPolicy::_should_clear_all_soft_refs + JDK-8335536: Fix assertion failure in IdealGraphPrinter when append is true + JDK-8335743: jhsdb jstack cannot print some information on the waiting thread + JDK-8335775: Remove extraneous 's' in comment of rawmonitor.cpp test file + JDK-8335904: Fix invalid comment in ShenandoahLock + JDK-8335967: 'text-decoration: none' does not work with 'A' HTML tags + JDK-8336284: Test TestClhsdbJstackLock.java/ TestJhsdbJstackLock.java fails with -Xcomp after JDK-8335743 + JDK-8336301: test/jdk/java/nio/channels/ /AsyncCloseAndInterrupt.java leaves around a FIFO file upon test completion + JDK-8336342: Fix known X11 library locations in sysroot + JDK-8336343: Add more known sysroot library locations for ALSA + JDK-8336926: jdk/internal/util/ReferencedKeyTest.java can fail with ConcurrentModificationException + JDK-8336928: GHA: Bundle artifacts removal broken + JDK-8337038: Test java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java shoud set as /native + JDK-8337283: configure.log is truncated when build dir is on different filesystem + JDK-8337622: IllegalArgumentException in java.lang.reflect.Field.get + JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs + JDK-8338139: {ClassLoading,Memory}MXBean::isVerbose methods are inconsistent with their setVerbose methods + JDK-8338286: GHA: Demote x86_32 to hotspot build only + JDK-8338696: (fs) BasicFileAttributes.creationTime() falls back to epoch if birth time is unavailable (Linux) + JDK-8339869: [21u] Test CreationTime.java fails with UnsatisfiedLinkError after 8334339 + JDK-8341057: Add 2 SSL.com TLS roots + JDK-8341059: Change Entrust TLS distrust date to November 12, 2024 + JDK-8341674: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.5 + JDK-8341989: [21u] Back out JDK-8327501 and JDK-8328366 The following package changes have been done: - java-21-openjdk-headless-21.0.5.0-150600.3.6.3 added - java-21-openjdk-21.0.5.0-150600.3.6.3 added - java-17-openjdk-17.0.13.0-150400.3.48.2 removed - java-17-openjdk-headless-17.0.13.0-150400.3.48.2 removed From sle-container-updates at lists.suse.com Mon Dec 2 12:18:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:18:48 +0100 (CET) Subject: SUSE-IU-2024:1913-1: Security update of containers/apache-tomcat Message-ID: <20241202121848.B63D8FDA2@maintenance.suse.de> SUSE Image Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1913-1 Image Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.97-openjdk21 , containers/apache-tomcat:9.0.97-openjdk21-59.4 Image Release : 59.4 Severity : important Type : security References : 1227298 1228046 1228047 1228048 1228051 1228052 1231702 1231711 1231716 1231719 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21145 CVE-2024-21147 CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2578-1 Released: Mon Jul 22 12:36:15 2024 Summary: Security update for java-21-openjdk Type: security Severity: important References: 1227298,1228046,1228047,1228048,1228051,1228052,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21145,CVE-2024-21147 This update for java-21-openjdk fixes the following issues: Updated to version 21.0.4+7 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3954-1 Released: Fri Nov 8 14:10:00 2024 Summary: Security update for java-21-openjdk Type: security Severity: moderate References: 1231702,1231711,1231716,1231719,CVE-2024-21208,CVE-2024-21210,CVE-2024-21217,CVE-2024-21235 This update for java-21-openjdk fixes the following issues: - Update to upstream tag jdk-21.0.5+13 (October 2024 CPU) * Security fixes + JDK-8307383: Enhance DTLS connections + JDK-8311208: Improve CDS Support + JDK-8328286, CVE-2024-21208, bsc#1231702: Enhance HTTP client + JDK-8328544, CVE-2024-21210, bsc#1231711: Improve handling of vectorization + JDK-8328726: Better Kerberos support + JDK-8331446, CVE-2024-21217, bsc#1231716: Improve deserialization support + JDK-8332644, CVE-2024-21235, bsc#1231719: Improve graph optimizations + JDK-8335713: Enhance vectorization analysis * Other changes + JDK-6355567: AdobeMarkerSegment causes failure to read valid JPEG + JDK-6967482: TAB-key does not work in JTables after selecting details-view in JFileChooser + JDK-7022325: TEST_BUG: test/java/util/zip/ZipFile/ /ReadLongZipFileName.java leaks files if it fails + JDK-8051959: Add thread and timestamp options to java.security.debug system property + JDK-8073061: (fs) Files.copy(foo, bar, REPLACE_EXISTING) deletes bar even if foo is not readable + JDK-8166352: FilePane.createDetailsView() removes JTable TAB, SHIFT-TAB functionality + JDK-8170817: G1: Returning MinTLABSize from unsafe_max_tlab_alloc causes TLAB flapping + JDK-8211847: [aix] java/lang/ProcessHandle/InfoTest.java fails: 'reported cputime less than expected' + JDK-8211854: [aix] java/net/ServerSocket/ /AcceptInheritHandle.java fails: read times out + JDK-8222884: ConcurrentClassDescLookup.java times out intermittently + JDK-8238169: BasicDirectoryModel getDirectories and DoChangeContents.run can deadlock + JDK-8241550: [macOS] SSLSocketImpl/ReuseAddr.java failed due to 'BindException: Address already in use' + JDK-8242564: javadoc crashes:: class cast exception com.sun.tools.javac.code.Symtab$6 + JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/ /MouseEventAfterStartDragTest.html test failed + JDK-8261433: Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit + JDK-8269428: java/util/concurrent/ConcurrentHashMap/ /ToArray.java timed out + JDK-8269657: Test java/nio/channels/DatagramChannel/ /Loopback.java failed: Unexpected message + JDK-8280120: [IR Framework] Add attribute to @IR to enable/disable IR matching based on the architecture + JDK-8280392: java/awt/Focus/NonFocusableWindowTest/ /NonfocusableOwnerTest.java failed with 'RuntimeException: Test failed.' + JDK-8280988: [XWayland] Click on title to request focus test failures + JDK-8280990: [XWayland] XTest emulated mouse click does not bring window to front + JDK-8283223: gc/stringdedup/TestStringDeduplicationFullGC.java #Parallel failed with 'RuntimeException: String verification failed' + JDK-8287325: AArch64: fix virtual threads with -XX:UseBranchProtection=pac-ret + JDK-8291809: Convert compiler/c2/cr7200264/TestSSE2IntVect.java to IR verification test + JDK-8294148: Support JSplitPane for instructions and test UI + JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl when connection is idle + JDK-8299487: Test java/net/httpclient/whitebox/ /SSLTubeTestDriver.java timed out + JDK-8299790: os::print_hex_dump is racy + JDK-8299813: java/nio/channels/DatagramChannel/Disconnect.java fails with jtreg test timeout due to lost datagram + JDK-8301686: TLS 1.3 handshake fails if server_name doesn't match resuming session + JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test + JDK-8305072: Win32ShellFolder2.compareTo is inconsistent + JDK-8305825: getBounds API returns wrong value resulting in multiple Regression Test Failures on Ubuntu 23.04 + JDK-8307193: Several Swing jtreg tests use class.forName on L&F classes + JDK-8307352: AARCH64: Improve itable_stub + JDK-8307778: com/sun/jdi/cds tests fail with jtreg's Virtual test thread factory + JDK-8307788: vmTestbase/gc/gctests/LargeObjects/large003/ /TestDescription.java timed out + JDK-8308286: Fix clang warnings in linux code + JDK-8308660: C2 compilation hits 'node must be dead' assert + JDK-8309067: gtest/AsyncLogGtest.java fails again in stderrOutput_vm + JDK-8309621: [XWayland][Screencast] screen capture failure with sun.java2d.uiScale other than 1 + JDK-8309685: Fix -Wconversion warnings in assembler and register code + JDK-8309894: compiler/vectorapi/ /VectorLogicalOpIdentityTest.java fails on SVE system with UseSVE=0 + JDK-8310072: JComboBox/DisabledComboBoxFontTestAuto: Enabled and disabled ComboBox does not match in these LAFs: GTK+ + JDK-8310108: Skip ReplaceCriticalClassesForSubgraphs when EnableJVMCI is specified + JDK-8310201: Reduce verbose locale output in -XshowSettings launcher option + JDK-8310334: [XWayland][Screencast] screen capture error message in debug + JDK-8310628: GcInfoBuilder.c missing JNI Exception checks + JDK-8310683: Refactor StandardCharset/standard.java to use JUnit + JDK-8310906: Fix -Wconversion warnings in runtime, oops and some code header files. + JDK-8311306: Test com/sun/management/ThreadMXBean/ /ThreadCpuTimeArray.java failed: out of expected range + JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin + JDK-8311989: Test java/lang/Thread/virtual/Reflection.java timed out + JDK-8312049: runtime/logging/ClassLoadUnloadTest can be improved + JDK-8312111: open/test/jdk/java/awt/Robot/ModifierRobotKey/ /ModifierRobotKeyTest.java fails on ubuntu 23.04 + JDK-8312140: jdk/jshell tests failed with JDI socket timeouts + JDK-8312200: Fix Parse::catch_call_exceptions memory leak + JDK-8312229: Crash involving yield, switch and anonymous classes + JDK-8313674: (fc) java/nio/channels/FileChannel/ /BlockDeviceSize.java should test for more block devices + JDK-8313697: [XWayland][Screencast] consequent getPixelColor calls are slow + JDK-8313983: jmod create --target-platform should replace existing ModuleTarget attribute + JDK-8314163: os::print_hex_dump prints incorrectly for big endian platforms and unit sizes larger than 1 + JDK-8314225: SIGSEGV in JavaThread::is_lock_owned + JDK-8314515: java/util/concurrent/SynchronousQueue/ /Fairness.java failed with 'Error: fair=false i=8 j=0' + JDK-8314614: jdk/jshell/ImportTest.java failed with 'InternalError: Failed remote listen' + JDK-8315024: Vector API FP reduction tests should not test for exact equality + JDK-8315031: YoungPLABSize and OldPLABSize not aligned by ObjectAlignmentInBytes + JDK-8315422: getSoTimeout() would be in try block in SSLSocketImpl + JDK-8315505: CompileTask timestamp printed can overflow + JDK-8315576: compiler/codecache/CodeCacheFullCountTest.java fails after JDK-8314837 + JDK-8315804: Open source several Swing JTabbedPane JTextArea JTextField tests + JDK-8315923: pretouch_memory by atomic-add-0 fragments huge pages unexpectedly + JDK-8315965: Open source various AWT applet tests + JDK-8315969: compiler/rangechecks/ /TestRangeCheckHoistingScaledIV.java: make flagless + JDK-8316104: Open source several Swing SplitPane and RadioButton related tests + JDK-8316131: runtime/cds/appcds/TestParallelGCWithCDS.java fails with JNI error + JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak + JDK-8316211: Open source several manual applet tests + JDK-8316240: Open source several add/remove MenuBar manual tests + JDK-8316285: Opensource JButton manual tests + JDK-8316306: Open source and convert manual Swing test + JDK-8316328: Test jdk/jfr/event/oldobject/ /TestSanityDefault.java times out for some heap sizes + JDK-8316361: C2: assert(!failure) failed: Missed optimization opportunity in PhaseIterGVN with -XX:VerifyIterativeGVN=10 + JDK-8316389: Open source few AWT applet tests + JDK-8316756: C2 EA fails with 'missing memory path' when encountering unsafe_arraycopy stub call + JDK-8317112: Add screenshot for Frame/DefaultSizeTest.java + JDK-8317128: java/nio/file/Files/CopyAndMove.java failed with AccessDeniedException + JDK-8317240: Promptly free OopMapEntry after fail to insert the entry to OopMapCache + JDK-8317288: [macos] java/awt/Window/Grab/GrabTest.java: Press on the outside area didn't cause ungrab + JDK-8317299: safepoint scalarization doesn't keep track of the depth of the JVM state + JDK-8317360: Missing null checks in JfrCheckpointManager and JfrStringPool initialization routines + JDK-8317372: Refactor some NumberFormat tests to use JUnit + JDK-8317446: ProblemList gc/arguments/TestNewSizeFlags.java on macosx-aarch64 in Xcomp + JDK-8317449: ProblemList serviceability/jvmti/stress/ /StackTrace/NotSuspended/ /GetStackTraceNotSuspendedStressTest.java on several platforms + JDK-8317635: Improve GetClassFields test to verify correctness of field order + JDK-8317696: Fix compilation with clang-16 + JDK-8317738: CodeCacheFullCountTest failed with 'VirtualMachineError: Out of space in CodeCache for method handle intrinsic' + JDK-8317831: compiler/codecache/CheckLargePages.java fails on OL 8.8 with unexpected memory string + JDK-8318071: IgnoreUnrecognizedVMOptions flag still causes failure in ArchiveHeapTestClass + JDK-8318479: [jmh] the test security.CacheBench failed for multiple threads run + JDK-8318605: Enable parallelism in vmTestbase/nsk/stress/stack tests + JDK-8319197: Exclude hb-subset and hb-style from compilation + JDK-8319406: x86: Shorter movptr(reg, imm) for 32-bit immediates + JDK-8319773: Avoid inflating monitors when installing hash codes for LM_LIGHTWEIGHT + JDK-8319793: C2 compilation fails with 'Bad graph detected in build_loop_late' after JDK-8279888 + JDK-8319817: Charset constructor should make defensive copy of aliases + JDK-8319818: Address GCC 13.2.0 warnings (stringop-overflow and dangling-pointer) + JDK-8320079: The ArabicBox.java test has no control buttons + JDK-8320212: Disable GCC stringop-overflow warning for affected files + JDK-8320379: C2: Sort spilling/unspilling sequence for better ld/st merging into ldp/stp on AArch64 + JDK-8320602: Lock contention in SchemaDVFactory.getInstance() + JDK-8320608: Many jtreg printing tests are missing the @printer keyword + JDK-8320655: awt screencast robot spin and sync issues with native libpipewire api + JDK-8320675: PrinterJob/SecurityDialogTest.java hangs + JDK-8320945: problemlist tests failing on latest Windows 11 update + JDK-8321025: Enable Neoverse N1 optimizations for Neoverse V2 + JDK-8321176: [Screencast] make a second attempt on screencast failure + JDK-8321206: Make Locale related system properties `StaticProperty` + JDK-8321220: JFR: RecordedClass reports incorrect modifiers + JDK-8321278: C2: Partial peeling fails with assert 'last_peel <- first_not_peeled' + JDK-8321509: False positive in get_trampoline fast path causes crash + JDK-8321933: TestCDSVMCrash.java spawns two processes + JDK-8322008: Exclude some CDS tests from running with -Xshare:off + JDK-8322062: com/sun/jdi/JdwpAllowTest.java does not performs negative testing with prefix length + JDK-8322330: JavadocHelperTest.java OOMEs with Parallel GC and ZGC + JDK-8322726: C2: Unloaded signature class kills argument value + JDK-8322743: C2: prevent lock region elimination in OSR compilation + JDK-8322766: Micro bench SSLHandshake should use default algorithms + JDK-8322881: java/nio/file/Files/CopyMoveVariations.java fails with AccessDeniedException due to permissions of files in /tmp + JDK-8322971: KEM.getInstance() should check if a 3rd-party security provider is signed + JDK-8322996: BoxLockNode creation fails with assert(reg < CHUNK_SIZE) failed: sanity + JDK-8323122: AArch64: Increase itable stub size estimate + JDK-8323196: jdk/jfr/api/consumer/filestream/TestOrdered.java failed with 'Events are not ordered! Reuse = false' + JDK-8323274: C2: array load may float above range check + JDK-8323552: AbstractMemorySegmentImpl#mismatch returns -1 when comparing distinct areas of the same instance of MemorySegment + JDK-8323577: C2 SuperWord: remove AlignVector restrictions on IR tests added in JDK-8305055 + JDK-8323584: AArch64: Unnecessary ResourceMark in NativeCall::set_destination_mt_safe + JDK-8323670: A few client tests intermittently throw ConcurrentModificationException + JDK-8323682: C2: guard check is not generated in Arrays.copyOfRange intrinsic when allocation is eliminated by EA + JDK-8323782: Race: Thread::interrupt vs. AbstractInterruptibleChannel.begin + JDK-8323801: tag doesn't strikethrough the text + JDK-8323972: C2 compilation fails with assert(!x->as_Loop()->is_loop_nest_inner_loop()) failed: loop was transformed + JDK-8324174: assert(m->is_entered(current)) failed: invariant + JDK-8324577: [REDO] - [IMPROVE] OPEN_MAX is no longer the max limit on macOS >= 10.6 for RLIMIT_NOFILE + JDK-8324580: SIGFPE on THP initialization on kernels < 4.10 + JDK-8324641: [IR Framework] Add Setup method to provide custom arguments and set fields + JDK-8324668: JDWP process management needs more efficient file descriptor handling + JDK-8324755: Enable parallelism in vmTestbase/gc/gctests/LargeObjects tests + JDK-8324781: runtime/Thread/TestAlwaysPreTouchStacks.java failed with Expected a higher ratio between stack committed and reserved + JDK-8324808: Manual printer tests have no Pass/Fail buttons, instructions close set 3 + JDK-8324969: C2: prevent elimination of unbalanced coarsened locking regions + JDK-8324983: Race in CompileBroker::possibly_add_compiler_threads + JDK-8325022: Incorrect error message on client authentication + JDK-8325037: x86: enable and fix hotspot/jtreg/compiler/vectorization/TestRoundVectFloat.java + JDK-8325083: jdk/incubator/vector/Double512VectorTests.java crashes in Assembler::vex_prefix_and_encode + JDK-8325179: Race in BasicDirectoryModel.validateFileCache + JDK-8325218: gc/parallel/TestAlwaysPreTouchBehavior.java fails + JDK-8325382: (fc) FileChannel.transferTo throws IOException when position equals size + JDK-8325384: sun/security/ssl/SSLSessionImpl/ /ResumptionUpdateBoundValues.java failing intermittently when main thread is a virtual thread + JDK-8325469: Freeze/Thaw code can crash in the presence of OSR frames + JDK-8325494: C2: Broken graph after not skipping CastII node anymore for Assertion Predicates after JDK-8309902 + JDK-8325520: Vector loads and stores with indices and masks incorrectly compiled + JDK-8325542: CTW: Runner can produce negative StressSeed + JDK-8325587: Shenandoah: ShenandoahLock should allow blocking in VM + JDK-8325616: JFR ZGC Allocation Stall events should record stack traces + JDK-8325620: HTMLReader uses ConvertAction instead of specified CharacterAction for , , + JDK-8325754: Dead AbstractQueuedSynchronizer$ConditionNodes survive minor garbage collections + JDK-8325763: Revert properties: vm.opt.x.* + JDK-8326106: Write and clear stack trace table outside of safepoint + JDK-8326129: Java Record Pattern Match leads to infinite loop + JDK-8326332: Unclosed inline tags cause misalignment in summary tables + JDK-8326717: Disable stringop-overflow in shenandoahLock.cpp + JDK-8326734: text-decoration applied to lost when mixed with or + JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails + JDK-8327040: Problemlist ActionListenerCalledTwiceTest.java test failing in macos14 + JDK-8327137: Add test for ConcurrentModificationException in BasicDirectoryModel + JDK-8327401: Some jtreg tests fail on Wayland without any tracking bug + JDK-8327423: C2 remove_main_post_loops: check if main-loop belongs to pre-loop, not just assert + JDK-8327424: ProblemList serviceability/sa/TestJmapCore.java on all platforms with ZGC + JDK-8327501: Common ForkJoinPool prevents class unloading in some cases + JDK-8327650: Test java/nio/channels/DatagramChannel/ /StressNativeSignal.java timed out + JDK-8327787: Convert javax/swing/border/Test4129681.java applet test to main + JDK-8327840: Automate javax/swing/border/Test4129681.java + JDK-8327990: [macosx-aarch64] Various tests fail with -XX:+AssertWXAtThreadSync + JDK-8328011: Convert java/awt/Frame/GetBoundsResizeTest/ /GetBoundsResizeTest.java applet test to main + JDK-8328075: Shenandoah: Avoid forwarding when objects don't move in full-GC + JDK-8328110: Allow simultaneous use of PassFailJFrame with split UI and additional windows + JDK-8328115: Convert java/awt/font/TextLayout/ /TestJustification.html applet test to main + JDK-8328158: Convert java/awt/Choice/NonFocusablePopupMenuTest to automatic main test + JDK-8328218: Delete test java/awt/Window/FindOwner/FindOwner.html + JDK-8328234: Remove unused nativeUtils files + JDK-8328238: Convert few closed manual applet tests to main + JDK-8328269: NonFocusablePopupMenuTest.java should be marked as headful + JDK-8328273: sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java failed with java.rmi.server.ExportException: Port already in use + JDK-8328366: Thread.setContextClassloader from thread in FJP commonPool task no longer works after JDK-8327501 + JDK-8328560: java/awt/event/MouseEvent/ClickDuringKeypress/ /ClickDuringKeypress.java imports Applet + JDK-8328561: test java/awt/Robot/ManualInstructions/ /ManualInstructions.java isn't used + JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main + JDK-8328647: TestGarbageCollectorMXBean.java fails with C1-only and -Xcomp + JDK-8328697: SubMenuShowTest and SwallowKeyEvents tests stabilization + JDK-8328785: IOException: Symbol not found: C_GetInterface for PKCS11 interface prior to V3.0 + JDK-8328896: Fontmetrics for large Fonts has zero width + JDK-8328953: JEditorPane.read throws ChangedCharSetException + JDK-8328999: Update GIFlib to 5.2.2 + JDK-8329004: Update Libpng to 1.6.43 + JDK-8329088: Stack chunk thawing races with concurrent GC stack iteration + JDK-8329103: assert(!thread->in_asgct()) failed during multi-mode profiling + JDK-8329126: No native wrappers generated anymore with -XX:-TieredCompilation after JDK-8251462 + JDK-8329134: Reconsider TLAB zapping + JDK-8329258: TailCall should not use frame pointer register for jump target + JDK-8329510: Update ProblemList for JFileChooser/8194044/FileSystemRootTest.java + JDK-8329559: Test javax/swing/JFrame/bug4419914.java failed because The End and Start buttons are not placed correctly and Tab focus does not move as expected + JDK-8329665: fatal error: memory leak: allocating without ResourceMark + JDK-8329667: [macos] Issue with JTree related fix for JDK-8317771 + JDK-8329995: Restricted access to `/proc` can cause JFR initialization to crash + JDK-8330027: Identity hashes of archived objects must be based on a reproducible random seed + JDK-8330063: Upgrade jQuery to 3.7.1 + JDK-8330133: libj2pkcs11.so crashes on some pkcs#11 v3.0 libraries + JDK-8330146: assert(!_thread->is_in_any_VTMS_transition()) failed + JDK-8330520: linux clang build fails in os_linux.cpp with static_assert with no message is a C++17 extension + JDK-8330576: ZYoungCompactionLimit should have range check + JDK-8330611: AES-CTR vector intrinsic may read out of bounds (x86_64, AVX-512) + JDK-8330748: ByteArrayOutputStream.writeTo(OutputStream) pins carrier + JDK-8330814: Cleanups for KeepAliveCache tests + JDK-8330819: C2 SuperWord: bad dominance after pre-loop limit adjustment with base that has CastLL after pre-loop + JDK-8330849: Add test to verify memory usage with recursive locking + JDK-8330981: ZGC: Should not dedup strings in the finalizer graph + JDK-8331011: [XWayland] TokenStorage fails under Security Manager + JDK-8331063: Some HttpClient tests don't report leaks + JDK-8331077: nroff man page update for jar tool + JDK-8331142: Add test for number of loader threads in BasicDirectoryModel + JDK-8331153: JFR: Improve logging of jdk/jfr/api/consumer/filestream/TestOrdered.java + JDK-8331164: createJMHBundle.sh download jars fail when url needed to be redirected + JDK-8331266: Bump update version for OpenJDK: jdk-21.0.5 + JDK-8331405: Shenandoah: Optimize ShenandoahLock with TTAS + JDK-8331411: Shenandoah: Reconsider spinning duration in ShenandoahLock + JDK-8331421: ubsan: vmreg.cpp checking error member call on misaligned address + JDK-8331495: Limit BasicDirectoryModel/LoaderThreadCount.java to Windows only + JDK-8331518: Tests should not use the 'Classpath' exception form of the legal header + JDK-8331572: Allow using OopMapCache outside of STW GC phases + JDK-8331573: Rename CollectedHeap::is_gc_active to be explicitly about STW GCs + JDK-8331575: C2: crash when ConvL2I is split thru phi at LongCountedLoop + JDK-8331605: jdk/test/lib/TestMutuallyExclusivePlatformPredicates.java test failure + JDK-8331626: unsafe.cpp:162:38: runtime error in index_oop_from_field_offset_long - applying non-zero offset 4563897424 to null pointer + JDK-8331714: Make OopMapCache installation lock-free + JDK-8331731: ubsan: relocInfo.cpp:155:30: runtime error: applying non-zero offset to null pointer + JDK-8331746: Create a test to verify that the cmm id is not ignored + JDK-8331771: ZGC: Remove OopMapCacheAlloc_lock ordering workaround + JDK-8331789: ubsan: deoptimization.cpp:403:29: runtime error: load of value 208, which is not a valid value for type 'bool' + JDK-8331798: Remove unused arg of checkErgonomics() in TestMaxHeapSizeTools.java + JDK-8331854: ubsan: copy.hpp:218:10: runtime error: addition of unsigned offset to 0x7fc2b4024518 overflowed to 0x7fc2b4024510 + JDK-8331863: DUIterator_Fast used before it is constructed + JDK-8331885: C2: meet between unloaded and speculative types is not symmetric + JDK-8331931: JFR: Avoid loading regex classes during startup + JDK-8331999: BasicDirectoryModel/LoaderThreadCount.java frequently fails on Windows in CI + JDK-8332008: Enable issuestitle check + JDK-8332113: Update nsk.share.Log to be always verbose + JDK-8332154: Memory leak in SynchronousQueue + JDK-8332174: Remove 2 (unpaired) RLO Unicode characters in ff_Adlm.xml + JDK-8332248: (fc) java/nio/channels/FileChannel/ /BlockDeviceSize.java failed with RuntimeException + JDK-8332424: Update IANA Language Subtag Registry to Version 2024-05-16 + JDK-8332431: NullPointerException in JTable of SwingSet2 + JDK-8332473: ubsan: growableArray.hpp:290:10: runtime error: null pointer passed as argument 1, which is declared to never be null + JDK-8332490: JMH org.openjdk.bench.java.util.zip .InflaterInputStreams.inflaterInputStreamRead OOM + JDK-8332499: Gtest codestrings.validate_vm fail on linux x64 when hsdis is present + JDK-8332524: Instead of printing 'TLSv1.3,' it is showing 'TLS13' + JDK-8332589: ubsan: unix/native/libjava/ProcessImpl_md.c:562:5: runtime error: null pointer passed as argument 2, which is declared to never be null + JDK-8332675: test/hotspot/jtreg/gc/testlibrary/Helpers.java compileClass javadoc does not match after 8321812 + JDK-8332699: ubsan: jfrEventSetting.inline.hpp:31:43: runtime error: index 163 out of bounds for type 'jfrNativeEventSetting [162]' + JDK-8332717: ZGC: Division by zero in heuristics + JDK-8332720: ubsan: instanceKlass.cpp:3550:76: runtime error: member call on null pointer of type 'struct Array' + JDK-8332818: ubsan: archiveHeapLoader.cpp:70:27: runtime error: applying non-zero offset 18446744073707454464 to null pointer + JDK-8332825: ubsan: guardedMemory.cpp:35:11: runtime error: null pointer passed as argument 2, which is declared to never be null + JDK-8332885: Clarify failure_handler self-tests + JDK-8332894: ubsan: vmError.cpp:2090:26: runtime error: division by zero + JDK-8332898: failure_handler: log directory of commands + JDK-8332903: ubsan: opto/output.cpp:1002:18: runtime error: load of value 171, which is not a valid value for type 'bool' + JDK-8332904: ubsan ppc64le: c1_LIRGenerator_ppc.cpp:581:21: runtime error: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long int' + JDK-8332905: C2 SuperWord: bad AD file, with RotateRightV and first operand not a pack + JDK-8332920: C2: Partial Peeling is wrongly applied for CmpU with negative limit + JDK-8332935: Crash: assert(*lastPtr != 0) failed: Mismatched JNINativeInterface tables, check for new entries + JDK-8332936: Test vmTestbase/metaspace/gc/watermark_70_80/ /TestDescription.java fails with no GC's recorded + JDK-8332959: C2: ZGC fails with 'Incorrect load shift' when invoking Object.clone() reflectively on an array + JDK-8333088: ubsan: shenandoahAdaptiveHeuristics.cpp:245:44: runtime error: division by zero + JDK-8333093: Incorrect comment in zAddress_aarch64.cpp + JDK-8333099: Missing check for is_LoadVector in StoreNode::Identity + JDK-8333149: ubsan : memset on nullptr target detected in jvmtiEnvBase.cpp get_object_monitor_usage + JDK-8333178: ubsan: jvmti_tools.cpp:149:16: runtime error: null pointer passed as argument 2, which is declared to never be null + JDK-8333270: HandlersOnComplexResetUpdate and HandlersOnComplexUpdate tests fail with 'Unexpected reference' if timeoutFactor is less than 1/3 + JDK-8333277: ubsan: mlib_ImageScanPoly.c:292:43: runtime error: division by zero + JDK-8333353: Delete extra empty line in CodeBlob.java + JDK-8333354: ubsan: frame.inline.hpp:91:25: and src/hotspot/share/runtime/frame.inline.hpp:88:29: runtime error: member call on null pointer of type 'const struct SmallRegisterMap' + JDK-8333361: ubsan,test : libHeapMonitorTest.cpp:518:9: runtime error: null pointer passed as argument 2, which is declared to never be null + JDK-8333363: ubsan: instanceKlass.cpp: runtime error: member call on null pointer of type 'struct AnnotationArray' + JDK-8333366: C2: CmpU3Nodes are not pushed back to worklist in PhaseCCP leading to non-fixpoint assertion failure + JDK-8333398: Uncomment the commented test in test/jdk/java/ /util/jar/JarFile/mrjar/MultiReleaseJarAPI.java + JDK-8333462: Performance regression of new DecimalFormat() when compare to jdk11 + JDK-8333477: Delete extra empty spaces in Makefiles + JDK-8333542: Breakpoint in parallel code does not work + JDK-8333622: ubsan: relocInfo_x86.cpp:101:56: runtime error: pointer index expression with base (-1) overflowed + JDK-8333639: ubsan: cppVtables.cpp:81:55: runtime error: index 14 out of bounds for type 'long int [1]' + JDK-8333652: RISC-V: compiler/vectorapi/ /VectorGatherMaskFoldingTest.java fails when using RVV + JDK-8333716: Shenandoah: Check for disarmed method before taking the nmethod lock + JDK-8333724: Problem list security/infra/java/security/cert/ /CertPathValidator/certification/CAInterop.java #teliasonerarootcav1 + JDK-8333804: java/net/httpclient/ForbiddenHeadTest.java threw an exception with 0 failures + JDK-8333887: ubsan: unsafe.cpp:247:13: runtime error: store to null pointer of type 'volatile int' + JDK-8334078: RISC-V: TestIntVect.java fails after JDK-8332153 when running without RVV + JDK-8334123: log the opening of Type 1 fonts + JDK-8334166: Enable binary check + JDK-8334239: Introduce macro for ubsan method/function exclusions + JDK-8334297: (so) java/nio/channels/SocketChannel/OpenLeak.java should not depend on SecurityManager + JDK-8334332: TestIOException.java fails if run by root + JDK-8334333: MissingResourceCauseTestRun.java fails if run by root + JDK-8334339: Test java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java fails on alinux3 + JDK-8334418: Update IANA Language Subtag Registry to Version 2024-06-14 + JDK-8334421: assert(!oldbox->is_unbalanced()) failed: this should not be called for unbalanced region + JDK-8334482: Shenandoah: Deadlock when safepoint is pending during nmethods iteration + JDK-8334592: ProblemList serviceability/jvmti/stress/ /StackTrace/NotSuspended/ /GetStackTraceNotSuspendedStressTest.java in jdk21 on all platforms + JDK-8334594: Generational ZGC: Deadlock after OopMap rewrites in 8331572 + JDK-8334600: TEST java/net/MulticastSocket/IPMulticastIF.java fails on linux-aarch64 + JDK-8334618: ubsan: support setting additional ubsan check options + JDK-8334653: ISO 4217 Amendment 177 Update + JDK-8334769: Shenandoah: Move CodeCache_lock close to its use in ShenandoahConcurrentNMethodIterator + JDK-8334867: Add back assertion from JDK-8325494 + JDK-8335007: Inline OopMapCache table + JDK-8335134: Test com/sun/jdi/BreakpointOnClassPrepare.java timeout + JDK-8335150: Test LogGeneratedClassesTest.java fails on rpmbuild mock enviroment + JDK-8335237: ubsan: vtableStubs.hpp is_vtable_stub exclude from ubsan checks + JDK-8335283: Build failure due to 'no_sanitize' attribute directive ignored + JDK-8335409: Can't allocate and retain memory from resource area in frame::oops_interpreted_do oop closure after 8329665 + JDK-8335493: check_gc_overhead_limit should reset SoftRefPolicy::_should_clear_all_soft_refs + JDK-8335536: Fix assertion failure in IdealGraphPrinter when append is true + JDK-8335743: jhsdb jstack cannot print some information on the waiting thread + JDK-8335775: Remove extraneous 's' in comment of rawmonitor.cpp test file + JDK-8335904: Fix invalid comment in ShenandoahLock + JDK-8335967: 'text-decoration: none' does not work with 'A' HTML tags + JDK-8336284: Test TestClhsdbJstackLock.java/ TestJhsdbJstackLock.java fails with -Xcomp after JDK-8335743 + JDK-8336301: test/jdk/java/nio/channels/ /AsyncCloseAndInterrupt.java leaves around a FIFO file upon test completion + JDK-8336342: Fix known X11 library locations in sysroot + JDK-8336343: Add more known sysroot library locations for ALSA + JDK-8336926: jdk/internal/util/ReferencedKeyTest.java can fail with ConcurrentModificationException + JDK-8336928: GHA: Bundle artifacts removal broken + JDK-8337038: Test java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java shoud set as /native + JDK-8337283: configure.log is truncated when build dir is on different filesystem + JDK-8337622: IllegalArgumentException in java.lang.reflect.Field.get + JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs + JDK-8338139: {ClassLoading,Memory}MXBean::isVerbose methods are inconsistent with their setVerbose methods + JDK-8338286: GHA: Demote x86_32 to hotspot build only + JDK-8338696: (fs) BasicFileAttributes.creationTime() falls back to epoch if birth time is unavailable (Linux) + JDK-8339869: [21u] Test CreationTime.java fails with UnsatisfiedLinkError after 8334339 + JDK-8341057: Add 2 SSL.com TLS roots + JDK-8341059: Change Entrust TLS distrust date to November 12, 2024 + JDK-8341674: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.5 + JDK-8341989: [21u] Back out JDK-8327501 and JDK-8328366 The following package changes have been done: - java-21-openjdk-headless-21.0.5.0-150600.3.6.3 added - java-21-openjdk-21.0.5.0-150600.3.6.3 added - java-17-openjdk-17.0.13.0-150400.3.48.2 removed - java-17-openjdk-headless-17.0.13.0-150400.3.48.2 removed From sle-container-updates at lists.suse.com Mon Dec 2 12:41:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:41:35 +0100 (CET) Subject: SUSE-CU-2024:5977-1: Recommended update of containers/apache-tomcat Message-ID: <20241202124135.D622AFD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5977-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11-57.3 Container Release : 57.3 Severity : moderate Type : recommended References : 1231833 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3865-1 Released: Fri Nov 1 16:10:37 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1231833 This update for gcc14 fixes the following issues: - Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.6.1 updated - libstdc++6-14.2.0+git10526-150000.1.6.1 updated - container:bci-bci-base-15.6-9f77af222d3839b51642d1cba74bedd918f0532d7a63584b6cc9144a6d8fa7e6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-9f77af222d3839b51642d1cba74bedd918f0532d7a63584b6cc9144a6d8fa7e6-0 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:41:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:41:40 +0100 (CET) Subject: SUSE-CU-2024:5980-1: Security update of containers/apache-tomcat Message-ID: <20241202124140.0AB64FD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5980-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11-57.9 Container Release : 57.9 Severity : moderate Type : security References : 1220262 1230972 1232528 CVE-2023-50782 CVE-2024-9681 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3896-1 Released: Mon Nov 4 12:08:29 2024 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1230972 This update for shadow fixes the following issues: - Add useradd warnings when requested UID is outside the default range (bsc#1230972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3925-1 Released: Wed Nov 6 11:14:28 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3943-1 Released: Thu Nov 7 11:12:00 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl3-3.1.4-150600.5.21.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated - libcurl4-8.6.0-150600.4.12.1 updated - login_defs-4.8.1-150600.17.9.1 updated - shadow-4.8.1-150600.17.9.1 updated - curl-8.6.0-150600.4.12.1 updated - openssl-3-3.1.4-150600.5.21.1 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:41:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:41:41 +0100 (CET) Subject: SUSE-CU-2024:5981-1: Recommended update of containers/apache-tomcat Message-ID: <20241202124141.7AFB6FD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5981-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11 , containers/apache-tomcat:10.1.25-openjdk11-59.3 Container Release : 59.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. The following package changes have been done: - patterns-base-fips-20200124-150600.32.3.2 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:41:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:41:44 +0100 (CET) Subject: SUSE-CU-2024:5984-1: Recommended update of containers/apache-tomcat Message-ID: <20241202124144.B9300FD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5984-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1-openjdk17-8.5 , containers/apache-tomcat:10.1.25-openjdk17 , containers/apache-tomcat:10.1.25-openjdk17-8.5 Container Release : 8.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:bci-bci-base-15.6-5e115737ddaf4439a9195f5a529adfaae4b4edd662ad49662a36df1f53ed1642-0 updated - container:registry.suse.com-bci-bci-micro-15.6-5e115737ddaf4439a9195f5a529adfaae4b4edd662ad49662a36df1f53ed1642-0 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:41:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:41:47 +0100 (CET) Subject: SUSE-CU-2024:5988-1: Recommended update of containers/apache-tomcat Message-ID: <20241202124147.9650EFD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5988-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.25-openjdk17 , containers/apache-tomcat:10.1.25-openjdk17-57.3 Container Release : 57.3 Severity : moderate Type : recommended References : 1231833 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3865-1 Released: Fri Nov 1 16:10:37 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1231833 This update for gcc14 fixes the following issues: - Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.6.1 updated - libstdc++6-14.2.0+git10526-150000.1.6.1 updated - container:bci-bci-base-15.6-9f77af222d3839b51642d1cba74bedd918f0532d7a63584b6cc9144a6d8fa7e6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-9f77af222d3839b51642d1cba74bedd918f0532d7a63584b6cc9144a6d8fa7e6-0 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:41:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:41:50 +0100 (CET) Subject: SUSE-CU-2024:5992-1: Security update of containers/apache-tomcat Message-ID: <20241202124150.F0A39FD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5992-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.25-openjdk17 , containers/apache-tomcat:10.1.25-openjdk17-57.10 Container Release : 57.10 Severity : moderate Type : security References : 1220262 1230972 1232528 CVE-2023-50782 CVE-2024-9681 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3896-1 Released: Mon Nov 4 12:08:29 2024 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1230972 This update for shadow fixes the following issues: - Add useradd warnings when requested UID is outside the default range (bsc#1230972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3925-1 Released: Wed Nov 6 11:14:28 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3943-1 Released: Thu Nov 7 11:12:00 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl3-3.1.4-150600.5.21.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated - libcurl4-8.6.0-150600.4.12.1 updated - login_defs-4.8.1-150600.17.9.1 updated - shadow-4.8.1-150600.17.9.1 updated - curl-8.6.0-150600.4.12.1 updated - openssl-3-3.1.4-150600.5.21.1 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:41:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:41:52 +0100 (CET) Subject: SUSE-CU-2024:5993-1: Recommended update of containers/apache-tomcat Message-ID: <20241202124152.871A0FD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5993-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.25-openjdk17 , containers/apache-tomcat:10.1.25-openjdk17-59.3 Container Release : 59.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. The following package changes have been done: - patterns-base-fips-20200124-150600.32.3.2 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:41:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:41:55 +0100 (CET) Subject: SUSE-CU-2024:5996-1: Recommended update of containers/apache-tomcat Message-ID: <20241202124155.7DEFEFD97@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5996-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1-openjdk21-8.5 , containers/apache-tomcat:10.1.25-openjdk21 , containers/apache-tomcat:10.1.25-openjdk21-8.5 Container Release : 8.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:bci-bci-base-15.6-5e115737ddaf4439a9195f5a529adfaae4b4edd662ad49662a36df1f53ed1642-0 updated - container:registry.suse.com-bci-bci-micro-15.6-5e115737ddaf4439a9195f5a529adfaae4b4edd662ad49662a36df1f53ed1642-0 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:42:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:42:00 +0100 (CET) Subject: SUSE-CU-2024:6000-1: Recommended update of containers/apache-tomcat Message-ID: <20241202124200.A34C2FD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6000-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.25-openjdk21 , containers/apache-tomcat:10.1.25-openjdk21-57.3 Container Release : 57.3 Severity : moderate Type : recommended References : 1231833 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3865-1 Released: Fri Nov 1 16:10:37 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1231833 This update for gcc14 fixes the following issues: - Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.6.1 updated - libstdc++6-14.2.0+git10526-150000.1.6.1 updated - container:bci-bci-base-15.6-9f77af222d3839b51642d1cba74bedd918f0532d7a63584b6cc9144a6d8fa7e6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-9f77af222d3839b51642d1cba74bedd918f0532d7a63584b6cc9144a6d8fa7e6-0 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:42:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:42:05 +0100 (CET) Subject: SUSE-CU-2024:6004-1: Security update of containers/apache-tomcat Message-ID: <20241202124205.C43A1FD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6004-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.25-openjdk21 , containers/apache-tomcat:10.1.25-openjdk21-57.10 Container Release : 57.10 Severity : moderate Type : security References : 1220262 1230972 1232528 CVE-2023-50782 CVE-2024-9681 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3896-1 Released: Mon Nov 4 12:08:29 2024 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1230972 This update for shadow fixes the following issues: - Add useradd warnings when requested UID is outside the default range (bsc#1230972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3925-1 Released: Wed Nov 6 11:14:28 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3943-1 Released: Thu Nov 7 11:12:00 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl3-3.1.4-150600.5.21.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated - libcurl4-8.6.0-150600.4.12.1 updated - login_defs-4.8.1-150600.17.9.1 updated - shadow-4.8.1-150600.17.9.1 updated - curl-8.6.0-150600.4.12.1 updated - openssl-3-3.1.4-150600.5.21.1 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:42:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:42:07 +0100 (CET) Subject: SUSE-CU-2024:6005-1: Recommended update of containers/apache-tomcat Message-ID: <20241202124207.69EB3FD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6005-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.25-openjdk21 , containers/apache-tomcat:10.1.25-openjdk21-59.3 Container Release : 59.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. The following package changes have been done: - patterns-base-fips-20200124-150600.32.3.2 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:42:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:42:13 +0100 (CET) Subject: SUSE-CU-2024:6010-1: Recommended update of containers/apache-tomcat Message-ID: <20241202124213.A8324FD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6010-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.91-openjdk11 , containers/apache-tomcat:9.0.91-openjdk11-59.3 Container Release : 59.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. The following package changes have been done: - patterns-base-fips-20200124-150600.32.3.2 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:42:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:42:22 +0100 (CET) Subject: SUSE-CU-2024:6015-1: Recommended update of containers/apache-tomcat Message-ID: <20241202124222.77520FD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6015-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.91-openjdk17 , containers/apache-tomcat:9.0.91-openjdk17-59.3 Container Release : 59.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. The following package changes have been done: - patterns-base-fips-20200124-150600.32.3.2 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:42:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:42:29 +0100 (CET) Subject: SUSE-CU-2024:6019-1: Recommended update of containers/apache-tomcat Message-ID: <20241202124229.C1500FD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6019-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.91-openjdk21 , containers/apache-tomcat:9.0.91-openjdk21-59.3 Container Release : 59.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. The following package changes have been done: - patterns-base-fips-20200124-150600.32.3.2 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:42:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:42:37 +0100 (CET) Subject: SUSE-CU-2024:6023-1: Recommended update of containers/apache-tomcat Message-ID: <20241202124237.99511FD57@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6023-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.91-openjdk8 , containers/apache-tomcat:9.0.91-openjdk8-59.3 Container Release : 59.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. The following package changes have been done: - patterns-base-fips-20200124-150600.32.3.2 updated From sle-container-updates at lists.suse.com Tue Dec 3 08:09:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Dec 2024 09:09:21 +0100 (CET) Subject: SUSE-CU-2024:6023-1: Recommended update of containers/apache-tomcat Message-ID: <20241203080921.9D4BCFCBE@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6023-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.91-openjdk8 , containers/apache-tomcat:9.0.91-openjdk8-59.3 Container Release : 59.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. The following package changes have been done: - patterns-base-fips-20200124-150600.32.3.2 updated From sle-container-updates at lists.suse.com Wed Dec 4 08:03:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Dec 2024 09:03:56 +0100 (CET) Subject: SUSE-IU-2024:1940-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20241204080356.AA070FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1940-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-4.17 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 4.17 Severity : critical Type : security References : 1027519 1207377 1214718 1216320 1218474 1218851 1219080 1219503 1219885 1221332 1221334 1221984 1222302 1222453 1224788 1225365 1225953 1226321 1227355 1228142 1228574 1228575 1230679 1231500 1232211 CVE-2022-45748 CVE-2023-28746 CVE-2023-32324 CVE-2023-32360 CVE-2023-34241 CVE-2023-4504 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46842 CVE-2024-2193 CVE-2024-2201 CVE-2024-31142 CVE-2024-31143 CVE-2024-31145 CVE-2024-31146 CVE-2024-35195 CVE-2024-35235 CVE-2024-40724 CVE-2024-45679 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE_ALP_Source_Standard_Core_1.0_Build Released: Mon Nov 25 14:51:40 2024 Summary: Security update for xen Type: security Severity: critical References: 1027519,1207377,1214718,1216320,1218474,1218851,1219080,1219503,1219885,1221332,1221334,1221984,1222302,1222453,1224788,1225365,1225953,1226321,1227355,1228142,1228574,1228575,1230679,1231500,1232211,CVE-2022-45748,CVE-2023-28746,CVE-2023-32324,CVE-2023-32360,CVE-2023-34241,CVE-2023-4504,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841,CVE-2023-46842,CVE-2024-2193,CVE-2024-2201,CVE-2024-31142,CVE-2024-31143,CVE-2024-31145,CVE-2024-31146,CVE-2024-35195,CVE-2024-35235,CVE-2024-40724,CVE-2024-45679 This update for xen fixes the following issues: - Update to Xen 4.18.3 security bug fix release (bsc#1027519) * No upstream changelog found in sources or webpage - bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86 IOMMU identity mapping (XSA-460) - bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through with shared resources (XSA-461) - bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86 guest IRQ handling (XSA-458) - bsc#1214718 - The system hangs intermittently when Power Control Mode is set to Minimum Power on SLES15SP5 Xen - Upstream bug fixes (bsc#1027519) - bsc#1225953 - Package xen does not build with gcc14 because of new errors - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - Upstream bug fixes (bsc#1027519) - Update to Xen 4.18.2 security bug fix release (bsc#1027519) xen-4.18.2-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic for BTC/SRSO mitigations (XSA-455) - bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch History Injection (XSA-456) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - Update to Xen 4.18.1 bug fix release (bsc#1027519) xen-4.18.1-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data Sampling (XSA-452) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs exceptions from emulation stubs (XSA-451) - Upstream bug fixes (bsc#1027519) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) The following package changes have been done: - SL-Micro-release-6.0-24.28 updated - elemental-register-1.6.6-1.1 updated - elemental-support-1.6.6-1.1 updated - container:SL-Micro-base-container-2.1.3-4.17 updated From sle-container-updates at lists.suse.com Wed Dec 4 08:04:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Dec 2024 09:04:06 +0100 (CET) Subject: SUSE-IU-2024:1941-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20241204080406.8A0CFFCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1941-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-4.17 , suse/sl-micro/6.0/base-os-container:latest Image Release : 4.17 Severity : critical Type : security References : 1027519 1207377 1214718 1216320 1218474 1218851 1219080 1219503 1219885 1221332 1221334 1221984 1222302 1222453 1224788 1225365 1225953 1226321 1227355 1228142 1228574 1228575 1230679 1231500 1232211 CVE-2022-45748 CVE-2023-28746 CVE-2023-32324 CVE-2023-32360 CVE-2023-34241 CVE-2023-4504 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46842 CVE-2024-2193 CVE-2024-2201 CVE-2024-31142 CVE-2024-31143 CVE-2024-31145 CVE-2024-31146 CVE-2024-35195 CVE-2024-35235 CVE-2024-40724 CVE-2024-45679 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE_ALP_Source_Standard_Core_1.0_Build Released: Mon Nov 25 14:51:40 2024 Summary: Security update for xen Type: security Severity: critical References: 1027519,1207377,1214718,1216320,1218474,1218851,1219080,1219503,1219885,1221332,1221334,1221984,1222302,1222453,1224788,1225365,1225953,1226321,1227355,1228142,1228574,1228575,1230679,1231500,1232211,CVE-2022-45748,CVE-2023-28746,CVE-2023-32324,CVE-2023-32360,CVE-2023-34241,CVE-2023-4504,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841,CVE-2023-46842,CVE-2024-2193,CVE-2024-2201,CVE-2024-31142,CVE-2024-31143,CVE-2024-31145,CVE-2024-31146,CVE-2024-35195,CVE-2024-35235,CVE-2024-40724,CVE-2024-45679 This update for xen fixes the following issues: - Update to Xen 4.18.3 security bug fix release (bsc#1027519) * No upstream changelog found in sources or webpage - bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86 IOMMU identity mapping (XSA-460) - bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through with shared resources (XSA-461) - bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86 guest IRQ handling (XSA-458) - bsc#1214718 - The system hangs intermittently when Power Control Mode is set to Minimum Power on SLES15SP5 Xen - Upstream bug fixes (bsc#1027519) - bsc#1225953 - Package xen does not build with gcc14 because of new errors - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - Upstream bug fixes (bsc#1027519) - Update to Xen 4.18.2 security bug fix release (bsc#1027519) xen-4.18.2-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic for BTC/SRSO mitigations (XSA-455) - bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch History Injection (XSA-456) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - Update to Xen 4.18.1 bug fix release (bsc#1027519) xen-4.18.1-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data Sampling (XSA-452) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs exceptions from emulation stubs (XSA-451) - Upstream bug fixes (bsc#1027519) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) The following package changes have been done: - SL-Micro-release-6.0-24.28 updated - elemental-register-1.6.6-1.1 updated - elemental-support-1.6.6-1.1 updated - container:suse-toolbox-image-1.0.0-6.65 updated From sle-container-updates at lists.suse.com Wed Dec 4 08:04:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Dec 2024 09:04:19 +0100 (CET) Subject: SUSE-IU-2024:1942-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20241204080419.9C54CFCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1942-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-5.18 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 5.18 Severity : critical Type : security References : 1027519 1207377 1214718 1216320 1218474 1218851 1219080 1219503 1219885 1221332 1221334 1221984 1222302 1222453 1224788 1225365 1225953 1226321 1227355 1228142 1228574 1228575 1230679 1231500 1232211 CVE-2022-45748 CVE-2023-28746 CVE-2023-32324 CVE-2023-32360 CVE-2023-34241 CVE-2023-4504 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46842 CVE-2024-2193 CVE-2024-2201 CVE-2024-31142 CVE-2024-31143 CVE-2024-31145 CVE-2024-31146 CVE-2024-35195 CVE-2024-35235 CVE-2024-40724 CVE-2024-45679 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE_ALP_Source_Standard_Core_1.0_Build Released: Mon Nov 25 14:51:40 2024 Summary: Security update for xen Type: security Severity: critical References: 1027519,1207377,1214718,1216320,1218474,1218851,1219080,1219503,1219885,1221332,1221334,1221984,1222302,1222453,1224788,1225365,1225953,1226321,1227355,1228142,1228574,1228575,1230679,1231500,1232211,CVE-2022-45748,CVE-2023-28746,CVE-2023-32324,CVE-2023-32360,CVE-2023-34241,CVE-2023-4504,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841,CVE-2023-46842,CVE-2024-2193,CVE-2024-2201,CVE-2024-31142,CVE-2024-31143,CVE-2024-31145,CVE-2024-31146,CVE-2024-35195,CVE-2024-35235,CVE-2024-40724,CVE-2024-45679 This update for xen fixes the following issues: - Update to Xen 4.18.3 security bug fix release (bsc#1027519) * No upstream changelog found in sources or webpage - bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86 IOMMU identity mapping (XSA-460) - bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through with shared resources (XSA-461) - bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86 guest IRQ handling (XSA-458) - bsc#1214718 - The system hangs intermittently when Power Control Mode is set to Minimum Power on SLES15SP5 Xen - Upstream bug fixes (bsc#1027519) - bsc#1225953 - Package xen does not build with gcc14 because of new errors - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - Upstream bug fixes (bsc#1027519) - Update to Xen 4.18.2 security bug fix release (bsc#1027519) xen-4.18.2-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic for BTC/SRSO mitigations (XSA-455) - bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch History Injection (XSA-456) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - Update to Xen 4.18.1 bug fix release (bsc#1027519) xen-4.18.1-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data Sampling (XSA-452) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs exceptions from emulation stubs (XSA-451) - Upstream bug fixes (bsc#1027519) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) The following package changes have been done: - SL-Micro-release-6.0-24.28 updated - elemental-register-1.6.6-1.1 updated - elemental-support-1.6.6-1.1 updated - container:SL-Micro-container-2.1.3-4.17 updated From sle-container-updates at lists.suse.com Wed Dec 4 12:47:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Dec 2024 13:47:07 +0100 (CET) Subject: SUSE-IU-2024:1943-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20241204124707.0F843FD57@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1943-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-4.18 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 4.18 Severity : critical Type : security References : 1027519 1207377 1214718 1216320 1218474 1218609 1218851 1219080 1219503 1219885 1220117 1221332 1221334 1221831 1221984 1222302 1222453 1223605 1224788 1225365 1225598 1225953 1226321 1227355 1228142 1228574 1228575 1230679 1231500 1232211 CVE-2022-45748 CVE-2023-28746 CVE-2023-32324 CVE-2023-32360 CVE-2023-34241 CVE-2023-4504 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46842 CVE-2024-2193 CVE-2024-2201 CVE-2024-28085 CVE-2024-31142 CVE-2024-31143 CVE-2024-31145 CVE-2024-31146 CVE-2024-35195 CVE-2024-35235 CVE-2024-40724 CVE-2024-45679 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE_ALP_Source_Standard_Core_1.0_Build Released: Mon Nov 25 14:51:40 2024 Summary: Security update for xen Type: security Severity: critical References: 1027519,1207377,1214718,1216320,1218474,1218609,1218851,1219080,1219503,1219885,1220117,1221332,1221334,1221831,1221984,1222302,1222453,1223605,1224788,1225365,1225598,1225953,1226321,1227355,1228142,1228574,1228575,1230679,1231500,1232211,CVE-2022-45748,CVE-2023-28746,CVE-2023-32324,CVE-2023-32360,CVE-2023-34241,CVE-2023-4504,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841,CVE-2023-46842,CVE-2024-2193,CVE-2024-2201,CVE-2024-28085,CVE-2024-31142,CVE-2024-31143,CVE-2024-31145,CVE-2024-31146,CVE-2024-35195,CVE-2024-35235,CVE-2024-40724,CVE-2024-45679 This update for xen fixes the following issues: - Update to Xen 4.18.3 security bug fix release (bsc#1027519) * No upstream changelog found in sources or webpage - bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86 IOMMU identity mapping (XSA-460) - bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through with shared resources (XSA-461) - bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86 guest IRQ handling (XSA-458) - bsc#1214718 - The system hangs intermittently when Power Control Mode is set to Minimum Power on SLES15SP5 Xen - Upstream bug fixes (bsc#1027519) - bsc#1225953 - Package xen does not build with gcc14 because of new errors - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - Upstream bug fixes (bsc#1027519) - Update to Xen 4.18.2 security bug fix release (bsc#1027519) xen-4.18.2-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic for BTC/SRSO mitigations (XSA-455) - bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch History Injection (XSA-456) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - Update to Xen 4.18.1 bug fix release (bsc#1027519) xen-4.18.1-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data Sampling (XSA-452) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs exceptions from emulation stubs (XSA-451) - Upstream bug fixes (bsc#1027519) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) The following package changes have been done: - SL-Micro-release-6.0-24.28 updated - elemental-register-1.6.6-1.1 updated - elemental-support-1.6.6-1.1 updated - container:SL-Micro-base-container-2.1.3-4.17 updated From sle-container-updates at lists.suse.com Thu Dec 5 08:09:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Dec 2024 09:09:00 +0100 (CET) Subject: SUSE-CU-2024:6068-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20241205080900.9F923FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6068-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.54 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.54 Severity : moderate Type : recommended References : 1230625 1231846 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4168-1 Released: Wed Dec 4 11:51:48 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1230625,1231846 This update for vim fixes the following issues: - Update from vim-9.1.0330 to vim-9.1.0836 (bsc#1230625, bsc#1230625) The following package changes have been done: - vim-data-common-9.1.0836-150000.5.66.1 updated - vim-9.1.0836-150000.5.66.1 updated - xxd-9.1.0836-150000.5.66.1 added From sle-container-updates at lists.suse.com Thu Dec 5 08:12:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Dec 2024 09:12:32 +0100 (CET) Subject: SUSE-CU-2024:6070-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20241205081232.D919FF787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6070-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.54 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.54 Severity : moderate Type : recommended References : 1230625 1231846 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4168-1 Released: Wed Dec 4 11:51:48 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1230625,1231846 This update for vim fixes the following issues: - Update from vim-9.1.0330 to vim-9.1.0836 (bsc#1230625, bsc#1230625) The following package changes have been done: - vim-data-common-9.1.0836-150000.5.66.1 updated - vim-9.1.0836-150000.5.66.1 updated - xxd-9.1.0836-150000.5.66.1 added From sle-container-updates at lists.suse.com Thu Dec 5 08:17:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Dec 2024 09:17:23 +0100 (CET) Subject: SUSE-CU-2024:6072-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20241205081723.495A6F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6072-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.49 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.49 Severity : moderate Type : recommended References : 1230625 1231846 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4168-1 Released: Wed Dec 4 11:51:48 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1230625,1231846 This update for vim fixes the following issues: - Update from vim-9.1.0330 to vim-9.1.0836 (bsc#1230625, bsc#1230625) The following package changes have been done: - vim-data-common-9.1.0836-150000.5.66.1 updated - vim-9.1.0836-150000.5.66.1 updated - xxd-9.1.0836-150000.5.66.1 added From sle-container-updates at lists.suse.com Thu Dec 5 08:21:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Dec 2024 09:21:15 +0100 (CET) Subject: SUSE-CU-2024:6074-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20241205082115.04B1DF787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6074-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.51 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.51 Severity : moderate Type : recommended References : 1230625 1231846 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4168-1 Released: Wed Dec 4 11:51:48 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1230625,1231846 This update for vim fixes the following issues: - Update from vim-9.1.0330 to vim-9.1.0836 (bsc#1230625, bsc#1230625) The following package changes have been done: - vim-data-common-9.1.0836-150000.5.66.1 updated - vim-9.1.0836-150000.5.66.1 updated - xxd-9.1.0836-150000.5.66.1 added From sle-container-updates at lists.suse.com Fri Dec 6 08:03:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:03:59 +0100 (CET) Subject: SUSE-IU-2024:1954-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20241206080359.CD35AF787@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1954-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.122 , suse/sle-micro/base-5.5:latest Image Release : 5.8.122 Severity : moderate Type : recommended References : 1225451 1233393 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4198-1 Released: Thu Dec 5 14:46:19 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451,1233393 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) - The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393) - Don't try to download missing raw metadata if cache is not writable (bsc#1225451) The following package changes have been done: - libsolv-tools-base-0.7.31-150500.6.5.1 updated - libsolv-tools-0.7.31-150500.6.5.1 updated - libzypp-17.35.14-150500.6.24.1 updated - zypper-1.14.78-150500.6.14.1 updated - container:suse-sle15-15.5-42f1562e1bba50ab681f24335fb49e4f61d0818b06586790cb96ba69d02b71ac-0 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:05:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:05:10 +0100 (CET) Subject: SUSE-IU-2024:1957-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20241206080510.239C8F787@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1957-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.199 , suse/sle-micro/5.5:latest Image Release : 5.5.199 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4190-1 Released: Thu Dec 5 10:49:35 2024 Summary: Recommended update for lshw Type: recommended Severity: moderate References: This update for lshw fixes the following issue: - Update to version B.02.20 (jsc#9912): * update changelog * update data files * get rid of GTK deprecation warning * get rid of some snprintf warnings * Add support for 100Gbit interfaces The following package changes have been done: - lshw-B.02.20-150200.3.18.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.122 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:09:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:09:04 +0100 (CET) Subject: SUSE-CU-2024:6081-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20241206080904.66C3AF787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6081-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.56 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.56 Severity : moderate Type : security References : 1225451 1231795 1233307 1233393 CVE-2024-11168 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4201-1 Released: Thu Dec 5 14:49:22 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451,1233393 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) - The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393) - Don't try to download missing raw metadata if cache is not writable (bsc#1225451) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - libsolv-tools-base-0.7.31-150400.3.32.2 updated - libsolv-tools-0.7.31-150400.3.32.2 updated - libzypp-17.35.14-150400.3.98.2 updated - python3-base-3.6.15-150300.10.78.1 updated - zypper-1.14.78-150400.3.67.3 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:11:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:11:46 +0100 (CET) Subject: SUSE-CU-2024:6083-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20241206081146.96C68F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6083-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.56 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.56 Severity : moderate Type : security References : 1225451 1231795 1233307 1233393 CVE-2024-11168 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4201-1 Released: Thu Dec 5 14:49:22 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451,1233393 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) - The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393) - Don't try to download missing raw metadata if cache is not writable (bsc#1225451) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - libsolv-tools-base-0.7.31-150400.3.32.2 updated - libsolv-tools-0.7.31-150400.3.32.2 updated - libzypp-17.35.14-150400.3.98.2 updated - python3-base-3.6.15-150300.10.78.1 updated - zypper-1.14.78-150400.3.67.3 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:12:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:12:38 +0100 (CET) Subject: SUSE-CU-2024:6084-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20241206081238.349D6F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6084-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.99 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.99 Severity : low Type : security References : 1231795 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - python3-base-3.6.15-150300.10.78.1 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:15:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:15:26 +0100 (CET) Subject: SUSE-CU-2024:6088-1: Recommended update of suse/sle15 Message-ID: <20241206081526.1E89FF787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6088-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.64 Container Release : 9.8.64 Severity : moderate Type : recommended References : 1225451 1233393 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4199-1 Released: Thu Dec 5 14:47:26 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451,1233393 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) - The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393) - Don't try to download missing raw metadata if cache is not writable (bsc#1225451) The following package changes have been done: - libsolv-tools-base-0.7.31-150200.40.1 updated - libsolv-tools-0.7.31-150200.40.1 updated - libzypp-17.35.14-150200.132.1 updated - zypper-1.14.78-150200.96.1 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:15:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:15:40 +0100 (CET) Subject: SUSE-CU-2024:6089-1: Security update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20241206081540.A685DF787@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6089-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.5.9 , suse/ltss/sle15.4/bci-base-fips:latest Container Release : 5.9 Severity : low Type : security References : 1231795 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) The following package changes have been done: - python3-base-3.6.15-150300.10.78.1 updated - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - container:sles15-ltss-image-15.4.0-2.9 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:18:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:18:12 +0100 (CET) Subject: SUSE-CU-2024:6095-1: Security update of containers/apache-tomcat Message-ID: <20241206081812.DB72BF787@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6095-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.97-openjdk8 , containers/apache-tomcat:9.0.97-openjdk8-60.2 Container Release : 60.2 Severity : moderate Type : security References : 1231702 1231711 1231716 1231719 CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4202-1 Released: Thu Dec 5 15:03:04 2024 Summary: Security update for java-1_8_0-openjdk Type: security Severity: moderate References: 1231702,1231711,1231716,1231719,CVE-2024-21208,CVE-2024-21210,CVE-2024-21217,CVE-2024-21235 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u432 (icedtea-3.33.0): - CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702,JDK-8328286) - CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data in component Hotspot (bsc#1231711,JDK-8328544) - CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716,JDK-8331446) - CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719,JDK-8332644) The following package changes have been done: - java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 updated - java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:19:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:19:09 +0100 (CET) Subject: SUSE-CU-2024:6108-1: Security update of suse/sles/15.7/virt-handler Message-ID: <20241206081909.07FF9F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6108-1 Container Tags : suse/sles/15.7/virt-handler:1.1.1 , suse/sles/15.7/virt-handler:1.1.1-150700.9.28 , suse/sles/15.7/virt-handler:1.1.1.29.67 Container Release : 29.67 Severity : moderate Type : security References : 1232579 CVE-2024-50602 ----------------------------------------------------------------- The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). The following package changes have been done: - libnghttp2-14-1.64.0-150700.1.1 updated - libgpg-error0-1.50-150700.1.1 updated - findutils-4.10.0-150700.1.1 updated - libgcrypt20-1.11.0-150700.2.1 updated - libopenssl3-3.2.3-150700.1.3 updated - grep-3.11-150700.1.1 updated - libopenssl-3-fips-provider-3.2.3-150700.1.3 updated - sles-release-15.7-150700.13.4 updated - kubevirt-container-disk-1.1.1-150700.9.28 updated - kubevirt-virt-handler-1.1.1-150700.9.28 updated - libexpat1-2.4.4-150400.3.25.1 updated - libnettle8-3.10-150700.2.1 updated - libhogweed6-3.10-150700.2.1 updated - qemu-img-9.1.2-150700.1.2 updated - container:sles15-image-15.0.0-50.60 updated - libpcre1-8.45-150000.20.13.1 removed From sle-container-updates at lists.suse.com Fri Dec 6 08:19:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:19:13 +0100 (CET) Subject: SUSE-CU-2024:6109-1: Security update of suse/sles/15.7/virt-launcher Message-ID: <20241206081913.E71D1F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6109-1 Container Tags : suse/sles/15.7/virt-launcher:1.1.1 , suse/sles/15.7/virt-launcher:1.1.1-150700.9.28 , suse/sles/15.7/virt-launcher:1.1.1.34.46 Container Release : 34.46 Severity : moderate Type : security References : 1232579 CVE-2024-50602 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). The following package changes have been done: - libnghttp2-14-1.64.0-150700.1.1 updated - libgpg-error0-1.50-150700.1.1 updated - findutils-4.10.0-150700.1.1 updated - libgcrypt20-1.11.0-150700.2.1 updated - libxml2-2-2.12.9-150700.1.1 updated - libopenssl3-3.2.3-150700.1.3 updated - grep-3.11-150700.1.1 updated - libopenssl-3-fips-provider-3.2.3-150700.1.3 updated - sles-release-15.7-150700.13.4 updated - kubevirt-container-disk-1.1.1-150700.9.28 updated - libexpat1-2.4.4-150400.3.25.1 updated - libnettle8-3.10-150700.2.1 updated - qemu-accel-tcg-x86-9.1.2-150700.1.2 updated - qemu-hw-usb-host-9.1.2-150700.1.2 updated - qemu-ipxe-9.1.2-150700.1.2 updated - qemu-seabios-9.1.21.16.3_3_gc13ff2cd-150700.1.2 updated - qemu-vgabios-9.1.21.16.3_3_gc13ff2cd-150700.1.2 updated - libhogweed6-3.10-150700.2.1 updated - qemu-hw-usb-redirect-9.1.2-150700.1.2 updated - suse-module-tools-15.7.1-150700.1.1 updated - xen-libs-4.19.0_04-150700.1.11 updated - qemu-img-9.1.2-150700.1.2 updated - libvirt-libs-10.9.0-150700.1.1 updated - rdma-core-54.0-150700.1.1 updated - libvirt-daemon-log-10.9.0-150700.1.1 updated - libvirt-client-10.9.0-150700.1.1 updated - kubevirt-virt-launcher-1.1.1-150700.9.28 updated - libibverbs1-54.0-150700.1.1 updated - libmlx5-1-54.0-150700.1.1 updated - libvirt-daemon-common-10.9.0-150700.1.1 updated - libmlx4-1-54.0-150700.1.1 updated - libmana1-54.0-150700.1.1 updated - libhns1-54.0-150700.1.1 added - libefa1-54.0-150700.1.1 updated - libibverbs-54.0-150700.1.1 updated - librdmacm1-54.0-150700.1.1 updated - qemu-x86-9.1.2-150700.1.2 updated - qemu-9.1.2-150700.1.2 updated - libvirt-daemon-driver-qemu-10.9.0-150700.1.1 updated - container:sles15-image-15.0.0-50.60 updated - libpcre1-8.45-150000.20.13.1 removed From sle-container-updates at lists.suse.com Fri Dec 6 08:19:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:19:18 +0100 (CET) Subject: SUSE-CU-2024:6110-1: Security update of suse/sles/15.7/libguestfs-tools Message-ID: <20241206081918.E5B25F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6110-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.28 , suse/sles/15.7/libguestfs-tools:1.1.1.28.78 Container Release : 28.78 Severity : moderate Type : security References : 1219724 1232579 CVE-2024-24806 CVE-2024-50602 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4044-1 Released: Mon Nov 25 08:28:17 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update to v0.389: * Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4109-1 Released: Thu Nov 28 17:15:36 2024 Summary: Security update for libuv Type: security Severity: moderate References: 1219724,CVE-2024-24806 This update for libuv fixes the following issues: - CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724) The following package changes have been done: - libnghttp2-14-1.64.0-150700.1.1 updated - libgpg-error0-1.50-150700.1.1 updated - findutils-4.10.0-150700.1.1 updated - libgcrypt20-1.11.0-150700.2.1 updated - libxml2-2-2.12.9-150700.1.1 updated - libopenssl3-3.2.3-150700.1.3 updated - grep-3.11-150700.1.1 updated - libopenssl-3-fips-provider-3.2.3-150700.1.3 updated - sles-release-15.7-150700.13.4 updated - libguestfs-winsupport-1.54.0-150700.1.3 updated - guestfs-tools-1.53.3-150700.1.4 updated - libexpat1-2.4.4-150400.3.25.1 updated - libhivex0-1.3.24-150700.1.2 updated - libnettle8-3.10-150700.2.1 updated - libuv1-1.44.2-150500.3.5.1 updated - pigz-2.8-150700.1.1 updated - qemu-accel-tcg-x86-9.1.2-150700.1.2 updated - qemu-ipxe-9.1.2-150700.1.2 updated - qemu-seabios-9.1.21.16.3_3_gc13ff2cd-150700.1.2 updated - qemu-vgabios-9.1.21.16.3_3_gc13ff2cd-150700.1.2 updated - libhogweed6-3.10-150700.2.1 updated - bind-utils-9.20.3-150700.1.2 updated - hwdata-0.389-150000.3.71.2 updated - libmpath0-0.10.1~2+112+suse.b66763a-150700.1.1 updated - xen-libs-4.19.0_04-150700.1.11 updated - qemu-vmsr-helper-9.1.2-150700.1.2 updated - qemu-pr-helper-9.1.2-150700.1.2 updated - qemu-img-9.1.2-150700.1.2 updated - qemu-tools-9.1.2-150700.1.2 updated - libvirt-libs-10.9.0-150700.1.1 updated - suse-module-tools-15.7.1-150700.1.1 updated - rdma-core-54.0-150700.1.1 updated - libibverbs1-54.0-150700.1.1 updated - libmlx5-1-54.0-150700.1.1 updated - libmlx4-1-54.0-150700.1.1 updated - libmana1-54.0-150700.1.1 updated - libhns1-54.0-150700.1.1 added - libefa1-54.0-150700.1.1 updated - libibverbs-54.0-150700.1.1 updated - librdmacm1-54.0-150700.1.1 updated - qemu-x86-9.1.2-150700.1.2 updated - qemu-9.1.2-150700.1.2 updated - libguestfs0-1.54.0-150700.1.3 updated - libguestfs-devel-1.54.0-150700.1.3 updated - libguestfs-appliance-1.54.0-150700.1.3 updated - libguestfs-1.54.0-150700.1.3 updated - container:sles15-image-15.0.0-50.60 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:20:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:20:12 +0100 (CET) Subject: SUSE-CU-2024:6112-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20241206082012.2DA69F787@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6112-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.14 , suse/manager/4.3/proxy-httpd:4.3.14.9.60.8 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.60.8 Severity : low Type : security References : 1231795 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) The following package changes have been done: - python3-base-3.6.15-150300.10.78.1 updated - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - python3-3.6.15-150300.10.78.1 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:20:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:20:43 +0100 (CET) Subject: SUSE-CU-2024:6113-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20241206082043.EC50BF787@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6113-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.14 , suse/manager/4.3/proxy-salt-broker:4.3.14.9.50.9 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.50.9 Severity : low Type : security References : 1231795 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - python3-base-3.6.15-150300.10.78.1 updated - python3-3.6.15-150300.10.78.1 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:21:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:21:45 +0100 (CET) Subject: SUSE-CU-2024:6115-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20241206082145.823FCF787@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6115-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.14 , suse/manager/4.3/proxy-ssh:4.3.14.9.50.5 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.50.5 Severity : low Type : security References : 1231795 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - python3-base-3.6.15-150300.10.78.1 updated - python3-3.6.15-150300.10.78.1 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:22:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:22:18 +0100 (CET) Subject: SUSE-CU-2024:6116-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20241206082218.E259DF787@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6116-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.14 , suse/manager/4.3/proxy-tftpd:4.3.14.9.50.6 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.50.6 Severity : low Type : security References : 1231795 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - python3-base-3.6.15-150300.10.78.1 updated - python3-3.6.15-150300.10.78.1 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:23:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:23:21 +0100 (CET) Subject: SUSE-CU-2024:6117-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20241206082321.4CF85F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6117-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.51 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.51 Severity : moderate Type : security References : 1225451 1231795 1233307 1233393 CVE-2024-11168 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4199-1 Released: Thu Dec 5 14:47:26 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451,1233393 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) - The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393) - Don't try to download missing raw metadata if cache is not writable (bsc#1225451) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - libsolv-tools-base-0.7.31-150200.40.1 updated - libsolv-tools-0.7.31-150200.40.1 updated - libzypp-17.35.14-150200.132.1 updated - python3-base-3.6.15-150300.10.78.1 updated - zypper-1.14.78-150200.96.1 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:26:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:26:22 +0100 (CET) Subject: SUSE-CU-2024:6119-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20241206082622.51741F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6119-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.53 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.53 Severity : moderate Type : security References : 1225451 1231795 1233307 1233393 CVE-2024-11168 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4199-1 Released: Thu Dec 5 14:47:26 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451,1233393 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) - The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393) - Don't try to download missing raw metadata if cache is not writable (bsc#1225451) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - libsolv-tools-base-0.7.31-150200.40.1 updated - libsolv-tools-0.7.31-150200.40.1 updated - libzypp-17.35.14-150200.132.1 updated - python3-base-3.6.15-150300.10.78.1 updated - zypper-1.14.78-150200.96.1 updated From sle-container-updates at lists.suse.com Fri Dec 6 08:26:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Dec 2024 09:26:35 +0100 (CET) Subject: SUSE-CU-2024:6121-1: Security update of trento/trento-web Message-ID: <20241206082635.305A7F787@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6121-1 Container Tags : trento/trento-web:2.4.0 , trento/trento-web:2.4.0-build4.46.1 , trento/trento-web:latest Container Release : 4.46.1 Severity : important Type : security References : 1082216 1082233 1107342 1159034 1175825 1188441 1188441 1194818 1194818 1195391 1198165 1201519 1202870 1204844 1205161 1207778 1207789 1209627 1210004 1210959 1210959 1211078 1211418 1211419 1211721 1211886 1213240 1213638 1214140 1214915 1214934 1215377 1215434 1215496 1216378 1217000 1217450 1217667 1218232 1218475 1218492 1218571 1218571 1218609 1218609 1219031 1219031 1219238 1219321 1219520 1220061 1220117 1220262 1220523 1220690 1220693 1220696 1220724 1220724 1221239 1221361 1221361 1221365 1221407 1221482 1221601 1221632 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1221831 1222285 1222547 1222899 1223336 1223428 1223596 1223605 1224388 1225291 1225551 1225598 1226463 1227100 1227138 1227186 1227187 1227807 1227888 1228042 1228535 1228548 1228770 1228968 1229028 1229329 1229465 1229476 1230093 1230111 1230135 1230145 1230516 1230638 1230698 1230972 1231051 1231833 1232528 916845 CVE-2013-4235 CVE-2013-4235 CVE-2018-6798 CVE-2018-6913 CVE-2020-8927 CVE-2023-22652 CVE-2023-2602 CVE-2023-2603 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-45853 CVE-2023-45918 CVE-2023-50782 CVE-2023-7207 CVE-2023-7207 CVE-2024-22365 CVE-2024-28085 CVE-2024-37370 CVE-2024-37371 CVE-2024-41996 CVE-2024-4603 CVE-2024-4741 CVE-2024-5535 CVE-2024-6119 CVE-2024-6197 CVE-2024-7264 CVE-2024-8096 CVE-2024-9681 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate References: 1215496 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:238-1 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Mon Mar 11 14:15:37 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1943-1 Released: Fri Jun 7 17:04:06 2024 Summary: Security update for util-linux Type: security Severity: important References: 1218609,1220117,1221831,1223605,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1997-1 Released: Tue Jun 11 17:24:32 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: - EA Inode handling fixes: - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2066-1 Released: Tue Jun 18 13:16:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741 This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Other issues fixed: - Enable livepatching support (bsc#1223428) - Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2214-1 Released: Tue Jun 25 17:11:26 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1225598 This update for util-linux fixes the following issue: - Fix hang of lscpu -e (bsc#1225598) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3865-1 Released: Fri Nov 1 16:10:37 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1231833 This update for gcc14 fixes the following issues: - Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3896-1 Released: Mon Nov 4 12:08:29 2024 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1230972 This update for shadow fixes the following issues: - Add useradd warnings when requested UID is outside the default range (bsc#1230972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3925-1 Released: Wed Nov 6 11:14:28 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3943-1 Released: Thu Nov 7 11:12:00 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.90 updated - crypto-policies-20230920.570ea89-150600.1.9 added - libldap-data-2.4.46-150600.23.21 updated - libsemanage-conf-3.5-150600.1.48 added - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.14.14.2 updated - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libzstd1-1.5.5-150600.1.3 updated - libsepol2-3.5-150600.1.49 added - libpcre2-8-0-10.42-150600.1.26 added - libnghttp2-14-1.40.0-150600.23.2 updated - liblzma5-5.4.1-150600.1.2 updated - libgpg-error0-1.47-150600.1.3 updated - libselinux1-3.5-150600.1.46 updated - libgcrypt20-1.10.3-150600.1.23 updated - libz1-1.2.13-150500.4.3.1 updated - libcrypt1-4.4.15-150300.4.7.1 updated - perl-base-5.26.1-150300.17.17.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libaudit1-3.0.6-150400.4.16.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libgcc_s1-14.2.0+git10526-150000.1.6.1 updated - libstdc++6-14.2.0+git10526-150000.1.6.1 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - libmount1-2.39.3-150600.4.12.2 updated - libopenssl3-3.1.4-150600.5.21.1 added - libopenssl-3-fips-provider-3.1.4-150600.5.21.1 added - krb5-1.20.1-150600.11.3.1 updated - patterns-base-fips-20200124-150600.32.3.2 updated - libsemanage2-3.5-150600.1.48 added - libldap-2_4-2-2.4.46-150600.23.21 updated - libssh4-0.9.8-150600.9.1 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 added - cpio-2.13-150400.3.6.1 updated - libcurl4-8.6.0-150600.4.12.1 updated - login_defs-4.8.1-150600.17.9.1 updated - libcrack2-2.9.11-150600.1.90 updated - cracklib-2.9.11-150600.1.90 updated - sed-4.9-150600.1.4 updated - coreutils-8.32-150400.9.6.1 updated - sles-release-15.6-150600.64.3.1 updated - permissions-20240826-150600.10.9.1 updated - pam-1.3.0-150000.6.71.2 updated - shadow-4.8.1-150600.17.9.1 updated - util-linux-2.39.3-150600.4.12.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - netcfg-11.6-150000.3.6.1 updated - container:registry.suse.com-bci-nodejs-20-0fe22d4c030e2498f68dab4b8addfe10dc8719c895a9b27f7802df3dbbc5d9f0-0 added - container:registry.suse.com-bci-bci-base-15.6-0fe22d4c030e2498f68dab4b8addfe10dc8719c895a9b27f7802df3dbbc5d9f0-0 added - container:bci-nodejs-16-15.0.0-27.14.130 removed - container:sles15-image-15.0.0-27.14.130 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libgcrypt20-hmac-1.9.4-150400.6.8.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libopenssl1_1-1.1.1l-150400.7.60.2 removed - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 removed - libpopt0-1.16-3.22 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsystemd0-249.16-150400.8.35.5 removed - libudev1-249.16-150400.8.35.5 removed - rpm-config-SUSE-1-150400.14.3.1 removed From sle-container-updates at lists.suse.com Sat Dec 7 08:03:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Dec 2024 09:03:12 +0100 (CET) Subject: SUSE-CU-2024:6125-1: Security update of containers/open-webui Message-ID: <20241207080312.07515F787@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6125-1 Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-5.11 Container Release : 5.11 Severity : important Type : security References : 1234115 CVE-2024-53981 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4194-1 Released: Thu Dec 5 12:03:07 2024 Summary: Security update for python-python-multipart Type: security Severity: important References: 1234115,CVE-2024-53981 This update for python-python-multipart fixes the following issues: - CVE-2024-53981: excessive logging for certain inputs when parsing form data. (bsc#1234115) The following package changes have been done: - libprotobuf25_5_0-25.5-150600.2.13 updated - python311-python-multipart-0.0.9-150600.3.3.1 updated - python311-protobuf-4.25.5-150600.2.13 updated - python311-numpy1-1.26.4-150600.1.8 updated - python311-scipy-1.14.1-150600.1.4 updated - python311-pandas-2.2.3-150600.1.4 updated - python311-pyarrow-17.0.0-150600.2.8 updated - python311-scikit-learn-1.5.1-150600.1.4 updated - python311-open-webui-0.3.32-150600.1.17 updated From sle-container-updates at lists.suse.com Sat Dec 7 08:04:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Dec 2024 09:04:25 +0100 (CET) Subject: SUSE-IU-2024:1979-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20241207080425.A94BEF787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1979-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-4.23 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 4.23 Severity : moderate Type : security References : 1174414 1231833 1232579 CVE-2019-2708 CVE-2024-50602 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 118 Released: Fri Dec 6 13:37:37 2024 Summary: Security update for libdb-4_8 Type: security Severity: moderate References: 1174414,CVE-2019-2708 This update for libdb-4_8 fixes the following issues: CVE-2019-2708: Fixed data store execution leading to partial DoS (bsc#1174414) Changes: * libdb: Data store execution leads to partial DoS * Backport the upsteam commits: - Fixed several possible crashes when running db_verify on a corrupted database. [#27864] - Fixed several possible hangs when running db_verify on a corrupted database. [#27864] - Added a warning message when attempting to verify a queue database which has many extent files. Verification will take a long time if there are many extent files. [#27864] ----------------------------------------------------------------- Advisory ID: 120 Released: Fri Dec 6 13:38:42 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed possible denial-of-service vulnerability inside XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: 119 Released: Fri Dec 6 13:38:42 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1231833 This update for gcc13 fixes the following issues: - Fix for parsing tzdata 2024b [gcc#116657] The following package changes have been done: - libgcc_s1-13.3.0+git8781-2.1 updated - libexpat1-2.5.0-4.1 updated - libstdc++6-13.3.0+git8781-2.1 updated - SL-Micro-release-6.0-24.33 updated - libdb-4_8-4.8.30-7.1 updated - container:SL-Micro-base-container-2.1.3-4.23 updated From sle-container-updates at lists.suse.com Sat Dec 7 08:04:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Dec 2024 09:04:34 +0100 (CET) Subject: SUSE-IU-2024:1980-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20241207080434.8CB69F787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1980-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-4.23 , suse/sl-micro/6.0/base-os-container:latest Image Release : 4.23 Severity : moderate Type : security References : 1231833 1232579 CVE-2024-50602 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 120 Released: Fri Dec 6 13:38:42 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed possible denial-of-service vulnerability inside XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: 119 Released: Fri Dec 6 13:38:42 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1231833 This update for gcc13 fixes the following issues: - Fix for parsing tzdata 2024b [gcc#116657] The following package changes have been done: - libgcc_s1-13.3.0+git8781-2.1 updated - libexpat1-2.5.0-4.1 updated - libstdc++6-13.3.0+git8781-2.1 updated - SL-Micro-release-6.0-24.33 updated - kernel-default-6.4.0-21.3 updated - container:suse-toolbox-image-1.0.0-6.71 updated From sle-container-updates at lists.suse.com Sat Dec 7 08:04:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Dec 2024 09:04:45 +0100 (CET) Subject: SUSE-IU-2024:1981-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20241207080445.B2C05F787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1981-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-4.24 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 4.24 Severity : moderate Type : security References : 1231833 1232579 CVE-2024-50602 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 119 Released: Fri Dec 6 13:38:42 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1231833 This update for gcc13 fixes the following issues: - Fix for parsing tzdata 2024b [gcc#116657] ----------------------------------------------------------------- Advisory ID: 120 Released: Fri Dec 6 13:38:42 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed possible denial-of-service vulnerability inside XML_ResumeParser (bsc#1232579). The following package changes have been done: - libgcc_s1-13.3.0+git8781-2.1 updated - libexpat1-2.5.0-4.1 updated - libstdc++6-13.3.0+git8781-2.1 updated - SL-Micro-release-6.0-24.33 updated - kernel-default-base-6.4.0-21.2.21.3 updated - container:SL-Micro-base-container-2.1.3-4.23 updated From sle-container-updates at lists.suse.com Sat Dec 7 08:04:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Dec 2024 09:04:57 +0100 (CET) Subject: SUSE-IU-2024:1982-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20241207080457.78905F787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1982-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-5.23 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 5.23 Severity : moderate Type : security References : 1231833 1232579 CVE-2024-50602 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 120 Released: Fri Dec 6 13:38:42 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed possible denial-of-service vulnerability inside XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: 119 Released: Fri Dec 6 13:38:42 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1231833 This update for gcc13 fixes the following issues: - Fix for parsing tzdata 2024b [gcc#116657] The following package changes have been done: - libgcc_s1-13.3.0+git8781-2.1 updated - libexpat1-2.5.0-4.1 updated - libstdc++6-13.3.0+git8781-2.1 updated - SL-Micro-release-6.0-24.33 updated - kernel-rt-6.4.0-21.3 updated - container:SL-Micro-container-2.1.3-4.23 updated From sle-container-updates at lists.suse.com Sat Dec 7 08:07:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Dec 2024 09:07:54 +0100 (CET) Subject: SUSE-CU-2024:6127-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20241207080754.9F950F787@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6127-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.74 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.74 Severity : important Type : security References : 1225451 1229010 1229069 1229072 1229272 1229449 1230007 1230596 1230914 1231463 1231463 1232063 1232579 1233282 1233699 1234027 CVE-2023-31315 CVE-2024-50602 CVE-2024-52533 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4043-1 Released: Mon Nov 25 08:22:47 2024 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1230914 This update for nfs-utils fixes the following issues: - nfsd: Revert 'nfsd: Remove the ability to enable NFS v2.' (bsc#1230914). - mount.nfs: Revert 'mount: Remove NFS v2 support from mount.nfs' (bsc#1230914). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4067-1 Released: Tue Nov 26 11:33:47 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1229010,1229072,1229449 This update for openssh fixes the following issues: - Fixed a regression introduced in 9.6 that makes X11 forwarding very slow. (bsc#1229449) - Fixed RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (bsc#1229010). - Fix a dbus connection leaked in the logind patch that was missing a sd_bus_unref call. - Fixed a small memory leak when parsing the subsystem configuration option. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4130-1 Released: Mon Dec 2 10:56:25 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1232063 This update for dracut fixes the following issue: - Version update: 059+suse.543.g98d7f037 * fix: removing systemd 59-persistent-storage-dm.rules (bsc#1232063). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4190-1 Released: Thu Dec 5 10:49:35 2024 Summary: Recommended update for lshw Type: recommended Severity: moderate References: This update for lshw fixes the following issue: - Update to version B.02.20 (jsc#9912): * update changelog * update data files * get rid of GTK deprecation warning * get rid of some snprintf warnings * Add support for 100Gbit interfaces ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4200-1 Released: Thu Dec 5 14:48:33 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4244-1 Released: Fri Dec 6 14:04:39 2024 Summary: Recommended update for shared-mime-info Type: recommended Severity: moderate References: 1231463 This update for shared-mime-info fixes the following issue: - Uninstall silently if update-mime-database is not present (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4255-1 Released: Fri Dec 6 18:10:29 2024 Summary: Security update for kernel-firmware Type: security Severity: important References: 1229069,1229272,1230007,1230596,1234027,CVE-2023-31315 This update for kernel-firmware fixes the following issues: - Update to version 20241128 (git commit ea71da6f0690): * i915: Update Xe2LPD DMC to v2.24 * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops * iwlwifi: add Bz-gf FW for core89-91 release * amdgpu: update smu 13.0.10 firmware * amdgpu: update sdma 6.0.3 firmware * amdgpu: update psp 13.0.10 firmware * amdgpu: update gc 11.0.3 firmware * amdgpu: add smu 13.0.14 firmware * amdgpu: add sdma 4.4.5 firmware * amdgpu: add psp 13.0.14 firmware * amdgpu: add gc 9.4.4 firmware * amdgpu: update vcn 3.1.2 firmware * amdgpu: update psp 13.0.5 firmware * amdgpu: update psp 13.0.8 firmware * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update psp 14.0.4 firmware * amdgpu: update gc 11.5.2 firmware * amdgpu: update vega10 firmware * amdgpu: update vcn 4.0.0 firmware * amdgpu: update smu 13.0.0 firmware * amdgpu: update psp 13.0.0 firmware * amdgpu: update gc 11.0.0 firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update psp 13.0.11 firmware * amdgpu: update gc 11.0.4 firmware * amdgpu: update vcn 4.0.2 firmware * amdgpu: update psp 13.0.4 firmware * amdgpu: update gc 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update vpe 6.1.1 firmware * amdgpu: update vcn 4.0.6 firmware * amdgpu: update psp 14.0.1 firmware * amdgpu: update gc 11.5.1 firmware * amdgpu: update vcn 4.0.5 firmware * amdgpu: update psp 14.0.0 firmware * amdgpu: update gc 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update arcturus firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update sdma 4.4.2 firmware * amdgpu: update psp 13.0.6 firmware * amdgpu: update gc 9.4.3 firmware * amdgpu: update vcn 4.0.4 firmware * amdgpu: update psp 13.0.7 firmware * amdgpu: update gc 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update aldebaran firmware - Update aliases from 6.13-rc1 - Update to version 20241125 (git commit 508d770ee6f3): * ice: update ice DDP wireless_edge package to 1.3.20.0 * ice: update ice DDP comms package to 1.3.52.0 * ice: update ice DDP package to ice-1.3.41.0 * amdgpu: update DMCUB to v9.0.10.0 for DCN314 * amdgpu: update DMCUB to v9.0.10.0 for DCN351 - Update to version 20241121 (git commit 48bb90cceb88): * linux-firmware: Update AMD cpu microcode * xe: Update GUC to v70.36.0 for BMG, LNL * i915: Update GUC to v70.36.0 for ADL-P, DG1, DG2, MTL, TGL - Update to version 20241119 (git commit 60cdfe1831e8): * iwlwifi: add Bz-gf FW for core91-69 release - Update aliases from 6.12 - Update to version 20241113 (git commit 1727aceef4d2): * qcom: venus-5.4: add venus firmware file for qcs615 * qcom: update venus firmware file for SC7280 * QCA: Add 22 bluetooth firmware nvm files for QCA2066 - Update to version 20241112 (git commit c57a0a42468b): * mediatek MT7922: update bluetooth firmware to 20241106163512 * mediatek MT7921: update bluetooth firmware to 20241106151414 * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * qcom: Add QDU100 firmware image files. * qcom: Update aic100 firmware files * dedup-firmware.sh: fix infinite loop for --verbose * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x04D7_63F7 * cnm: update chips&media wave521c firmware. * mediatek MT7920: update bluetooth firmware to 20241104091246 * linux-firmware: update firmware for MT7920 WiFi device * copy-firmware.sh: Run check_whence.py only if in a git repo * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops * amdgpu: update DMCUB to v9.0.10.0 for DCN351 * rtw89: 8852a: update fw to v0.13.36.2 * rtw88: Add firmware v52.14.0 for RTL8812AU * i915: Update Xe2LPD DMC to v2.23 * linux-firmware: update firmware for mediatek bluetooth chip (MT7925) * linux-firmware: update firmware for MT7925 WiFi device * WHENCE: Add sof-tolg for mt8195 * linux-firmware: Update firmware file for Intel BlazarI core * qcom: Add link for QCS6490 GPU firmware * qcom: update gpu firmwares for qcs615 chipset * cirrus: cs35l56: Update firmware for Cirrus Amps for some HP laptops * mediatek: Add sof-tolg for mt8195 - Update to version 20241029 (git commit 048795eef350): * ath11k: move WCN6750 firmware to the device-specific subdir * xe: Update LNL GSC to v104.0.0.1263 * i915: Update MTL/ARL GSC to v102.1.15.1926 - Update to version 20241028 (git commit 987607d681cb): * amdgpu: DMCUB updates for various AMDGPU ASICs * i915: Add Xe3LPD DMC * cnm: update chips&media wave521c firmware. * linux-firmware: Add firmware for Cirrus CS35L41 * linux-firmware: Update firmware file for Intel BlazarU core * Makefile: error out of 'install' if COPYOPTS is set - Update to version 20241018 (git commit 2f0464118f40): * check_whence.py: skip some validation if git ls-files fails * qcom: Add Audio firmware for X1E80100 CRD/QCPs * amdgpu: DMCUB updates forvarious AMDGPU ASICs * brcm: replace NVRAM for Jetson TX1 * rtlwifi: Update firmware for RTL8192FU to v7.3 * make: separate installation and de-duplication targets * check_whence.py: check the permissions * Remove execute bit from firmware files * configure: remove unused file * rtl_nic: add firmware rtl8125d-1 - Update to version 20241014 (git commit 99f9c7ed1f4a): * iwlwifi: add gl/Bz FW for core91-69 release * iwlwifi: update ty/So/Ma firmwares for core91-69 release * iwlwifi: update cc/Qu/QuZ firmwares for core91-69 release * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for a Lenovo Laptop * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for some ASUS laptops * cirrus: cs35l56: Add firmware for Cirrus Amps for some HP laptops * linux-firmware: update firmware for en8811h 2.5G ethernet phy * QCA: Add Bluetooth firmwares for WCN785x with UART transport - Update to version 20241011 (git commit 808cba847c70): * mtk_wed: add firmware for mt7988 Wireless Ethernet Dispatcher * ath12k: WCN7850 hw2.0: update board-2.bin (bsc#1230596) * ath12k: QCN9274 hw2.0: add to WLAN.WBE.1.3.1-00162-QCAHKSWPL_SILICONZ-1 * ath12k: QCN9274 hw2.0: add board-2.bin * copy-firmware.sh: rename variables in symlink hanlding * copy-firmware.sh: remove no longer reachable test -L * copy-firmware.sh: remove no longer reachable test -f * copy-firmware.sh: call ./check_whence.py before parsing the file * copy-firmware.sh: warn if the destination folder is not empty * copy-firmware.sh: add err() helper * copy-firmware.sh: fix indentation * copy-firmware.sh: reset and consistently handle destdir * Revert 'copy-firmware: Support additional compressor options' * copy-firmware.sh: flesh out and fix dedup-firmware.sh * Style update yaml files * editorconfig: add initial config file * check_whence.py: annotate replacement strings as raw * check_whence.py: LC_ALL=C sort -u the filelist * check_whence.py: ban link-to-a-link * check_whence.py: use consistent naming * Add a link from TAS2XXX1EB3.bin -> ti/tas2781/TAS2XXX1EB30.bin * tas2781: Upload dsp firmware for ASUS laptop 1EB30 & 1EB31 - Drop obsoleted --ignore-duplicates option to copy-firmware.sh - Drop the ath12k workaround again - Update to version 20241010 (git commit d4e688aa74a0): * rtlwifi: Add firmware v39.0 for RTL8192DU * Revert 'ath12k: WCN7850 hw2.0: update board-2.bin' (replaced with a newer firmware in this package instead) - update aliases - Update to version 20241004 (git commit bbb77872a8a7): * amdgpu: DMCUB DCN35 update * brcm: Add BCM4354 NVRAM for Jetson TX1 * brcm: Link FriendlyElec NanoPi M4 to AP6356S nvram - Update to version 20241001 (git commit 51e5af813eaf): * linux-firmware: add firmware for MediaTek Bluetooth chip (MT7920) * linux-firmware: add firmware for MT7920 * amdgpu: update raven firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update vega12 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update picasso firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update SMU 13.0.6 firmware * amdgpu: update SDMA 4.4.2 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update aldebaran firmware * qcom: update gpu firmwares for qcm6490 chipset * mt76: mt7996: add firmware files for mt7992 chipset * mt76: mt7996: add firmware files for mt7996 chipset variants * qcom: add gpu firmwares for sa8775p chipset * rtw89: 8922a: add fw format-2 v0.35.42.1 - Pick up the fixed ath12k firmware from https://git.codelinaro.org/clo/ath-firmware/ath12k-firmware (bsc#1230596) - Update aliases from 6.11.x and 6.12-rc1 - Update to version 20240913 (git commit bcbdd1670bc3): * amdgpu: update DMCUB to v0.0.233.0 DCN351 * copy-firmware: Handle links to uncompressed files * WHENCE: Fix battmgr.jsn entry type - Temporary revert for ath12k firmware (bsc#1230596) - Update to version 20240912 (git commit 47c72fee8fe3): * amdgpu: Add VPE 6.1.3 microcode * amdgpu: add SDMA 6.1.2 microcode * amdgpu: Add support for PSP 14.0.4 * amdgpu: add GC 11.5.2 microcode * qcom: qcm6490: add ADSP and CDSP firmware * linux-firmware: Update firmware file for Intel Bluetooth Magnetor core * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel Bluetooth Solar core - Update to version 20240911 (git commit 59def907425d): * rtl_bt: Update RTL8852B BT USB FW to 0x0447_9301 (bsc#1229272) - Update to version 20240910 (git commit 2a7b69a3fa30): * realtek: rt1320: Add patch firmware of MCU * i915: Update MTL DMC v2.23 * cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops - Update to version 20240903 (git commit 96af55bd3d0b): * amdgpu: Revert sienna cichlid dmcub firmware update (bsc#1230007) * iwlwifi: add Bz FW for core89-58 release * rtl_nic: add firmware rtl8126a-3 * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) - Update to version 20240830 (git commit d6c600d46981): * amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351 * qcom: vpu: restore compatibility with kernels before 6.6 - Update to version 20240826 (git commit bec4fd18cc57): (including ath11k f/w updates for bsc#1234027) * amdgpu: DMCUB updates forvarious AMDGPU ASICs * rtw89: 8922a: add fw format-1 v0.35.41.0 * linux-firmware: update firmware for MT7925 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7925) * rtl_bt: Add firmware and config files for RTL8922A * rtl_bt: Add firmware file for the the RTL8723CS Bluetooth part * rtl_bt: de-dupe identical config.bin files * rename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.bin * linux-firmware: Update AMD SEV firmware * linux-firmware: update firmware for MT7996 * Revert 'i915: Update MTL DMC v2.22' * ath12k: WCN7850 hw2.0: update board-2.bin * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 * ath11k: WCN6855 hw2.0: update board-2.bin * ath11k: QCA2066 hw2.1: add to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3 * ath11k: QCA2066 hw2.1: add board-2.bin * ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1 * qcom: vpu: add video firmware for sa8775p * amdgpu: DMCUB updates for various AMDGPU ASICs - Update to version 20240809 (git commit 36db650dae03): * qcom: update path for video firmware for vpu-1/2/3.0 * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00642 * rtw89: 8852c: add fw format-1 v0.27.97.0 * rtw89: 8852bt: add firmware 0.29.91.0 * amdgpu: Update ISP FW for isp v4.1.1 * mediatek: Update mt8195 SOF firmware * amdgpu: DMCUB updates for DCN314 * xe: First GuC release v70.29.2 for BMG * xe: Add GuC v70.29.2 for LNL * i915: Add GuC v70.29.2 for ADL-P, DG1, DG2, MTL, and TGL * i915: Update MTL DMC v2.22 * i915: update MTL GSC to v102.0.10.1878 * xe: Add BMG HuC 8.2.10 * xe: Add GSC 104.0.0.1161 for LNL * xe: Add LNL HuC 9.4.13 * i915: update DG2 HuC to v7.10.16 * amdgpu: Update ISP FW for isp v4.1.1 * QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00641 - Issues already fixed in past releases: * CVE-2023-31315: Fixed improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration (bsc#1229069) The following package changes have been done: - dracut-059+suse.543.g98d7f037-150600.3.14.2 updated - glib2-tools-2.78.6-150600.4.8.1 updated - glibc-locale-base-2.38-150600.14.17.2 updated - glibc-2.38-150600.14.17.2 updated - kernel-firmware-bnx2-20241128-150600.3.9.1 updated - kernel-firmware-chelsio-20241128-150600.3.9.1 updated - kernel-firmware-i915-20241128-150600.3.9.1 updated - kernel-firmware-intel-20241128-150600.3.9.1 updated - kernel-firmware-liquidio-20241128-150600.3.9.1 updated - kernel-firmware-marvell-20241128-150600.3.9.1 updated - kernel-firmware-mediatek-20241128-150600.3.9.1 updated - kernel-firmware-mellanox-20241128-150600.3.9.1 updated - kernel-firmware-network-20241128-150600.3.9.1 updated - kernel-firmware-platform-20241128-150600.3.9.1 updated - kernel-firmware-qlogic-20241128-150600.3.9.1 updated - kernel-firmware-realtek-20241128-150600.3.9.1 updated - kernel-firmware-usb-network-20241128-150600.3.9.1 updated - libexpat1-2.4.4-150400.3.25.1 updated - libgio-2_0-0-2.78.6-150600.4.8.1 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libgmodule-2_0-0-2.78.6-150600.4.8.1 updated - libgobject-2_0-0-2.78.6-150600.4.8.1 updated - libnfsidmap1-1.0-150600.28.6.2 updated - libsolv-tools-base-0.7.31-150600.8.7.2 updated - libzypp-17.35.14-150600.3.32.2 updated - lshw-B.02.20-150200.3.18.2 updated - nfs-client-2.6.4-150600.28.6.2 updated - openssh-clients-9.6p1-150600.6.12.1 updated - openssh-common-9.6p1-150600.6.12.1 updated - openssh-server-9.6p1-150600.6.12.1 updated - openssh-9.6p1-150600.6.12.1 updated - shared-mime-info-2.4-150600.3.3.2 updated - zypper-1.14.78-150600.10.16.3 updated From sle-container-updates at lists.suse.com Sat Dec 7 08:08:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Dec 2024 09:08:00 +0100 (CET) Subject: SUSE-CU-2024:6128-1: Security update of containers/apache-tomcat Message-ID: <20241207080800.830E6F787@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6128-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.33-openjdk11 , containers/apache-tomcat:10.1.33-openjdk11-60.3 Container Release : 60.3 Severity : important Type : security References : 1231463 1233282 CVE-2024-52533 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 updated From sle-container-updates at lists.suse.com Sat Dec 7 08:08:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Dec 2024 09:08:18 +0100 (CET) Subject: SUSE-CU-2024:6129-1: Security update of containers/apache-tomcat Message-ID: <20241207080818.AE200F787@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6129-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.97-openjdk11 , containers/apache-tomcat:9.0.97-openjdk11-60.4 Container Release : 60.4 Severity : important Type : security References : 1231463 1233282 CVE-2024-52533 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 updated From sle-container-updates at lists.suse.com Sun Dec 8 08:03:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 8 Dec 2024 09:03:07 +0100 (CET) Subject: SUSE-CU-2024:6137-1: Security update of containers/open-webui Message-ID: <20241208080307.94365FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6137-1 Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-5.16 Container Release : 5.16 Severity : important Type : security References : 1231463 1231463 1233282 CVE-2024-52533 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4244-1 Released: Fri Dec 6 14:04:39 2024 Summary: Recommended update for shared-mime-info Type: recommended Severity: moderate References: 1231463 This update for shared-mime-info fixes the following issue: - Uninstall silently if update-mime-database is not present (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). The following package changes have been done: - libgmodule-2_0-0-2.78.6-150600.4.8.1 updated - libgobject-2_0-0-2.78.6-150600.4.8.1 updated - shared-mime-info-2.4-150600.3.3.2 updated - libprotobuf25_5_0-25.5-150600.2.15 updated - libgio-2_0-0-2.78.6-150600.4.8.1 updated - glib2-tools-2.78.6-150600.4.8.1 updated - python311-protobuf-4.25.5-150600.2.15 updated - python311-certifi-2024.7.4-150600.1.9 updated - python311-cchardet-2.1.19-150600.1.6 updated - python311-numpy1-1.26.4-150600.1.9 updated - python311-scipy-1.14.1-150600.1.5 updated - python311-pandas-2.2.3-150600.1.5 updated - python311-pyarrow-17.0.0-150600.2.10 updated - python311-scikit-learn-1.5.1-150600.1.5 updated - python311-open-webui-0.3.32-150600.1.20 updated From sle-container-updates at lists.suse.com Tue Dec 10 08:03:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Dec 2024 09:03:25 +0100 (CET) Subject: SUSE-CU-2024:6157-1: Recommended update of containers/open-webui Message-ID: <20241210080325.868ABF787@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6157-1 Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-5.18 Container Release : 5.18 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Tue Dec 10 08:04:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Dec 2024 09:04:25 +0100 (CET) Subject: SUSE-IU-2024:1991-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20241210080425.DEA3AF787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1991-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-4.24 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 4.24 Severity : moderate Type : security References : 1232528 CVE-2024-9681 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE_ALP_Source_Standard_Core_1.0_Build Released: Mon Dec 9 15:54:48 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) The following package changes have been done: - SL-Micro-release-6.0-24.34 updated - libcurl4-8.6.0-4.1 updated - container:SL-Micro-base-container-2.1.3-4.24 updated From sle-container-updates at lists.suse.com Tue Dec 10 08:04:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Dec 2024 09:04:36 +0100 (CET) Subject: SUSE-IU-2024:1992-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20241210080436.5AB57F787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1992-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-4.24 , suse/sl-micro/6.0/base-os-container:latest Image Release : 4.24 Severity : moderate Type : security References : 1232528 CVE-2024-9681 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE_ALP_Source_Standard_Core_1.0_Build Released: Mon Dec 9 15:54:48 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) The following package changes have been done: - SL-Micro-release-6.0-24.34 updated - libcurl4-8.6.0-4.1 updated - curl-8.6.0-4.1 updated - container:suse-toolbox-image-1.0.0-6.72 updated From sle-container-updates at lists.suse.com Tue Dec 10 08:04:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Dec 2024 09:04:49 +0100 (CET) Subject: SUSE-IU-2024:1993-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20241210080449.E21D6F787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1993-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-4.25 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 4.25 Severity : moderate Type : security References : 1232528 CVE-2024-9681 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE_ALP_Source_Standard_Core_1.0_Build Released: Mon Dec 9 15:54:48 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) The following package changes have been done: - SL-Micro-release-6.0-24.34 updated - libcurl4-8.6.0-4.1 updated - container:SL-Micro-base-container-2.1.3-4.24 updated From sle-container-updates at lists.suse.com Tue Dec 10 08:05:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Dec 2024 09:05:04 +0100 (CET) Subject: SUSE-IU-2024:1994-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20241210080504.0C450F787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1994-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-5.24 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 5.24 Severity : moderate Type : security References : 1232528 CVE-2024-9681 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE_ALP_Source_Standard_Core_1.0_Build Released: Mon Dec 9 15:54:48 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) The following package changes have been done: - SL-Micro-release-6.0-24.34 updated - libcurl4-8.6.0-4.1 updated - container:SL-Micro-container-2.1.3-4.24 updated From sle-container-updates at lists.suse.com Tue Dec 10 08:08:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Dec 2024 09:08:05 +0100 (CET) Subject: SUSE-CU-2024:6160-1: Security update of suse/sle15 Message-ID: <20241210080805.E9F72F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6160-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.14.4 , suse/sle15:15.6 , suse/sle15:15.6.47.14.4 Container Release : 47.14.4 Severity : important Type : security References : 1225451 1231463 1233282 1233699 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4200-1 Released: Thu Dec 5 14:48:33 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libsolv-tools-base-0.7.31-150600.8.7.2 updated - libzypp-17.35.14-150600.3.32.2 updated - zypper-1.14.78-150600.10.16.3 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:02:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:02:49 +0100 (CET) Subject: SUSE-CU-2024:6164-1: Recommended update of containers/ollama Message-ID: <20241211080249.B14A8F787@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6164-1 Container Tags : containers/ollama:0.3 , containers/ollama:0.3.6 , containers/ollama:0.3.6-4.13 Container Release : 4.13 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - ollama-nvidia-0.3.6-150600.1.11 updated - container:registry.suse.com-bci-bci-base-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:04:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:04:57 +0100 (CET) Subject: SUSE-IU-2024:1996-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20241211080457.3BC27F787@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1996-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.202 , suse/sle-micro/5.5:latest Image Release : 5.5.202 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:4281-1 Released: Tue Dec 10 17:01:29 2024 Summary: Optional update for fuse3 Type: optional Severity: moderate References: This update for fuse3 provides missing -devel packages for SLE 15 SP4. The following package changes have been done: - libfuse3-3-3.10.5-150400.3.2.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.124 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:06:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:06:06 +0100 (CET) Subject: SUSE-CU-2024:6203-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20241211080606.72489F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6203-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.103 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.103 Severity : moderate Type : recommended References : 1225451 1233393 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4198-1 Released: Thu Dec 5 14:46:19 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451,1233393 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) - The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393) - Don't try to download missing raw metadata if cache is not writable (bsc#1225451) The following package changes have been done: - libsolv-tools-base-0.7.31-150500.6.5.1 updated - libsolv-tools-0.7.31-150500.6.5.1 updated - libzypp-17.35.14-150500.6.24.1 updated - zypper-1.14.78-150500.6.14.1 updated - container:suse-sle15-15.5-ffe61277e6973c419a3f32b7b4278545e39a9c399d2864c9abf058a1d154a2ed-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:06:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:06:18 +0100 (CET) Subject: SUSE-IU-2024:1997-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20241211080618.D5B7BF787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1997-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-4.26 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 4.26 Severity : important Type : security References : 1219975 1233282 CVE-2023-52160 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 139 Released: Tue Dec 10 17:17:09 2024 Summary: Security update for wpa_supplicant Type: security Severity: moderate References: 1219975,CVE-2023-52160 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Fixed WiFi authentication bypass (bsc#1219975). ----------------------------------------------------------------- Advisory ID: 140 Released: Tue Dec 10 17:17:09 2024 Summary: Security update for glib2 Type: security Severity: important References: 1233282,CVE-2024-52533 This update for glib2 fixes the following issues: - CVE-2024-52533: Fix a single byte buffer overflow (bsc#1233282). The following package changes have been done: - SL-Micro-release-6.0-24.35 updated - libglib-2_0-0-2.76.2-6.1 updated - libgobject-2_0-0-2.76.2-6.1 updated - libgmodule-2_0-0-2.76.2-6.1 updated - libgio-2_0-0-2.76.2-6.1 updated - glib2-tools-2.76.2-6.1 updated - wpa_supplicant-2.10-5.1 updated - container:SL-Micro-base-container-2.1.3-4.26 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:06:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:06:29 +0100 (CET) Subject: SUSE-IU-2024:1998-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20241211080629.1CED8F787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1998-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-4.26 , suse/sl-micro/6.0/base-os-container:latest Image Release : 4.26 Severity : important Type : security References : 1219975 1233282 CVE-2023-52160 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 140 Released: Tue Dec 10 17:17:09 2024 Summary: Security update for glib2 Type: security Severity: important References: 1233282,CVE-2024-52533 This update for glib2 fixes the following issues: - CVE-2024-52533: Fix a single byte buffer overflow (bsc#1233282). ----------------------------------------------------------------- Advisory ID: 139 Released: Tue Dec 10 17:17:09 2024 Summary: Security update for wpa_supplicant Type: security Severity: moderate References: 1219975,CVE-2023-52160 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Fixed WiFi authentication bypass (bsc#1219975). The following package changes have been done: - SL-Micro-release-6.0-24.35 updated - libglib-2_0-0-2.76.2-6.1 updated - libgobject-2_0-0-2.76.2-6.1 updated - libgmodule-2_0-0-2.76.2-6.1 updated - libgio-2_0-0-2.76.2-6.1 updated - glib2-tools-2.76.2-6.1 updated - wpa_supplicant-2.10-5.1 updated - container:suse-toolbox-image-1.0.0-6.73 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:06:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:06:43 +0100 (CET) Subject: SUSE-IU-2024:1999-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20241211080643.52660FCE7@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1999-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-4.27 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 4.27 Severity : important Type : security References : 1219975 1233282 CVE-2023-52160 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 139 Released: Tue Dec 10 17:17:09 2024 Summary: Security update for wpa_supplicant Type: security Severity: moderate References: 1219975,CVE-2023-52160 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Fixed WiFi authentication bypass (bsc#1219975). ----------------------------------------------------------------- Advisory ID: 140 Released: Tue Dec 10 17:17:09 2024 Summary: Security update for glib2 Type: security Severity: important References: 1233282,CVE-2024-52533 This update for glib2 fixes the following issues: - CVE-2024-52533: Fix a single byte buffer overflow (bsc#1233282). The following package changes have been done: - SL-Micro-release-6.0-24.35 updated - libglib-2_0-0-2.76.2-6.1 updated - libgobject-2_0-0-2.76.2-6.1 updated - libgmodule-2_0-0-2.76.2-6.1 updated - libgio-2_0-0-2.76.2-6.1 updated - glib2-tools-2.76.2-6.1 updated - wpa_supplicant-2.10-5.1 updated - container:SL-Micro-base-container-2.1.3-4.26 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:06:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:06:56 +0100 (CET) Subject: SUSE-IU-2024:2000-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20241211080656.EB589FCE7@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:2000-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-5.25 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 5.25 Severity : important Type : security References : 1219975 1233282 CVE-2023-52160 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 139 Released: Tue Dec 10 17:17:09 2024 Summary: Security update for wpa_supplicant Type: security Severity: moderate References: 1219975,CVE-2023-52160 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Fixed WiFi authentication bypass (bsc#1219975). ----------------------------------------------------------------- Advisory ID: 140 Released: Tue Dec 10 17:17:09 2024 Summary: Security update for glib2 Type: security Severity: important References: 1233282,CVE-2024-52533 This update for glib2 fixes the following issues: - CVE-2024-52533: Fix a single byte buffer overflow (bsc#1233282). The following package changes have been done: - SL-Micro-release-6.0-24.35 updated - libglib-2_0-0-2.76.2-6.1 updated - libgobject-2_0-0-2.76.2-6.1 updated - libgmodule-2_0-0-2.76.2-6.1 updated - libgio-2_0-0-2.76.2-6.1 updated - glib2-tools-2.76.2-6.1 updated - wpa_supplicant-2.10-5.1 updated - container:SL-Micro-container-2.1.3-4.26 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:07:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:07:29 +0100 (CET) Subject: SUSE-CU-2024:6204-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20241211080729.21C49FCE7@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6204-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.17 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.17 , suse/ltss/sle15.3/sle15:latest Container Release : 2.17 Severity : moderate Type : recommended References : 1225451 1233393 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4199-1 Released: Thu Dec 5 14:47:26 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451,1233393 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) - The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393) - Don't try to download missing raw metadata if cache is not writable (bsc#1225451) The following package changes have been done: - libsolv-tools-base-0.7.31-150200.40.1 updated - libsolv-tools-0.7.31-150200.40.1 updated - libzypp-17.35.14-150200.132.1 updated - zypper-1.14.78-150200.96.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:14:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:14:10 +0100 (CET) Subject: SUSE-CU-2024:6210-1: Security update of suse/postgres Message-ID: <20241211081410.A70A4F787@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6210-1 Container Tags : suse/postgres:15 , suse/postgres:15.10 , suse/postgres:15.10 , suse/postgres:15.10-42.1 Container Release : 42.1 Severity : important Type : security References : 1219340 1230423 1233323 1233323 1233325 1233325 1233326 1233326 1233327 1233327 CVE-2024-10976 CVE-2024-10976 CVE-2024-10977 CVE-2024-10977 CVE-2024-10978 CVE-2024-10978 CVE-2024-10979 CVE-2024-10979 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4173-1 Released: Wed Dec 4 15:48:20 2024 Summary: Security update for postgresql, postgresql16, postgresql17 Type: security Severity: important References: 1219340,1230423,1233323,1233325,1233326,1233327,CVE-2024-10976,CVE-2024-10977,CVE-2024-10978,CVE-2024-10979 This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: - bsc#1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirmed on the PostgreSQL packagers list that ABI stability is being taken care of between minor releases. - bsc#1219340: The last fix was not correct. Improve it by removing the dependency again and call fillup only if it is installed. postgresql16 was updated to 16.6: * Repair ABI break for extensions that work with struct ResultRelInfo. * Restore functionality of ALTER {ROLE|DATABASE} SET role. * Fix cases where a logical replication slot's restart_lsn could go backwards. * Avoid deleting still-needed WAL files during pg_rewind. * Fix race conditions associated with dropping shared statistics entries. * Count index scans in contrib/bloom indexes in the statistics views, such as the pg_stat_user_indexes.idx_scan counter. * Fix crash when checking to see if an index's opclass options have changed. * Avoid assertion failure caused by disconnected NFA sub-graphs in regular expression parsing. * https://www.postgresql.org/docs/release/16.6/ postgresql16 was updated to 16.5: * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference. * CVE-2024-10977, bsc#1233325: Make libpq discard error messages received during SSL or GSS protocol negotiation. * CVE-2024-10978, bsc#1233326: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from changing environment variables. * https://www.postgresql.org/about/news/p-2955/ * https://www.postgresql.org/docs/release/16.5/ - Don't build the libs and mini flavor anymore to hand over to PostgreSQL 17. * https://www.postgresql.org/about/news/p-2910/ postgresql17 is shipped in version 17.2: * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference. * CVE-2024-10977, bsc#1233325: Make libpq discard error messages received during SSL or GSS protocol negotiation. * CVE-2024-10978, bsc#1233326: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from changing environment variables. * https://www.postgresql.org/about/news/p-2955/ * https://www.postgresql.org/docs/release/17.1/ * https://www.postgresql.org/docs/release/17.2/ Upgrade to 17.2: * Repair ABI break for extensions that work with struct ResultRelInfo. * Restore functionality of ALTER {ROLE|DATABASE} SET role. * Fix cases where a logical replication slot's restart_lsn could go backwards. * Avoid deleting still-needed WAL files during pg_rewind. * Fix race conditions associated with dropping shared statistics entries. * Count index scans in contrib/bloom indexes in the statistics views, such as the pg_stat_user_indexes.idx_scan counter. * Fix crash when checking to see if an index's opclass options have changed. * Avoid assertion failure caused by disconnected NFA sub-graphs in regular expression parsing. Upgrade to 17.0: * New memory management system for VACUUM, which reduces memory consumption and can improve overall vacuuming performance. * New SQL/JSON capabilities, including constructors, identity functions, and the JSON_TABLE() function, which converts JSON data into a table representation. * Various query performance improvements, including for sequential reads using streaming I/O, write throughput under high concurrency, and searches over multiple values in a btree index. * Logical replication enhancements, including: + Failover control + pg_createsubscriber, a utility that creates logical replicas from physical standbys + pg_upgrade now preserves replication slots on both publishers and subscribers * New client-side connection option, sslnegotiation=direct, that performs a direct TLS handshake to avoid a round-trip negotiation. * pg_basebackup now supports incremental backup. * COPY adds a new option, ON_ERROR ignore, that allows a copy operation to continue in the event of an error. * https://www.postgresql.org/about/news/p-2936/ * https://www.postgresql.org/docs/17/release-17.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4174-1 Released: Wed Dec 4 15:50:11 2024 Summary: Security update for postgresql15 Type: security Severity: important References: 1233323,1233325,1233326,1233327,CVE-2024-10976,CVE-2024-10977,CVE-2024-10978,CVE-2024-10979 This update for postgresql15 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). - CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). - CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). The following package changes have been done: - libpq5-17.2-150200.5.5.1 updated - postgresql-17-150500.10.9.1 updated - postgresql15-15.10-150200.5.33.1 updated - postgresql-server-17-150500.10.9.1 updated - postgresql15-server-15.10-150200.5.33.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:14:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:14:59 +0100 (CET) Subject: SUSE-CU-2024:6211-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20241211081459.CA493F787@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6211-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.28.13 Container Release : 28.13 Severity : low Type : security References : 1231795 1233307 CVE-2024-11168 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) The following package changes have been done: - python3-base-3.6.15-150300.10.78.1 updated - libpython3_6m1_0-3.6.15-150300.10.78.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:15:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:15:52 +0100 (CET) Subject: SUSE-CU-2024:6213-1: Recommended update of suse/sle15 Message-ID: <20241211081552.06239F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6213-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.39 , suse/sle15:15.5 , suse/sle15:15.5.36.14.39 Container Release : 36.14.39 Severity : moderate Type : recommended References : 1225451 1233393 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4198-1 Released: Thu Dec 5 14:46:19 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451,1233393 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) - The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393) - Don't try to download missing raw metadata if cache is not writable (bsc#1225451) The following package changes have been done: - libsolv-tools-base-0.7.31-150500.6.5.1 updated - libsolv-tools-0.7.31-150500.6.5.1 updated - libzypp-17.35.14-150500.6.24.1 updated - zypper-1.14.78-150500.6.14.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:16:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:16:11 +0100 (CET) Subject: SUSE-CU-2024:6214-1: Security update of suse/389-ds Message-ID: <20241211081611.25F59F787@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6214-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-48.5 , suse/389-ds:latest Container Release : 48.5 Severity : moderate Type : security References : 1231795 1232579 1233307 1233699 CVE-2024-11168 CVE-2024-50602 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - patterns-base-fips-20200124-150600.32.3.2 updated - libexpat1-2.4.4-150400.3.25.1 updated - python3-base-3.6.15-150300.10.78.1 updated - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - python3-3.6.15-150300.10.78.1 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:16:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:16:29 +0100 (CET) Subject: SUSE-CU-2024:6215-1: Recommended update of bci/dotnet-aspnet Message-ID: <20241211081629.9F4B6F787@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6215-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.10 , bci/dotnet-aspnet:8.0.10-43.5 Container Release : 43.5 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:16:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:16:30 +0100 (CET) Subject: SUSE-CU-2024:6216-1: Recommended update of bci/dotnet-aspnet Message-ID: <20241211081630.E9CC9F787@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6216-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.0 , bci/dotnet-aspnet:9.0.0-2.5 , bci/dotnet-aspnet:latest Container Release : 2.5 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:16:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:16:42 +0100 (CET) Subject: SUSE-CU-2024:6217-1: Security update of bci/bci-base-fips Message-ID: <20241211081642.102A2F787@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6217-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.18.13 , bci/bci-base-fips:latest Container Release : 18.13 Severity : moderate Type : security References : 1231795 1233307 1233699 CVE-2024-11168 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - python3-base-3.6.15-150300.10.78.1 updated - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:16:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:16:51 +0100 (CET) Subject: SUSE-CU-2024:6218-1: Recommended update of bci/bci-busybox Message-ID: <20241211081651.F317DF787@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6218-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.28.3 , bci/bci-busybox:latest Container Release : 28.3 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:16:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:16:54 +0100 (CET) Subject: SUSE-CU-2024:6219-1: Recommended update of suse/cosign Message-ID: <20241211081654.09B1FF787@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6219-1 Container Tags : suse/cosign:2 , suse/cosign:2.4 , suse/cosign:2.4.0 , suse/cosign:2.4.0-7.6 , suse/cosign:latest Container Release : 7.6 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:suse-sle15-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:17:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:17:12 +0100 (CET) Subject: SUSE-CU-2024:6220-1: Recommended update of suse/registry Message-ID: <20241211081712.C374DF787@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6220-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-32.4 , suse/registry:latest Container Release : 32.4 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:17:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:17:33 +0100 (CET) Subject: SUSE-CU-2024:6221-1: Recommended update of bci/dotnet-sdk Message-ID: <20241211081733.B2073F787@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6221-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.10 , bci/dotnet-sdk:8.0.10-45.5 Container Release : 45.5 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:17:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:17:35 +0100 (CET) Subject: SUSE-CU-2024:6222-1: Recommended update of bci/dotnet-sdk Message-ID: <20241211081735.81A7FF787@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6222-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.0 , bci/dotnet-sdk:9.0.0-3.3 , bci/dotnet-sdk:latest Container Release : 3.3 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 08:17:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 09:17:56 +0100 (CET) Subject: SUSE-CU-2024:6223-1: Recommended update of bci/dotnet-runtime Message-ID: <20241211081756.5FD21F787@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6223-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.10 , bci/dotnet-runtime:8.0.10-43.5 Container Release : 43.5 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:51:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:51:42 +0100 (CET) Subject: SUSE-CU-2024:6227-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20241211135142.4698BFCE7@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6227-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.29 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.29 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4284-1 Released: Wed Dec 11 09:30:02 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.0.1-11.101.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:53:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:53:40 +0100 (CET) Subject: SUSE-CU-2024:6228-1: Security update of suse/sle15 Message-ID: <20241211135340.C55FDFCE7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6228-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.67 Container Release : 9.8.67 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4287-1 Released: Wed Dec 11 09:31:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-7.66.0-150200.4.81.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:56:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:56:14 +0100 (CET) Subject: SUSE-CU-2024:6223-1: Recommended update of bci/dotnet-runtime Message-ID: <20241211135614.1F765FCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6223-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.10 , bci/dotnet-runtime:8.0.10-43.5 Container Release : 43.5 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:56:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:56:15 +0100 (CET) Subject: SUSE-CU-2024:6229-1: Recommended update of bci/dotnet-runtime Message-ID: <20241211135615.8B2DAFCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6229-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.0 , bci/dotnet-runtime:9.0.0-2.5 , bci/dotnet-runtime:latest Container Release : 2.5 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:56:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:56:19 +0100 (CET) Subject: SUSE-CU-2024:6230-1: Recommended update of bci/gcc Message-ID: <20241211135619.955BBFCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6230-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-7.4 , bci/gcc:latest Container Release : 7.4 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - glibc-devel-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:56:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:56:20 +0100 (CET) Subject: SUSE-CU-2024:6231-1: Security update of bci/gcc Message-ID: <20241211135620.5852FFCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6231-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-7.5 , bci/gcc:latest Container Release : 7.5 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - curl-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:56:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:56:35 +0100 (CET) Subject: SUSE-CU-2024:6232-1: Recommended update of suse/git Message-ID: <20241211135635.744CDFCE7@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6232-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-34.4 , suse/git:latest Container Release : 34.4 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:56:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:56:36 +0100 (CET) Subject: SUSE-CU-2024:6233-1: Security update of suse/git Message-ID: <20241211135636.1BD82FCE7@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6233-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-34.5 , suse/git:latest Container Release : 34.5 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:56:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:56:50 +0100 (CET) Subject: SUSE-CU-2024:6234-1: Recommended update of bci/golang Message-ID: <20241211135650.4FB06FCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6234-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.4 , bci/golang:1.23.4-1.46.5 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.46.5 Container Release : 46.5 Severity : moderate Type : recommended References : 1229122 1233699 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4259-1 Released: Mon Dec 9 10:06:34 2024 Summary: Recommended update for go1.23 Type: recommended Severity: moderate References: 1229122 This update for go1.23 fixes the following issues: - go1.23.4 (released 2024-12-03) includes fixes to the compiler, the runtime, the trace command, and the syscall package. (bsc#1229122) * go#70644 crypto/rsa: new key generation prohibitively slow under race detector * go#70645 proposal: go/types: add Scope.Node convenience getter * go#70646 x/tools/gopls: unimported completion corrupts import decl (client=BBEdit) * go#70648 crypto/tls: TestHandshakeClientECDHEECDSAAESGCM/TLSv12 failures * go#70649 x/benchmarks/sweet/cmd/sweet: TestSweetEndToEnd failures * go#70650 crypto/tls: TestGetClientCertificate/TLSv13 failures * go#70651 x/tools/go/gcexportdata: simplify implementation assuming go >= 1.21 * go#70654 cmd/go: Incorrect output from go list * go#70655 x/build/cmd/relui: add workflows for some remaining manual recurring Go major release cycle tasks * go#70657 proposal: bufio: Scanner.IterText/Scanner.IterBytes * go#70658 x/net/http2: stuck extended CONNECT requests * go#70659 os: TestRootDirFS failures on linux-mips64 and linux-mips64le arch-mips * go#70660 crypto/ecdsa: TestRFC6979 failures on s390x * go#70664 x/mobile: target maccatalyst cannot find OpenGLES header * go#70665 x/tools/gopls: refactor.extract.variable fails at package level * go#70666 x/tools/gopls: panic in GetIfaceStubInfo * go#70667 proposal: crypto/x509: support extracting X25519 public keys from certificates * go#70668 proposal: x/mobile: better support for unrecovered panics * go#70669 cmd/go: local failure in TestScript/build_trimpath_cgo * go#70670 cmd/link: unused functions aren't getting deadcoded from the binary * go#70674 x/pkgsite: package removal request for https://pkg.go.dev/github.com/uisdevsquad/go-test/debugmate * go#70675 cmd/go/internal/lockedfile: mountrpc flake in TestTransform on plan9 * go#70677 all: remote file server I/O flakiness with 'Bad fid' errors on plan9 * go#70678 internal/poll: deadlock on 'Intel(R) Xeon(R) Platinum' when an FD is closed * go#70679 mime/multipart: With go 1.23.3, mime/multipart does not link The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - go1.23-doc-1.23.4-150000.1.15.1 updated - glibc-devel-2.38-150600.14.17.2 updated - go1.23-1.23.4-150000.1.15.1 updated - go1.23-race-1.23.4-150000.1.15.1 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:56:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:56:50 +0100 (CET) Subject: SUSE-CU-2024:6235-1: Security update of bci/golang Message-ID: <20241211135650.EC337FCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6235-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.4 , bci/golang:1.23.4-1.46.6 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.46.6 Container Release : 46.6 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - curl-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:57:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:57:09 +0100 (CET) Subject: SUSE-CU-2024:6236-1: Recommended update of bci/golang Message-ID: <20241211135709.250B2FCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6236-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2.2-openssl , bci/golang:1.23.2.2-openssl-53.4 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-53.4 Container Release : 53.4 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - glibc-devel-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:57:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:57:09 +0100 (CET) Subject: SUSE-CU-2024:6237-1: Security update of bci/golang Message-ID: <20241211135709.BE740FCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6237-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2.2-openssl , bci/golang:1.23.2.2-openssl-53.5 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-53.5 Container Release : 53.5 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - curl-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:57:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:57:20 +0100 (CET) Subject: SUSE-CU-2024:6238-1: Recommended update of suse/helm Message-ID: <20241211135720.6AF7FFCE7@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6238-1 Container Tags : suse/helm:3 , suse/helm:3.16 , suse/helm:3.16.3 , suse/helm:3.16.3-36.3 , suse/helm:latest Container Release : 36.3 Severity : moderate Type : recommended References : 1219969 1220207 1233699 CVE-2024-25620 CVE-2024-26147 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4213-1 Released: Thu Dec 5 17:05:37 2024 Summary: Recommended update for helm Type: recommended Severity: moderate References: 1219969,1220207,CVE-2024-25620,CVE-2024-26147 helm was updated to fix the following issues: Update to version 3.16.3: * fix: fix label name * Fix typo in pkg/lint/rules/chartfile_test.go * Increasing the size of the runner used for releases. * fix(hooks): correct hooks delete order * Bump github.com/containerd/containerd from 1.7.12 to 1.7.23 Update to version 3.16.2: * Revering change unrelated to issue #13176 * adds tests for handling of Helm index with broken chart versions #13176 * improves handling of Helm index with broken helm chart versions #13176 * Bump the k8s-io group with 7 updates * adding check-latest:true * Grammar fixes * Fix typos Update to version 3.16.1: * bumping version to 1.22.7 * Merge pull request #13327 from mattfarina/revert-11726 Update to version 3.16.0: Helm v3.16.0 is a feature release. Users are encouraged to upgrade for the best experience. * Notable Changes - added sha512sum template function - added ActiveHelp for cmds that don't take any more args - drops very old Kubernetes versions support in helm create - add --skip-schema-validation flag to helm 'install', 'upgrade' and 'lint' - fixed bug to now use burst limit setting for discovery - Added windows arm64 support * Full changelog see https://github.com/helm/helm/releases/tag/v3.16.0 Update to version 3.15.4: * Bump the k8s-io group across 1 directory with 7 updates * Bump github.com/docker/docker ------------------------------------------------------------------- Thu Jul 11 05:39:32 UTC 2024 - opensuse_buildservice at ojkastl.de - Update to version 3.15.3: * fix(helm): Use burst limit setting for discovery * fixed dependency_update_test.go * fix(dependencyBuild): prevent race condition in concurrent helm dependency * fix: respect proxy envvars on helm install/upgrade * Merge pull request #13085 from alex-kattathra-johnson/issue-12961 Update to version 3.15.2: * fix: wrong cli description * fix typo in load_plugins.go * fix docs of DeployedAll * Bump github.com/docker/docker * bump oras minor version * feat(load.go): add warning on requirements.lock Update to version 3.15.1: * Fixing build issue where wrong version is used Update to version 3.15.0: Helm v3.15.0 is a feature release. Users are encouraged to upgrade for the best experience. * Updating to k8s 1.30 c4e37b3 (Matt Farina) * bump version to v3.15.0 d7afa3b (Matt Farina) * bump version to 7743467 (Matt Farina) * Fix namespace on kubeconfig error 214fb6e (Calvin Krist) * Update testdata PKI with keys that have validity until 3393 (Fixes #12880) 1b75d48 (Dirk M?ller) * Modified how created annotation is populated based on package creation time 0a69a0d (Andrew Block) * Enabling hide secrets on install and upgrade dry run 25c4738 (Matt Farina) * Fixing all the linting errors d58d7b3 (Robert Sirchia) * Add a note about --dry-run displaying secrets a23dd9e (Matt Farina) * Updating .gitignore 8b424ba (Robert Sirchia) * add error messages 8d19bcb (George Jenkins) * Fix: Ignore alias validation error for index load 68294fd (George Jenkins) * validation fix 8e6a514 (Matt Farina) * bug: add proxy support for oci getter 94c1dea (Ricardo Maraschini) * Update architecture detection method 57a1bb8 (weidongkl) * Improve release action 4790bb9 (George Jenkins) * Fix grammatical error c25736c (Matt Carr) * Updated for review comments d2cf8c6 (MichaelMorris) * Add robustness to wait status checks fc74964 (MichaelMorris) * refactor: create a helper for checking if a release is uninstalled f908379 (Alex Petrov) * fix: reinstall previously uninstalled chart with --keep-history 9e198fa (Alex Petrov) Update to version 3.14.4: Helm v3.14.4 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience. * refactor: create a helper for checking if a release is uninstalled 81c902a (Alex Petrov) * fix: reinstall previously uninstalled chart with --keep-history 5a11c76 (Alex Petrov) * bug: add proxy support for oci getter aa7d953 (Ricardo Maraschini) Update to version 3.14.3: * Add a note about --dry-run displaying secrets * add error messages * Fix: Ignore alias validation error for index load * Update architecture detection method Update to version 3.14.2 (bsc#1220207, CVE-2024-26147): * Fix for uninitialized variable in yaml parsing Update to version 3.14.1 (bsc#1219969, CVE-2024-25620): * validation fix Update to version 3.14.0: * Notable Changes - New helm search flag of --fail-on-no-result - Allow a nested tpl invocation access to defines - Speed up the tpl function - Added qps/HELM_QPS parameter that tells Kubernetes packages how to operate - Added --kube-version to lint command - The ignore pkg is now public * Changelog - Improve release action - Fix issues when verify generation readiness was merged - fix test to use the default code's k8sVersionMinor - lint: Add --kube-version flag to set capabilities and deprecation rules - Removing Asset Transparency - tests(pkg/engine): test RenderWithClientProvider - Make the `ignore` pkg public again - feature(pkg/engine): introduce RenderWithClientProvider - Updating Helm libraries for k8s 1.28.4 - Remove excessive logging - Update CONTRIBUTING.md - Fixing release labelling in rollback - feat: move livenessProbe and readinessProbe values to default values file - Revert 'fix(main): fix basic auth for helm pull or push' - Revert 'fix(registry): address anonymous pull issue' - Update get-helm-3 - Drop filterSystemLabels usage from Query method - Apply review suggestions - Update get-helm-3 to get version through get.helm.sh - feat: print failed hook name - Fixing precedence issue with the import of values. - chore(create): indent to spaces - Allow using label selectors for system labels for sql backend. - Allow using label selectors for system labels for secrets and configmap backends. - remove useless print during prepareUpgrade - Add missing with clause to release gh action - FIX Default ServiceAccount yaml - fix(registry): address anonymous pull issue - fix(registry): unswallow error - Fix missing run statement on release action - Add qps/HELM_QPS parameter - Write latest version to get.helm.sh bucket - Increased release information key name max length. - Pin gox to specific commit - Remove `GoFish` from package managers for installing the binary - Test update for 'Allow a nested `tpl` invocation access to `defines` in a containing one' - Test update for 'Speed up `tpl`' - Add support for RISC-V - lint and validate dependency metadata to reference dependencies with a unique key (name or alias) - Work around template.Clone omitting options - fix: pass 'passCredentialsAll' as env-var to getter - feat: pass basic auth to env-vars when running download plugins - helm search: New CLI Flag --fail-on-no-result - Update pkg/kube/ready.go - fix post install hook deletion due to before-hook-creation policy - Allow a nested `tpl` invocation access to `defines` in a containing one - Remove the 'reference templates' concept - Speed up `tpl` - ready checker- comment update - ready checker- remove duplicate statefulset generational check - Verify generation in readiness checks - feat(helm): add --reset-then-reuse-values flag to 'helm upgrade' ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - helm-3.16.3-150000.1.38.1 updated - container:suse-sle15-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 added - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 added - container:bci-bci-micro-15.6-9f77af222d3839b51642d1cba74bedd918f0532d7a63584b6cc9144a6d8fa7e6-0 removed From sle-container-updates at lists.suse.com Wed Dec 11 13:57:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:57:41 +0100 (CET) Subject: SUSE-CU-2024:6240-1: Recommended update of bci/bci-init Message-ID: <20241211135741.2CC33FCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6240-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.29.13 , bci/bci-init:latest Container Release : 29.13 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:58:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:58:05 +0100 (CET) Subject: SUSE-CU-2024:6241-1: Security update of bci/kiwi Message-ID: <20241211135805.90AD4FCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6241-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-19.10 , bci/kiwi:latest Container Release : 19.10 Severity : important Type : security References : 1225451 1231463 1231463 1231795 1233196 1233282 1233307 1233699 CVE-2024-11168 CVE-2024-52533 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4200-1 Released: Thu Dec 5 14:48:33 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4238-1 Released: Fri Dec 6 12:42:49 2024 Summary: Recommended update for python-kiwi Type: recommended Severity: important References: 1233196 This update for python-kiwi fixes the following issues: - Fixed boot support for ISO media on Power PC architecture - Update documentation configuration to match with latest theme - Set grub-bls default to false for SUSE Linux Enterprise 15 (bsc#1233196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4244-1 Released: Fri Dec 6 14:04:39 2024 Summary: Recommended update for shared-mime-info Type: recommended Severity: moderate References: 1231463 This update for shared-mime-info fixes the following issue: - Uninstall silently if update-mime-database is not present (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libsolv-tools-base-0.7.31-150600.8.7.2 updated - libzypp-17.35.14-150600.3.32.2 updated - zypper-1.14.78-150600.10.16.3 updated - glibc-locale-base-2.38-150600.14.17.2 updated - kiwi-tools-9.24.43-150100.3.90.1 updated - libgmodule-2_0-0-2.78.6-150600.4.8.1 updated - libgobject-2_0-0-2.78.6-150600.4.8.1 updated - libgthread-2_0-0-2.78.6-150600.4.8.1 updated - shared-mime-info-2.4-150600.3.3.2 updated - python3-base-3.6.15-150300.10.78.1 updated - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - kiwi-systemdeps-core-9.24.43-150100.3.90.1 updated - glibc-devel-2.38-150600.14.17.2 updated - libgio-2_0-0-2.78.6-150600.4.8.1 updated - glib2-tools-2.78.6-150600.4.8.1 updated - python3-3.6.15-150300.10.78.1 updated - python3-devel-3.6.15-150300.10.78.1 updated - dracut-kiwi-lib-9.24.43-150100.3.90.1 updated - kiwi-systemdeps-filesystems-9.24.43-150100.3.90.1 updated - dracut-kiwi-oem-repart-9.24.43-150100.3.90.1 updated - glib2-devel-2.78.6-150600.4.8.1 updated - python3-kiwi-9.24.43-150100.3.90.1 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:58:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:58:19 +0100 (CET) Subject: SUSE-CU-2024:6242-1: Recommended update of bci/bci-micro Message-ID: <20241211135819.F2BBAFCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6242-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.28.4 , bci/bci-micro:latest Container Release : 28.4 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:58:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:58:35 +0100 (CET) Subject: SUSE-CU-2024:6243-1: Recommended update of bci/bci-minimal Message-ID: <20241211135835.8032BFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6243-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.30.7 , bci/bci-minimal:latest Container Release : 30.7 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:58:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:58:54 +0100 (CET) Subject: SUSE-CU-2024:6244-1: Recommended update of suse/nginx Message-ID: <20241211135854.99DE7FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6244-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-50.4 , suse/nginx:latest Container Release : 50.4 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:59:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:59:14 +0100 (CET) Subject: SUSE-CU-2024:6245-1: Recommended update of bci/nodejs Message-ID: <20241211135914.865CCFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6245-1 Container Tags : bci/node:20 , bci/node:20.15.1 , bci/node:20.15.1-47.4 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.15.1 , bci/nodejs:20.15.1-47.4 , bci/nodejs:latest Container Release : 47.4 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:59:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:59:15 +0100 (CET) Subject: SUSE-CU-2024:6246-1: Security update of bci/nodejs Message-ID: <20241211135915.5BD96FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6246-1 Container Tags : bci/node:20 , bci/node:20.18.1 , bci/node:20.18.1-47.5 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.1 , bci/nodejs:20.18.1-47.5 , bci/nodejs:latest Container Release : 47.5 Severity : moderate Type : security References : 1233856 1234068 CVE-2024-11053 CVE-2024-21538 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4286-1 Released: Wed Dec 11 09:30:38 2024 Summary: Security update for nodejs20 Type: security Severity: moderate References: 1233856,CVE-2024-21538 This update for nodejs20 fixes the following issues: - CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856) Other fixes: - Updated to 20.18.1: * Experimental Network Inspection Support in Node.js * Exposes X509_V_FLAG_PARTIAL_CHAIN to tls.createSecureContext * New option for vm.createContext() to create a context with a freezable globalThis * buffer: optimize createFromString - Changes in 20.17.0: * module: support require()ing synchronous ESM graphs * path: add matchesGlob method * stream: expose DuplexPair API - Changes in 20.16.0: * process: add process.getBuiltinModule(id) * inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth * buffer: add .bytes() method to Blob ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - nodejs20-20.18.1-150600.3.6.1 updated - curl-8.6.0-150600.4.15.1 updated - npm20-20.18.1-150600.3.6.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 13:59:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 14:59:49 +0100 (CET) Subject: SUSE-CU-2024:6247-1: Recommended update of bci/openjdk-devel Message-ID: <20241211135949.3AC2FFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6247-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.5.0 , bci/openjdk-devel:21.0.5.0-31.5 , bci/openjdk-devel:latest Container Release : 31.5 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4280-1 Released: Tue Dec 10 16:59:46 2024 Summary: Recommended update for guava Type: recommended Severity: moderate References: This update for guava, google-errorprone, checker-qual, j2objc-annotations fixes the following issues: guava was updated from version 33.1.0 to 33.2.1: - Added some artifact aliases - Changed how internet addresses are handled to preserve more information. This might require code updates if you were relying on the old behavior (consult the package changelog for more details). - Fixed a compilation issue under Gradle. - Fixed a potential crash when building ImmutableMap. - Added new constants for HTTP headers (Ad-Auction-Allowed, Permissions-Policy-Report-Only, and Sec-GPC). google-errorprone, checker-qual, j2objc-annotations: - google-errorprone-annotations, checker-qual, j2objc-annotations were added to the Development Tools Module as they are required by this guava update - google-errorprone-annotations package was updated from version 2.11.0 to 2.26.1 on SUSE Linux Enterprise 15 LTSS products, as it's required by this guava update: * Added new checks for common Java coding errors * Improvement of existing checks * Performance and infrastructure improvements * Various bugs were fixed The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - checker-qual-3.22.0-150200.5.7.2 added - google-errorprone-annotations-2.26.1-150200.5.8.1 added - j2objc-annotations-2.2-150200.5.5.2 added - guava-33.2.1-150200.3.13.2 updated - container:bci-openjdk-21-a582562c3956642297605830b4e3b3e5145bba0ebe437dbcd915ef2b422972bf-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:08:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:08:15 +0100 (CET) Subject: SUSE-CU-2024:6247-1: Recommended update of bci/openjdk-devel Message-ID: <20241211140815.36E39FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6247-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.5.0 , bci/openjdk-devel:21.0.5.0-31.5 , bci/openjdk-devel:latest Container Release : 31.5 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4280-1 Released: Tue Dec 10 16:59:46 2024 Summary: Recommended update for guava Type: recommended Severity: moderate References: This update for guava, google-errorprone, checker-qual, j2objc-annotations fixes the following issues: guava was updated from version 33.1.0 to 33.2.1: - Added some artifact aliases - Changed how internet addresses are handled to preserve more information. This might require code updates if you were relying on the old behavior (consult the package changelog for more details). - Fixed a compilation issue under Gradle. - Fixed a potential crash when building ImmutableMap. - Added new constants for HTTP headers (Ad-Auction-Allowed, Permissions-Policy-Report-Only, and Sec-GPC). google-errorprone, checker-qual, j2objc-annotations: - google-errorprone-annotations, checker-qual, j2objc-annotations were added to the Development Tools Module as they are required by this guava update - google-errorprone-annotations package was updated from version 2.11.0 to 2.26.1 on SUSE Linux Enterprise 15 LTSS products, as it's required by this guava update: * Added new checks for common Java coding errors * Improvement of existing checks * Performance and infrastructure improvements * Various bugs were fixed The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - checker-qual-3.22.0-150200.5.7.2 added - google-errorprone-annotations-2.26.1-150200.5.8.1 added - j2objc-annotations-2.2-150200.5.5.2 added - guava-33.2.1-150200.3.13.2 updated - container:bci-openjdk-21-a582562c3956642297605830b4e3b3e5145bba0ebe437dbcd915ef2b422972bf-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:08:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:08:42 +0100 (CET) Subject: SUSE-CU-2024:6248-1: Recommended update of bci/openjdk Message-ID: <20241211140842.26AD9FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6248-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.5.0 , bci/openjdk:21.0.5.0-31.4 , bci/openjdk:latest Container Release : 31.4 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:08:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:08:42 +0100 (CET) Subject: SUSE-CU-2024:6249-1: Security update of bci/openjdk Message-ID: <20241211140842.CF610FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6249-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.5.0 , bci/openjdk:21.0.5.0-31.5 , bci/openjdk:latest Container Release : 31.5 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - curl-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:09:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:09:04 +0100 (CET) Subject: SUSE-CU-2024:6250-1: Security update of suse/pcp Message-ID: <20241211140904.1A0CDFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6250-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-41.4 , suse/pcp:latest Container Release : 41.4 Severity : moderate Type : security References : 1233420 1233699 CVE-2024-52616 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4196-1 Released: Thu Dec 5 13:56:06 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1233420,CVE-2024-52616 This update for avahi fixes the following issues: - CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libavahi-common3-0.8-150600.15.6.1 updated - libavahi-client3-0.8-150600.15.6.1 updated - container:bci-bci-init-15.6-7ed6ac17e591dce34c440dc2e0e4d37e4fb9dc6820d23772d74b97ee9d29d322-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:09:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:09:31 +0100 (CET) Subject: SUSE-CU-2024:6251-1: Security update of bci/php-apache Message-ID: <20241211140931.CF8D9FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6251-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-47.4 , bci/php-apache:latest Container Release : 47.4 Severity : moderate Type : security References : 1233651 1233699 1233702 1233703 CVE-2024-11233 CVE-2024-11234 CVE-2024-11236 CVE-2024-8929 CVE-2024-8932 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4136-1 Released: Mon Dec 2 13:26:46 2024 Summary: Security update for php8 Type: security Severity: moderate References: 1233651,1233702,1233703,CVE-2024-11233,CVE-2024-11234,CVE-2024-11236,CVE-2024-8929,CVE-2024-8932 This update for php8 fixes the following issues: - CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter (bsc#1233702). - CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs (bsc#1233703). - CVE-2024-8929: Leak partial content of the heap through heap buffer over-read (bsc#1233651). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - php8-cli-8.2.26-150600.3.9.1 updated - php8-8.2.26-150600.3.9.1 updated - apache2-mod_php8-8.2.26-150600.3.9.1 updated - php8-openssl-8.2.26-150600.3.9.1 updated - php8-mbstring-8.2.26-150600.3.9.1 updated - php8-zlib-8.2.26-150600.3.9.1 updated - php8-zip-8.2.26-150600.3.9.1 updated - php8-curl-8.2.26-150600.3.9.1 updated - php8-phar-8.2.26-150600.3.9.1 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:09:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:09:51 +0100 (CET) Subject: SUSE-CU-2024:6252-1: Security update of bci/php-fpm Message-ID: <20241211140951.C1B09FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6252-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-47.4 , bci/php-fpm:latest Container Release : 47.4 Severity : moderate Type : security References : 1233651 1233699 1233702 1233703 CVE-2024-11233 CVE-2024-11234 CVE-2024-11236 CVE-2024-8929 CVE-2024-8932 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4136-1 Released: Mon Dec 2 13:26:46 2024 Summary: Security update for php8 Type: security Severity: moderate References: 1233651,1233702,1233703,CVE-2024-11233,CVE-2024-11234,CVE-2024-11236,CVE-2024-8929,CVE-2024-8932 This update for php8 fixes the following issues: - CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter (bsc#1233702). - CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs (bsc#1233703). - CVE-2024-8929: Leak partial content of the heap through heap buffer over-read (bsc#1233651). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - php8-cli-8.2.26-150600.3.9.1 updated - php8-8.2.26-150600.3.9.1 updated - php8-fpm-8.2.26-150600.3.9.1 updated - php8-openssl-8.2.26-150600.3.9.1 updated - php8-mbstring-8.2.26-150600.3.9.1 updated - php8-zlib-8.2.26-150600.3.9.1 updated - php8-zip-8.2.26-150600.3.9.1 updated - php8-curl-8.2.26-150600.3.9.1 updated - php8-phar-8.2.26-150600.3.9.1 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:10:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:10:09 +0100 (CET) Subject: SUSE-CU-2024:6253-1: Security update of bci/php Message-ID: <20241211141009.58BB8FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6253-1 Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-47.4 , bci/php:latest Container Release : 47.4 Severity : moderate Type : security References : 1233651 1233699 1233702 1233703 CVE-2024-11233 CVE-2024-11234 CVE-2024-11236 CVE-2024-8929 CVE-2024-8932 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4136-1 Released: Mon Dec 2 13:26:46 2024 Summary: Security update for php8 Type: security Severity: moderate References: 1233651,1233702,1233703,CVE-2024-11233,CVE-2024-11234,CVE-2024-11236,CVE-2024-8929,CVE-2024-8932 This update for php8 fixes the following issues: - CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter (bsc#1233702). - CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs (bsc#1233703). - CVE-2024-8929: Leak partial content of the heap through heap buffer over-read (bsc#1233651). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - php8-cli-8.2.26-150600.3.9.1 updated - php8-8.2.26-150600.3.9.1 updated - php8-openssl-8.2.26-150600.3.9.1 updated - php8-mbstring-8.2.26-150600.3.9.1 updated - php8-zlib-8.2.26-150600.3.9.1 updated - php8-readline-8.2.26-150600.3.9.1 updated - php8-curl-8.2.26-150600.3.9.1 updated - php8-phar-8.2.26-150600.3.9.1 updated - php8-zip-8.2.26-150600.3.9.1 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:10:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:10:29 +0100 (CET) Subject: SUSE-CU-2024:6254-1: Recommended update of suse/postgres Message-ID: <20241211141029.8E68AFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6254-1 Container Tags : suse/postgres:16 , suse/postgres:16.6 , suse/postgres:16.6 , suse/postgres:16.6-56.6 Container Release : 56.6 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - glibc-locale-base-2.38-150600.14.17.2 updated - glibc-locale-2.38-150600.14.17.2 updated - container:suse-sle15-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:10:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:10:30 +0100 (CET) Subject: SUSE-CU-2024:6255-1: Recommended update of suse/postgres Message-ID: <20241211141030.D3CFBFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6255-1 Container Tags : suse/postgres:17 , suse/postgres:17.2 , suse/postgres:17.2 , suse/postgres:17.2-37.6 , suse/postgres:latest Container Release : 37.6 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - glibc-locale-base-2.38-150600.14.17.2 updated - glibc-locale-2.38-150600.14.17.2 updated - container:suse-sle15-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:10:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:10:52 +0100 (CET) Subject: SUSE-CU-2024:6256-1: Recommended update of bci/python Message-ID: <20241211141052.511F6FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6256-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.10 , bci/python:3.11.10-60.4 Container Release : 60.4 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:11:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:11:19 +0100 (CET) Subject: SUSE-CU-2024:6257-1: Recommended update of bci/python Message-ID: <20241211141119.E0A72FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6257-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.7 , bci/python:3.12.7-60.4 , bci/python:latest Container Release : 60.4 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:11:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:11:43 +0100 (CET) Subject: SUSE-CU-2024:6258-1: Security update of bci/python Message-ID: <20241211141143.21874FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6258-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-59.5 Container Release : 59.5 Severity : moderate Type : security References : 1231795 1233307 1233699 CVE-2024-11168 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - python3-base-3.6.15-150300.10.78.1 updated - python3-3.6.15-150300.10.78.1 updated - python3-devel-3.6.15-150300.10.78.1 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:12:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:12:00 +0100 (CET) Subject: SUSE-CU-2024:6259-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20241211141200.03AACFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6259-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-53.6 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11.9 , suse/rmt-mariadb-client:10.11.9-53.6 , suse/rmt-mariadb-client:latest Container Release : 53.6 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:suse-sle15-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:12:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:12:16 +0100 (CET) Subject: SUSE-CU-2024:6260-1: Security update of suse/rmt-mariadb Message-ID: <20241211141216.12C93FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6260-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-58.7 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11.9 , suse/rmt-mariadb:10.11.9-58.7 , suse/rmt-mariadb:latest Container Release : 58.7 Severity : moderate Type : security References : 1231795 1232579 1233307 1233699 CVE-2024-11168 CVE-2024-50602 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libexpat1-2.4.4-150400.3.25.1 updated - sed-4.9-150600.1.4 added - openssl-3.1.4-150600.2.1 added - openssl-3-3.1.4-150600.5.21.1 added - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - python3-base-3.6.15-150300.10.78.1 updated - container:suse-sle15-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 added - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 added - container:registry.suse.com-bci-bci-base-15.6-3b6c9e2466a0c491b923ea6d8513a31f093ac93572312cb8d6c2136de1bbc534-0 removed - libopenssl-3-fips-provider-3.1.4-150600.5.21.1 removed - patterns-base-fips-20200124-150600.30.1 removed From sle-container-updates at lists.suse.com Wed Dec 11 14:12:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:12:23 +0100 (CET) Subject: SUSE-CU-2024:6261-1: Recommended update of suse/rmt-server Message-ID: <20241211141223.C7B46FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6261-1 Container Tags : suse/rmt-server:2.19 , suse/rmt-server:2.19-55.4 , suse/rmt-server:latest Container Release : 55.4 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:12:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:12:43 +0100 (CET) Subject: SUSE-CU-2024:6262-1: Recommended update of bci/ruby Message-ID: <20241211141243.9EA6FFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6262-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-30.4 , bci/ruby:latest Container Release : 30.4 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - glibc-devel-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:12:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:12:44 +0100 (CET) Subject: SUSE-CU-2024:6263-1: Security update of bci/ruby Message-ID: <20241211141244.6DE49FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6263-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-30.5 , bci/ruby:latest Container Release : 30.5 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - curl-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:13:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:13:05 +0100 (CET) Subject: SUSE-CU-2024:6264-1: Recommended update of bci/rust Message-ID: <20241211141305.EF21DFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6264-1 Container Tags : bci/rust:1.81 , bci/rust:1.81.0 , bci/rust:1.81.0-2.3.4 , bci/rust:oldstable , bci/rust:oldstable-2.3.4 Container Release : 3.4 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - glibc-devel-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:13:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:13:26 +0100 (CET) Subject: SUSE-CU-2024:6265-1: Recommended update of bci/rust Message-ID: <20241211141326.62A69FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6265-1 Container Tags : bci/rust:1.82 , bci/rust:1.82.0 , bci/rust:1.82.0-1.3.5 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.5 Container Release : 3.5 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - glibc-devel-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:13:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:13:33 +0100 (CET) Subject: SUSE-CU-2024:6266-1: Recommended update of containers/apache-tomcat Message-ID: <20241211141333.AF2E6FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6266-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.33-openjdk11 , containers/apache-tomcat:10.1.33-openjdk11-60.7 Container Release : 60.7 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:bci-bci-base-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:13:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:13:35 +0100 (CET) Subject: SUSE-CU-2024:6267-1: Security update of containers/apache-tomcat Message-ID: <20241211141335.B236CFBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6267-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.33-openjdk11 , containers/apache-tomcat:10.1.33-openjdk11-60.8 Container Release : 60.8 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - curl-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:18:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:18:48 +0100 (CET) Subject: SUSE-CU-2024:6268-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20241211141848.0E2F8FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6268-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.18 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.18 , suse/ltss/sle15.3/sle15:latest Container Release : 2.18 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4287-1 Released: Wed Dec 11 09:31:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - curl-7.66.0-150200.4.81.1 updated - libcurl4-7.66.0-150200.4.81.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:21:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:21:38 +0100 (CET) Subject: SUSE-CU-2024:6269-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20241211142138.B13B9FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6269-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.28.16 Container Release : 28.16 Severity : moderate Type : recommended References : 1233151 1233774 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4289-1 Released: Wed Dec 11 10:47:31 2024 Summary: Recommended update for python-rpm-macros Type: recommended Severity: moderate References: 1233151,1233774 This update for python-rpm-macros fixes the following issue: - Update to version 20241120 (bsc#1233151) The following package changes have been done: - python-rpm-macros-20241120.6ae645f-150400.3.18.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:21:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:21:45 +0100 (CET) Subject: SUSE-CU-2024:6267-1: Security update of containers/apache-tomcat Message-ID: <20241211142145.EDC31FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6267-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.33-openjdk11 , containers/apache-tomcat:10.1.33-openjdk11-60.8 Container Release : 60.8 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - curl-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:21:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:21:54 +0100 (CET) Subject: SUSE-CU-2024:6270-1: Recommended update of containers/apache-tomcat Message-ID: <20241211142154.3089EFBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6270-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.33-openjdk17 , containers/apache-tomcat:10.1.33-openjdk17-60.7 Container Release : 60.7 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:bci-bci-base-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:21:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:21:57 +0100 (CET) Subject: SUSE-CU-2024:6271-1: Security update of containers/apache-tomcat Message-ID: <20241211142157.51164FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6271-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.33-openjdk17 , containers/apache-tomcat:10.1.33-openjdk17-60.8 Container Release : 60.8 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - curl-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:22:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:22:05 +0100 (CET) Subject: SUSE-CU-2024:6272-1: Recommended update of containers/apache-tomcat Message-ID: <20241211142205.BE134FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6272-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.33-openjdk21 , containers/apache-tomcat:10.1.33-openjdk21-60.7 Container Release : 60.7 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:bci-bci-base-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:22:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:22:08 +0100 (CET) Subject: SUSE-CU-2024:6273-1: Security update of containers/apache-tomcat Message-ID: <20241211142208.57E80FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6273-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.33-openjdk21 , containers/apache-tomcat:10.1.33-openjdk21-60.8 Container Release : 60.8 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - curl-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:22:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:22:13 +0100 (CET) Subject: SUSE-CU-2024:6274-1: Recommended update of containers/apache-tomcat Message-ID: <20241211142213.CCEC5FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6274-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.97-openjdk11 , containers/apache-tomcat:9.0.97-openjdk11-60.8 Container Release : 60.8 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:bci-bci-base-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:22:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:22:16 +0100 (CET) Subject: SUSE-CU-2024:6275-1: Security update of containers/apache-tomcat Message-ID: <20241211142216.06194FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6275-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.97-openjdk11 , containers/apache-tomcat:9.0.97-openjdk11-60.9 Container Release : 60.9 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - curl-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:22:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:22:21 +0100 (CET) Subject: SUSE-CU-2024:6276-1: Recommended update of containers/apache-tomcat Message-ID: <20241211142221.F00C6FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6276-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.97-openjdk17 , containers/apache-tomcat:9.0.97-openjdk17-60.8 Container Release : 60.8 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:bci-bci-base-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:22:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:22:24 +0100 (CET) Subject: SUSE-CU-2024:6277-1: Security update of containers/apache-tomcat Message-ID: <20241211142224.2A6A5FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6277-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.97-openjdk17 , containers/apache-tomcat:9.0.97-openjdk17-60.9 Container Release : 60.9 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - curl-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:22:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:22:28 +0100 (CET) Subject: SUSE-CU-2024:6278-1: Recommended update of containers/apache-tomcat Message-ID: <20241211142228.870BAFBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6278-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.97-openjdk21 , containers/apache-tomcat:9.0.97-openjdk21-60.8 Container Release : 60.8 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:bci-bci-base-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:22:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:22:33 +0100 (CET) Subject: SUSE-CU-2024:6279-1: Recommended update of containers/apache-tomcat Message-ID: <20241211142233.AC96BFBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6279-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.97-openjdk8 , containers/apache-tomcat:9.0.97-openjdk8-60.8 Container Release : 60.8 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - container:bci-bci-base-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-ad48e7b07279a775aea864144784cff1961fcf4cb83bdd2b48f80327437f262e-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:22:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:22:36 +0100 (CET) Subject: SUSE-CU-2024:6280-1: Security update of containers/apache-tomcat Message-ID: <20241211142236.41E78FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6280-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.97-openjdk8 , containers/apache-tomcat:9.0.97-openjdk8-60.9 Container Release : 60.9 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - curl-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:23:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:23:04 +0100 (CET) Subject: SUSE-CU-2024:6283-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20241211142304.66D19FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6283-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.29.15 , bci/bci-sle15-kernel-module-devel:latest Container Release : 29.15 Severity : moderate Type : security References : 1231795 1233307 1233699 CVE-2024-11168 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - glibc-locale-base-2.38-150600.14.17.2 updated - glibc-locale-2.38-150600.14.17.2 updated - python3-base-3.6.15-150300.10.78.1 updated - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - glibc-devel-2.38-150600.14.17.2 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:23:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:23:05 +0100 (CET) Subject: SUSE-CU-2024:6284-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20241211142305.4C0F1FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6284-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.29.16 , bci/bci-sle15-kernel-module-devel:latest Container Release : 29.16 Severity : moderate Type : recommended References : 1233151 1233774 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4289-1 Released: Wed Dec 11 10:47:31 2024 Summary: Recommended update for python-rpm-macros Type: recommended Severity: moderate References: 1233151,1233774 This update for python-rpm-macros fixes the following issue: - Update to version 20241120 (bsc#1233151) The following package changes have been done: - python-rpm-macros-20241120.6ae645f-150400.3.18.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:23:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:23:26 +0100 (CET) Subject: SUSE-CU-2024:6285-1: Security update of suse/sle15 Message-ID: <20241211142326.0972FFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6285-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.14.5 , suse/sle15:15.6 , suse/sle15:15.6.47.14.5 Container Release : 47.14.5 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - curl-8.6.0-150600.4.15.1 updated - libcurl4-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:23:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:23:49 +0100 (CET) Subject: SUSE-CU-2024:6286-1: Security update of bci/spack Message-ID: <20241211142349.D6905FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6286-1 Container Tags : bci/spack:0.21 , bci/spack:0.21.3 , bci/spack:0.21.3-18.7 , bci/spack:latest Container Release : 18.7 Severity : important Type : security References : 1231463 1231463 1231795 1233282 1233307 1233699 CVE-2024-11168 CVE-2024-52533 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4244-1 Released: Fri Dec 6 14:04:39 2024 Summary: Recommended update for shared-mime-info Type: recommended Severity: moderate References: 1231463 This update for shared-mime-info fixes the following issue: - Uninstall silently if update-mime-database is not present (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libgmodule-2_0-0-2.78.6-150600.4.8.1 updated - libgobject-2_0-0-2.78.6-150600.4.8.1 updated - shared-mime-info-2.4-150600.3.3.2 updated - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - python3-base-3.6.15-150300.10.78.1 updated - glibc-devel-2.38-150600.14.17.2 updated - libgio-2_0-0-2.78.6-150600.4.8.1 updated - glib2-tools-2.78.6-150600.4.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:23:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:23:50 +0100 (CET) Subject: SUSE-CU-2024:6287-1: Security update of bci/spack Message-ID: <20241211142350.743E5FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6287-1 Container Tags : bci/spack:0.21 , bci/spack:0.21.3 , bci/spack:0.21.3-18.8 , bci/spack:latest Container Release : 18.8 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl-devel-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Wed Dec 11 14:27:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Dec 2024 15:27:34 +0100 (CET) Subject: SUSE-CU-2024:6291-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20241211142734.6CEB0FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6291-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.56 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.56 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4287-1 Released: Wed Dec 11 09:31:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - curl-7.66.0-150200.4.81.1 updated - libcurl4-7.66.0-150200.4.81.1 updated From sle-container-updates at lists.suse.com Thu Dec 12 08:04:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 09:04:22 +0100 (CET) Subject: SUSE-IU-2024:2001-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20241212080422.C90C8F787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:2001-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-4.27 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 4.27 Severity : moderate Type : recommended References : 1200528 1217070 1221400 1222040 1222041 1222042 1224323 1227181 1228553 1231826 CVE-2022-1996 CVE-2023-45142 CVE-2023-45288 CVE-2023-45913 CVE-2023-45919 CVE-2023-45922 CVE-2023-47108 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE_ALP_Source_Standard_Core_1.0_Build Released: Wed Dec 11 11:59:54 2024 Summary: Recommended update for open-vm-tools Type: recommended Severity: moderate References: 1200528,1217070,1221400,1222040,1222041,1222042,1224323,1227181,1228553,1231826,CVE-2022-1996,CVE-2023-45142,CVE-2023-45288,CVE-2023-45913,CVE-2023-45919,CVE-2023-45922,CVE-2023-47108 This update for open-vm-tools fixes the following issues: Update to 12.5.0 (bsc#1231826): - There are no new features in the open-vm-tools 12.5.0 release. - This is primarily a maintenance release that addresses a few critical problems. For a more complete list of issues resolved in this release, see the Resolved Issues section of the Release Notes. - For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.5.0 - Release Notes are available at: https://github.com/vmware/open-vm-tools/blob/stable-12.5.0/ReleaseNotes.md - The granular changes that have gone into the 12.5.0 release are in the ChangeLog at: https://github.com/vmware/open-vm-tools/blob/stable-12.5.0/open-vm-tools/ChangeLog Update to 12.4.5 (build 23787635) (bsc#1227181): - There are no new features in the open-vm-tools 12.4.5 release. This is primarily a maintenance release that addresses a few critical problems, including: - A number of issues flagged by Coverity and ShellCheck have been addressed. - A vmtoolsd process hang related to nested logging from an RPC Channel error has been fixed. - For a more complete list of issues resolved in this release, see the Resolved Issues section of the Release Notes. - For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.4.5 - Release Notes are available at: https://github.com/vmware/open-vm-tools/blob/stable-12.4.5/ReleaseNotes.md - The granular changes that have gone into the 12.4.5 release are in the ChangeLog at: https://github.com/vmware/open-vm-tools/blob/stable-12.4.5/open-vm-tools/ChangeLog The following package changes have been done: - libvmtools0-12.5.0-1.1 updated - open-vm-tools-12.5.0-1.1 updated From sle-container-updates at lists.suse.com Thu Dec 12 08:14:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 09:14:51 +0100 (CET) Subject: SUSE-CU-2024:6315-1: Security update of bci/kiwi Message-ID: <20241212081451.7AA71F787@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6315-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-19.14 , bci/kiwi:latest Container Release : 19.14 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - curl-8.6.0-150600.4.15.1 updated - container:registry.suse.com-bci-bci-base-15.6-834a6b0884e5fc32fceb8698b707d117eb8a7a85de76680a8737529430ecdfc2-0 updated From sle-container-updates at lists.suse.com Thu Dec 12 08:17:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 09:17:00 +0100 (CET) Subject: SUSE-CU-2024:6320-1: Security update of bci/php-apache Message-ID: <20241212081700.98582F787@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6320-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-47.7 , bci/php-apache:latest Container Release : 47.7 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - container:registry.suse.com-bci-bci-base-15.6-834a6b0884e5fc32fceb8698b707d117eb8a7a85de76680a8737529430ecdfc2-0 updated From sle-container-updates at lists.suse.com Thu Dec 12 08:17:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 09:17:23 +0100 (CET) Subject: SUSE-CU-2024:6321-1: Security update of bci/php-fpm Message-ID: <20241212081723.ADF0EF787@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6321-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-47.7 , bci/php-fpm:latest Container Release : 47.7 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - container:registry.suse.com-bci-bci-base-15.6-834a6b0884e5fc32fceb8698b707d117eb8a7a85de76680a8737529430ecdfc2-0 updated From sle-container-updates at lists.suse.com Thu Dec 12 08:17:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 09:17:46 +0100 (CET) Subject: SUSE-CU-2024:6322-1: Security update of bci/php Message-ID: <20241212081746.1D03FF787@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6322-1 Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-47.7 , bci/php:latest Container Release : 47.7 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - container:registry.suse.com-bci-bci-base-15.6-834a6b0884e5fc32fceb8698b707d117eb8a7a85de76680a8737529430ecdfc2-0 updated From sle-container-updates at lists.suse.com Thu Dec 12 08:18:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 09:18:19 +0100 (CET) Subject: SUSE-CU-2024:6323-1: Security update of bci/python Message-ID: <20241212081819.67FEFF787@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6323-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.8 , bci/python:3.12.8-60.8 , bci/python:latest Container Release : 60.8 Severity : important Type : security References : 1231795 1234068 1234290 CVE-2024-11053 CVE-2024-12254 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4291-1 Released: Wed Dec 11 12:24:34 2024 Summary: Security update for python312 Type: security Severity: important References: 1231795,1234290,CVE-2024-12254 This update for python312 fixes the following issues: - CVE-2024-12254: Fixed unbounded memory buffering in SelectorSocketTransport.writelines() (bsc#1234290) Other fixes: - Updated to version 3.12.8 - Remove -IVendor/ from python-config (bsc#1231795) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - curl-8.6.0-150600.4.15.1 updated - libpython3_12-1_0-3.12.8-150600.3.12.1 updated - python312-base-3.12.8-150600.3.12.1 updated - python312-3.12.8-150600.3.12.1 updated - python312-devel-3.12.8-150600.3.12.1 updated - container:registry.suse.com-bci-bci-base-15.6-834a6b0884e5fc32fceb8698b707d117eb8a7a85de76680a8737529430ecdfc2-0 updated From sle-container-updates at lists.suse.com Thu Dec 12 08:18:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 09:18:46 +0100 (CET) Subject: SUSE-CU-2024:6324-1: Security update of bci/python Message-ID: <20241212081846.B7BE0F787@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6324-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-59.8 Container Release : 59.8 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - curl-8.6.0-150600.4.15.1 updated - container:registry.suse.com-bci-bci-base-15.6-834a6b0884e5fc32fceb8698b707d117eb8a7a85de76680a8737529430ecdfc2-0 updated From sle-container-updates at lists.suse.com Thu Dec 12 08:19:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 09:19:49 +0100 (CET) Subject: SUSE-CU-2024:6327-1: Security update of bci/rust Message-ID: <20241212081949.48B92F787@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6327-1 Container Tags : bci/rust:1.81 , bci/rust:1.81.0 , bci/rust:1.81.0-2.3.6 , bci/rust:oldstable , bci/rust:oldstable-2.3.6 Container Release : 3.6 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - container:registry.suse.com-bci-bci-base-15.6-834a6b0884e5fc32fceb8698b707d117eb8a7a85de76680a8737529430ecdfc2-0 updated From sle-container-updates at lists.suse.com Thu Dec 12 08:20:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 09:20:11 +0100 (CET) Subject: SUSE-CU-2024:6328-1: Security update of bci/rust Message-ID: <20241212082011.9187FF787@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6328-1 Container Tags : bci/rust:1.82 , bci/rust:1.82.0 , bci/rust:1.82.0-1.3.6 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.6 Container Release : 3.6 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - container:registry.suse.com-bci-bci-base-15.6-834a6b0884e5fc32fceb8698b707d117eb8a7a85de76680a8737529430ecdfc2-0 updated From sle-container-updates at lists.suse.com Thu Dec 12 08:20:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 09:20:39 +0100 (CET) Subject: SUSE-CU-2024:6329-1: Security update of containers/apache-tomcat Message-ID: <20241212082039.7BAE5F787@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6329-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.97-openjdk21 , containers/apache-tomcat:9.0.97-openjdk21-60.10 Container Release : 60.10 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - curl-8.6.0-150600.4.15.1 updated From sle-container-updates at lists.suse.com Thu Dec 12 08:23:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 09:23:20 +0100 (CET) Subject: SUSE-CU-2024:6334-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20241212082320.597D9F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6334-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.54 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.54 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4287-1 Released: Wed Dec 11 09:31:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - curl-7.66.0-150200.4.81.1 updated - libcurl4-7.66.0-150200.4.81.1 updated From sle-container-updates at lists.suse.com Thu Dec 12 16:28:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 17:28:19 +0100 (CET) Subject: SUSE-CU-2024:6346-1: Security update of bci/nodejs Message-ID: <20241212162819.E1D58F787@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6346-1 Container Tags : bci/node:18 , bci/node:18.20.5 , bci/node:18.20.5-40.4 , bci/nodejs:18 , bci/nodejs:18.20.5 , bci/nodejs:18.20.5-40.4 Container Release : 40.4 Severity : moderate Type : security References : 1233856 CVE-2024-21538 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4301-1 Released: Thu Dec 12 09:10:32 2024 Summary: Security update for nodejs18 Type: security Severity: moderate References: 1233856,CVE-2024-21538 This update for nodejs18 fixes the following issues: - CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856) Other fixes: - Update to 18.20.5 * esm: mark import attributes and JSON module as stable * deps: + upgrade npm to 10.8.2 + update simdutf to 5.6.0 + update brotli to 1.1.0 + update ada to 2.8.0 + update acorn to 8.13.0 + update acorn-walk to 8.3.4 + update c-ares to 1.29.0 The following package changes have been done: - nodejs18-18.20.5-150400.9.30.1 updated - npm18-18.20.5-150400.9.30.1 updated From sle-container-updates at lists.suse.com Thu Dec 12 16:29:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 17:29:35 +0100 (CET) Subject: SUSE-CU-2024:6347-1: Security update of bci/openjdk-devel Message-ID: <20241212162935.8A928F787@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6347-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11.0.25.0 , bci/openjdk-devel:11.0.25.0-36.4 Container Release : 36.4 Severity : important Type : security References : 1177488 1231347 1231428 1232579 1233282 1233499 CVE-2020-13956 CVE-2024-28168 CVE-2024-50602 CVE-2024-52533 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4036-1 Released: Mon Nov 18 16:23:56 2024 Summary: Security update for httpcomponents-client, httpcomponents-core Type: security Severity: moderate References: 1177488,CVE-2020-13956 This update for httpcomponents-client, httpcomponents-core fixes the following issues: httpcomponents-client: - Update to version 4.5.14 * HTTPCLIENT-2206: Corrected resource de-allocation by fluent response objects. * HTTPCLIENT-2174: URIBuilder to return a new empty list instead of unmodifiable Collections#emptyList. * Don't retry requests in case of NoRouteToHostException. * HTTPCLIENT-2144: RequestBuilder fails to correctly copy charset of requests with form url-encoded body. * PR #269: 4.5.x use array fill and more. + Use Arrays.fill(). + Remove redundant modifiers. + Use Collections.addAll() and Collection.addAll() APIs instead of loops. + Remove redundant returns. + No need to explicitly declare an array when calling a vararg method. + Remote extra semicolons (;). + Use a 'L' instead of 'l' to make long literals more readable. * PublicSuffixListParser.parseByType(Reader) allocates but does not use a 256 char StringBuilder. * Incorrect handling of malformed authority component by URIUtils#extractHost (bsc#1177488, CVE-2020-13956). * Avoid updating Content-Length header in a 304 response. * Bug fix: BasicExpiresHandler is annotated as immutable but is not (#239) * HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler. httpcomponents-core: - Upgraded to version 4.4.14 * PR #231: 4.4.x Use better map apis and more. + Remove redundant modifiers. + Use Collections.addAll() API instead of loops. + Remove redundant returns. + No need to explicitly declare an array when calling a vararg method. + Remote extra semicolons (;). * Bug fix: Non-blocking TLSv1.3 connections can end up in an infinite event spin when closed concurrently by the local and the remote endpoints. * HTTPCORE-647: Non-blocking connection terminated due to 'java.io.IOException: Broken pipe' can enter an infinite loop flushing buffered output data. * PR #201, HTTPCORE-634: Fix race condition in AbstractConnPool that can cause internal state corruption when persistent connections are manually removed from the pool. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4054-1 Released: Tue Nov 26 06:05:40 2024 Summary: Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop Type: security Severity: moderate References: 1231347,1231428,CVE-2024-28168 This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop fixes the following issues: xmlgraphics-fop was updated from version 2.8 to 2.10: - Security issues fixed: * CVE-2024-28168: Fixed improper restriction of XML External Entity (XXE) reference (bsc#1231428) - Upstream changes and bugs fixed: * Version 2.10: + footnote-body ignores rl-tb writing mode + SVG tspan content is displayed out of place + Added new schema to handle pdf/a and pdfa/ua + Correct fop version at runtime + NoSuchElementException when using font with no family name + Resolve classpath for binary distribution + Switch to spotbugs + Set an automatic module name + Rename packages to avoid conflicts with modules + Resize table only for multicolumn page + Missing jars in servlet + Optimise performance of PNG with alpha using raw loader + basic-link not navigating to corresponding footnote + Added option to sign PDF + Added secure processing for XSL input + Allow sections which need security permissions to be run when AllPermission denied in caller code + Remove unused PDFStructElem + Remove space generated by fo:wrapper + Reset content length for table changing ipd + Added alt text to PDF signature + Allow change of resource level for SVG in AFP + Exclude shape not in clipping path for AFP + Only support 1 column for redo of layout without page pos only + Switch to Jakarta servlet API + NPE when list item is split alongside an ipd change + Added mandatory MODCA triplet to AFP + Redo layout for multipage columns + Added image mask option for AFP + Skip written block ipds inside float + Allow curly braces for src url + Missing content for last page with change ipd + Added warning when different pdf languages are used + Only restart line manager when there is a linebreak for blocklayout * Version 2.9: + Values in PDF Number Trees must be indirect references + Do not delete files on syntax errors using command line + Surrogate pair edge-case causes Exception + Reset character spacing + SVG text containing certain glyphs isn't rendered + Remove duplicate classes from maven classpath + Allow use of page position only on redo of layout + Failure to render multi-block itemBody alongside float + Update to PDFBox 2.0.27 + NPE if link destination is missing with accessibility + Make property cache thread safe + Font size was rounded to 0 for AFP TTF + Cannot process a SVG using mvn jars + Remove serializer jar + Allow creating a PDF 2.0 document + Text missing after page break inside table inline + IllegalArgumentException for list in a table + Table width may be too wide when layout width changes + NPE when using broken link and PDF 1.5 + Allow XMP at PDF page level + Symbol font was not being mapped to unicode + Correct font differences table for Chrome + Link against Java 8 API + Added support for font-selection-strategy=character-by-character + Merge form fields in external PDFs + Fixed test for Java 11 xmlgraphics-batik was updated from version 1.17 to 1.18: - PNG transcoder references nonexistent class - Set offset to 0 if missing in stop tag - Validate throws NPE - Fixed missing arabic characters - Animated rotate tranform ignores y-origin at exactly 270 degrees - Set an automatic module name - Ignore inkscape properties - Switch to spotbugs - Allow source and target resolution configuration xmlgraphics-commons was updated from version 2.8 to 2.10: - Fixed test for Java 11 - Allow XMP at PDF page level - Allow source resolution configuration - Added new schema to handle pdf/a and pdfa/ua - Set an automatic module name - Switch to spotbugs - Do not use a singleton for ImageImplRegistry javapackages-tools was updated from version 6.3.0 to 6.3.4: - Version 6.3.4: * A corner case when which is not present * Remove dependency on which * Simplify after the which -> type -p change * jpackage_script: Remove pointless assignment when %java_home is unset * Don't export JAVA_HOME (bsc#1231347) - Version 6.3.2: * Search for JAVACMD under JAVA_HOME only if it's set * Obsolete set_jvm and set_jvm_dirs functions * Drop unneeded _set_java_home function * Remove JAVA_HOME check from check_java_env function * Bump codecov/codecov-action from 2.0.2 to 4.6.0 * Bump actions/setup-python from 4 to 5 * Bump actions/checkout from 2 to 4 * Added custom dependabot config * Remove the test for JAVA_HOME and error if it is not set * java-functions: Remove unneeded local variables * Fixed build status shield - Version 6.3.1: * Allow missing components with abs2rel * Fixed tests with python 3.4 * Sync spec file from Fedora * Drop default JRE/JDK * Fixed the use of java-functions in scripts * Test that we don't bomb on * Test variable expansion in artifactId * Interpolate properties also in the current artifact * Rewrite abs2rel in shell * Use asciidoctor instead of asciidoc * Fixed incompatibility with RPM 4.20 * Reproducible exclusions order in maven metadata * Do not bomb on construct * Make maven_depmap order of aliases reproducible ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4065-1 Released: Tue Nov 26 11:10:58 2024 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1233499 This update for crypto-policies ships the missing crypto-policies scripts to SUSE Linux Enterprise Micro, which allows configuration of the policies. (bsc#1233499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4078-1 Released: Wed Nov 27 13:53:14 2024 Summary: Security update for glib2 Type: security Severity: important References: 1233282,CVE-2024-52533 This update for glib2 fixes the following issues: - CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4280-1 Released: Tue Dec 10 16:59:46 2024 Summary: Recommended update for guava Type: recommended Severity: moderate References: This update for guava, google-errorprone, checker-qual, j2objc-annotations fixes the following issues: guava was updated from version 33.1.0 to 33.2.1: - Added some artifact aliases - Changed how internet addresses are handled to preserve more information. This might require code updates if you were relying on the old behavior (consult the package changelog for more details). - Fixed a compilation issue under Gradle. - Fixed a potential crash when building ImmutableMap. - Added new constants for HTTP headers (Ad-Auction-Allowed, Permissions-Policy-Report-Only, and Sec-GPC). google-errorprone, checker-qual, j2objc-annotations: - google-errorprone-annotations, checker-qual, j2objc-annotations were added to the Development Tools Module as they are required by this guava update - google-errorprone-annotations package was updated from version 2.11.0 to 2.26.1 on SUSE Linux Enterprise 15 LTSS products, as it's required by this guava update: * Added new checks for common Java coding errors * Improvement of existing checks * Performance and infrastructure improvements * Various bugs were fixed The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.17.1 updated - crypto-policies-20210917.c9d86d1-150400.3.8.1 updated - javapackages-filesystem-6.3.4-150200.3.15.1 updated - libexpat1-2.4.4-150400.3.25.1 updated - javapackages-tools-6.3.4-150200.3.15.1 updated - checker-qual-3.22.0-150200.5.7.2 added - google-errorprone-annotations-2.26.1-150200.5.8.1 added - httpcomponents-core-4.4.14-150200.3.9.1 updated - j2objc-annotations-2.2-150200.5.5.2 added - guava-33.2.1-150200.3.13.2 updated - httpcomponents-client-4.5.14-150200.3.9.1 updated - container:bci-openjdk-11-23a98827fdca334c8b8559355d8d00951fab9a6b8112e547667797cd109f4140-0 updated From sle-container-updates at lists.suse.com Thu Dec 12 16:30:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 17:30:41 +0100 (CET) Subject: SUSE-CU-2024:6348-1: Security update of bci/openjdk-devel Message-ID: <20241212163041.32EABFCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6348-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.13.0 , bci/openjdk-devel:17.0.13.0-38.4 Container Release : 38.4 Severity : moderate Type : security References : 1177488 1231347 1231428 1232579 1233499 CVE-2020-13956 CVE-2024-28168 CVE-2024-50602 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4036-1 Released: Mon Nov 18 16:23:56 2024 Summary: Security update for httpcomponents-client, httpcomponents-core Type: security Severity: moderate References: 1177488,CVE-2020-13956 This update for httpcomponents-client, httpcomponents-core fixes the following issues: httpcomponents-client: - Update to version 4.5.14 * HTTPCLIENT-2206: Corrected resource de-allocation by fluent response objects. * HTTPCLIENT-2174: URIBuilder to return a new empty list instead of unmodifiable Collections#emptyList. * Don't retry requests in case of NoRouteToHostException. * HTTPCLIENT-2144: RequestBuilder fails to correctly copy charset of requests with form url-encoded body. * PR #269: 4.5.x use array fill and more. + Use Arrays.fill(). + Remove redundant modifiers. + Use Collections.addAll() and Collection.addAll() APIs instead of loops. + Remove redundant returns. + No need to explicitly declare an array when calling a vararg method. + Remote extra semicolons (;). + Use a 'L' instead of 'l' to make long literals more readable. * PublicSuffixListParser.parseByType(Reader) allocates but does not use a 256 char StringBuilder. * Incorrect handling of malformed authority component by URIUtils#extractHost (bsc#1177488, CVE-2020-13956). * Avoid updating Content-Length header in a 304 response. * Bug fix: BasicExpiresHandler is annotated as immutable but is not (#239) * HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler. httpcomponents-core: - Upgraded to version 4.4.14 * PR #231: 4.4.x Use better map apis and more. + Remove redundant modifiers. + Use Collections.addAll() API instead of loops. + Remove redundant returns. + No need to explicitly declare an array when calling a vararg method. + Remote extra semicolons (;). * Bug fix: Non-blocking TLSv1.3 connections can end up in an infinite event spin when closed concurrently by the local and the remote endpoints. * HTTPCORE-647: Non-blocking connection terminated due to 'java.io.IOException: Broken pipe' can enter an infinite loop flushing buffered output data. * PR #201, HTTPCORE-634: Fix race condition in AbstractConnPool that can cause internal state corruption when persistent connections are manually removed from the pool. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4054-1 Released: Tue Nov 26 06:05:40 2024 Summary: Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop Type: security Severity: moderate References: 1231347,1231428,CVE-2024-28168 This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop fixes the following issues: xmlgraphics-fop was updated from version 2.8 to 2.10: - Security issues fixed: * CVE-2024-28168: Fixed improper restriction of XML External Entity (XXE) reference (bsc#1231428) - Upstream changes and bugs fixed: * Version 2.10: + footnote-body ignores rl-tb writing mode + SVG tspan content is displayed out of place + Added new schema to handle pdf/a and pdfa/ua + Correct fop version at runtime + NoSuchElementException when using font with no family name + Resolve classpath for binary distribution + Switch to spotbugs + Set an automatic module name + Rename packages to avoid conflicts with modules + Resize table only for multicolumn page + Missing jars in servlet + Optimise performance of PNG with alpha using raw loader + basic-link not navigating to corresponding footnote + Added option to sign PDF + Added secure processing for XSL input + Allow sections which need security permissions to be run when AllPermission denied in caller code + Remove unused PDFStructElem + Remove space generated by fo:wrapper + Reset content length for table changing ipd + Added alt text to PDF signature + Allow change of resource level for SVG in AFP + Exclude shape not in clipping path for AFP + Only support 1 column for redo of layout without page pos only + Switch to Jakarta servlet API + NPE when list item is split alongside an ipd change + Added mandatory MODCA triplet to AFP + Redo layout for multipage columns + Added image mask option for AFP + Skip written block ipds inside float + Allow curly braces for src url + Missing content for last page with change ipd + Added warning when different pdf languages are used + Only restart line manager when there is a linebreak for blocklayout * Version 2.9: + Values in PDF Number Trees must be indirect references + Do not delete files on syntax errors using command line + Surrogate pair edge-case causes Exception + Reset character spacing + SVG text containing certain glyphs isn't rendered + Remove duplicate classes from maven classpath + Allow use of page position only on redo of layout + Failure to render multi-block itemBody alongside float + Update to PDFBox 2.0.27 + NPE if link destination is missing with accessibility + Make property cache thread safe + Font size was rounded to 0 for AFP TTF + Cannot process a SVG using mvn jars + Remove serializer jar + Allow creating a PDF 2.0 document + Text missing after page break inside table inline + IllegalArgumentException for list in a table + Table width may be too wide when layout width changes + NPE when using broken link and PDF 1.5 + Allow XMP at PDF page level + Symbol font was not being mapped to unicode + Correct font differences table for Chrome + Link against Java 8 API + Added support for font-selection-strategy=character-by-character + Merge form fields in external PDFs + Fixed test for Java 11 xmlgraphics-batik was updated from version 1.17 to 1.18: - PNG transcoder references nonexistent class - Set offset to 0 if missing in stop tag - Validate throws NPE - Fixed missing arabic characters - Animated rotate tranform ignores y-origin at exactly 270 degrees - Set an automatic module name - Ignore inkscape properties - Switch to spotbugs - Allow source and target resolution configuration xmlgraphics-commons was updated from version 2.8 to 2.10: - Fixed test for Java 11 - Allow XMP at PDF page level - Allow source resolution configuration - Added new schema to handle pdf/a and pdfa/ua - Set an automatic module name - Switch to spotbugs - Do not use a singleton for ImageImplRegistry javapackages-tools was updated from version 6.3.0 to 6.3.4: - Version 6.3.4: * A corner case when which is not present * Remove dependency on which * Simplify after the which -> type -p change * jpackage_script: Remove pointless assignment when %java_home is unset * Don't export JAVA_HOME (bsc#1231347) - Version 6.3.2: * Search for JAVACMD under JAVA_HOME only if it's set * Obsolete set_jvm and set_jvm_dirs functions * Drop unneeded _set_java_home function * Remove JAVA_HOME check from check_java_env function * Bump codecov/codecov-action from 2.0.2 to 4.6.0 * Bump actions/setup-python from 4 to 5 * Bump actions/checkout from 2 to 4 * Added custom dependabot config * Remove the test for JAVA_HOME and error if it is not set * java-functions: Remove unneeded local variables * Fixed build status shield - Version 6.3.1: * Allow missing components with abs2rel * Fixed tests with python 3.4 * Sync spec file from Fedora * Drop default JRE/JDK * Fixed the use of java-functions in scripts * Test that we don't bomb on * Test variable expansion in artifactId * Interpolate properties also in the current artifact * Rewrite abs2rel in shell * Use asciidoctor instead of asciidoc * Fixed incompatibility with RPM 4.20 * Reproducible exclusions order in maven metadata * Do not bomb on construct * Make maven_depmap order of aliases reproducible ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4065-1 Released: Tue Nov 26 11:10:58 2024 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1233499 This update for crypto-policies ships the missing crypto-policies scripts to SUSE Linux Enterprise Micro, which allows configuration of the policies. (bsc#1233499) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4280-1 Released: Tue Dec 10 16:59:46 2024 Summary: Recommended update for guava Type: recommended Severity: moderate References: This update for guava, google-errorprone, checker-qual, j2objc-annotations fixes the following issues: guava was updated from version 33.1.0 to 33.2.1: - Added some artifact aliases - Changed how internet addresses are handled to preserve more information. This might require code updates if you were relying on the old behavior (consult the package changelog for more details). - Fixed a compilation issue under Gradle. - Fixed a potential crash when building ImmutableMap. - Added new constants for HTTP headers (Ad-Auction-Allowed, Permissions-Policy-Report-Only, and Sec-GPC). google-errorprone, checker-qual, j2objc-annotations: - google-errorprone-annotations, checker-qual, j2objc-annotations were added to the Development Tools Module as they are required by this guava update - google-errorprone-annotations package was updated from version 2.11.0 to 2.26.1 on SUSE Linux Enterprise 15 LTSS products, as it's required by this guava update: * Added new checks for common Java coding errors * Improvement of existing checks * Performance and infrastructure improvements * Various bugs were fixed The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.3.8.1 updated - javapackages-filesystem-6.3.4-150200.3.15.1 updated - libexpat1-2.4.4-150400.3.25.1 updated - javapackages-tools-6.3.4-150200.3.15.1 updated - checker-qual-3.22.0-150200.5.7.2 added - google-errorprone-annotations-2.26.1-150200.5.8.1 added - httpcomponents-core-4.4.14-150200.3.9.1 updated - j2objc-annotations-2.2-150200.5.5.2 added - guava-33.2.1-150200.3.13.2 updated - httpcomponents-client-4.5.14-150200.3.9.1 updated - container:bci-openjdk-17-c2c6d815a47b92747f5fd796a87304e75b0991dd29b2c922a82f9a96d33d8996-0 updated From sle-container-updates at lists.suse.com Thu Dec 12 16:31:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Dec 2024 17:31:18 +0100 (CET) Subject: SUSE-CU-2024:6350-1: Security update of bci/python Message-ID: <20241212163118.8824CFCE7@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6350-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.10 , bci/python:3.11.10-60.7 Container Release : 60.7 Severity : moderate Type : security References : 1234068 CVE-2024-11053 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) The following package changes have been done: - libcurl4-8.6.0-150600.4.15.1 updated - curl-8.6.0-150600.4.15.1 updated - container:registry.suse.com-bci-bci-base-15.6-834a6b0884e5fc32fceb8698b707d117eb8a7a85de76680a8737529430ecdfc2-0 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:29:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:29:27 +0100 (CET) Subject: SUSE-IU-2024:2009-1: Security update of suse-sles-15-sp6-chost-byos-v20241211-x86_64-gen2 Message-ID: <20241213072927.2032AFBA0@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20241211-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:2009-1 Image Tags : suse-sles-15-sp6-chost-byos-v20241211-x86_64-gen2:20241211 Image Release : Severity : important Type : security References : 1027519 1219724 1225451 1225462 1229010 1229072 1229449 1229684 1230366 1230914 1231185 1231328 1231414 1231463 1231463 1231795 1232063 1232542 1232622 1232624 1233282 1233307 1233420 1233699 1233773 1234068 15280 15590 15624 15696 15699 15700 CVE-2024-10524 CVE-2024-11053 CVE-2024-11168 CVE-2024-24806 CVE-2024-45817 CVE-2024-45818 CVE-2024-45819 CVE-2024-52533 CVE-2024-52616 CVE-2024-54661 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20241211-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4043-1 Released: Mon Nov 25 08:22:47 2024 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1230914 This update for nfs-utils fixes the following issues: - nfsd: Revert 'nfsd: Remove the ability to enable NFS v2.' (bsc#1230914). - mount.nfs: Revert 'mount: Remove NFS v2 support from mount.nfs' (bsc#1230914). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4044-1 Released: Mon Nov 25 08:28:17 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update to v0.389: * Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4067-1 Released: Tue Nov 26 11:33:47 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1229010,1229072,1229449 This update for openssh fixes the following issues: - Fixed a regression introduced in 9.6 that makes X11 forwarding very slow. (bsc#1229449) - Fixed RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (bsc#1229010). - Fix a dbus connection leaked in the logind patch that was missing a sd_bus_unref call. - Fixed a small memory leak when parsing the subsystem configuration option. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4109-1 Released: Thu Nov 28 17:15:36 2024 Summary: Security update for libuv Type: security Severity: moderate References: 1219724,CVE-2024-24806 This update for libuv fixes the following issues: - CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4130-1 Released: Mon Dec 2 10:56:25 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1232063 This update for dracut fixes the following issue: - Version update: 059+suse.543.g98d7f037 * fix: removing systemd 59-persistent-storage-dm.rules (bsc#1232063). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4145-1 Released: Tue Dec 3 10:07:28 2024 Summary: Security update for wget Type: security Severity: moderate References: 1233773,CVE-2024-10524 This update for wget fixes the following issues: - CVE-2024-10524: Fixed SSRF via shorthand HTTP URL (bsc#1233773) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4163-1 Released: Wed Dec 4 08:57:12 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1230366,1232542,1232622,1232624,CVE-2024-45817,CVE-2024-45818,CVE-2024-45819 This update for xen fixes the following issues: Security issues fixed: - CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling (bsc#1232622) - CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables (bsc#1232624) - CVE-2024-45817: xen: x86: Deadlock in vlapic_error() (bsc#1230366) Non-security issues fixed: - Removed usage of net-tools-deprecated from supportconfig plugin (bsc#1232542) - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4171-1 Released: Wed Dec 4 15:25:41 2024 Summary: Recommended update for ldb, samba Type: recommended Severity: moderate References: 1229684,1231414,15280,15590,15624,15696,15699,15700 This update for ldb, samba fixes the following issues: ldb: - Update to 2.8.2 * libldb: fix performance issue with indexes (bso#15590) samba: - Update to 4.19.9 * DH reconnect error handling can lead to stale sharemode entries (bso#15624) * Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated (bso#15699, bsc#1229684) * irpc_destructor may crash during shutdown (bso#15280) * Compound SMB2 requests don't return NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses MacOSX clients (bso#15696) * Crash when readlinkat fails (bso#15700) - Adjust spec to split out rpcd_* binaries into a separate sub package (bsc#1231414, jsc#PED-11015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4181-1 Released: Thu Dec 5 05:59:03 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1231185,1231328 This update for suseconnect-ng fixes the following issues: - Integrating uptime-tracker - Honor auto-import-gpg-keys flag on migration (bsc#1231328) - Only send labels if targetting SCC - Skip the docker auth generation on RMT (bsc#1231185) - Add --set-labels to register command to set labels at registration time on SCC - Add a new function to display suse-uptime-tracker version - Add a command to show the info being gathered ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4196-1 Released: Thu Dec 5 13:56:06 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1233420,CVE-2024-52616 This update for avahi fixes the following issues: - CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4200-1 Released: Thu Dec 5 14:48:33 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4244-1 Released: Fri Dec 6 14:04:39 2024 Summary: Recommended update for shared-mime-info Type: recommended Severity: moderate References: 1231463 This update for shared-mime-info fixes the following issue: - Uninstall silently if update-mime-database is not present (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4295-1 Released: Wed Dec 11 15:40:56 2024 Summary: Security update for socat Type: security Severity: moderate References: 1225462,CVE-2024-54661 This update for socat fixes the following issues: - CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh (bsc#1225462) The following package changes have been done: - dracut-059+suse.543.g98d7f037-150600.3.14.2 updated - glib2-tools-2.78.6-150600.4.8.1 updated - glibc-locale-base-2.38-150600.14.17.2 updated - glibc-locale-2.38-150600.14.17.2 updated - glibc-2.38-150600.14.17.2 updated - hwdata-0.389-150000.3.71.2 updated - libavahi-client3-0.8-150600.15.6.1 updated - libavahi-common3-0.8-150600.15.6.1 updated - libcurl4-8.6.0-150600.4.15.1 updated - libgio-2_0-0-2.78.6-150600.4.8.1 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libgmodule-2_0-0-2.78.6-150600.4.8.1 updated - libgobject-2_0-0-2.78.6-150600.4.8.1 updated - libldb2-2.8.2-150600.3.6.1 updated - libnfsidmap1-1.0-150600.28.6.2 updated - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - libsolv-tools-base-0.7.31-150600.8.7.2 updated - libuv1-1.44.2-150500.3.5.1 updated - libzypp-17.35.14-150600.3.32.2 updated - nfs-client-2.6.4-150600.28.6.2 updated - openssh-clients-9.6p1-150600.6.12.1 updated - openssh-common-9.6p1-150600.6.12.1 updated - openssh-server-9.6p1-150600.6.12.1 updated - openssh-9.6p1-150600.6.12.1 updated - python3-base-3.6.15-150300.10.78.1 updated - python3-3.6.15-150300.10.78.1 updated - samba-client-libs-4.19.8+git.399.71536ca297e-150600.3.9.6 updated - shared-mime-info-2.4-150600.3.3.2 updated - socat-1.8.0.0-150600.20.6.1 updated - suseconnect-ng-1.13.0-150600.3.11.1 updated - wget-1.20.3-150600.19.9.1 updated - xen-libs-4.18.3_06-150600.3.12.1 updated - zypper-1.14.78-150600.10.16.3 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:29:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:29:31 +0100 (CET) Subject: SUSE-IU-2024:2010-1: Security update of suse-sles-15-sp6-chost-byos-v20241211-hvm-ssd-x86_64 Message-ID: <20241213072931.A3188FBA0@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20241211-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:2010-1 Image Tags : suse-sles-15-sp6-chost-byos-v20241211-hvm-ssd-x86_64:20241211 Image Release : Severity : important Type : security References : 1027519 1219724 1225451 1225462 1229010 1229072 1229449 1229684 1230366 1230914 1231185 1231328 1231414 1231463 1231463 1231795 1232063 1232542 1232622 1232624 1233282 1233307 1233420 1233699 1233773 1234068 15280 15590 15624 15696 15699 15700 CVE-2024-10524 CVE-2024-11053 CVE-2024-11168 CVE-2024-24806 CVE-2024-45817 CVE-2024-45818 CVE-2024-45819 CVE-2024-52533 CVE-2024-52616 CVE-2024-54661 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20241211-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4043-1 Released: Mon Nov 25 08:22:47 2024 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1230914 This update for nfs-utils fixes the following issues: - nfsd: Revert 'nfsd: Remove the ability to enable NFS v2.' (bsc#1230914). - mount.nfs: Revert 'mount: Remove NFS v2 support from mount.nfs' (bsc#1230914). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4044-1 Released: Mon Nov 25 08:28:17 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update to v0.389: * Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4067-1 Released: Tue Nov 26 11:33:47 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1229010,1229072,1229449 This update for openssh fixes the following issues: - Fixed a regression introduced in 9.6 that makes X11 forwarding very slow. (bsc#1229449) - Fixed RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (bsc#1229010). - Fix a dbus connection leaked in the logind patch that was missing a sd_bus_unref call. - Fixed a small memory leak when parsing the subsystem configuration option. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4109-1 Released: Thu Nov 28 17:15:36 2024 Summary: Security update for libuv Type: security Severity: moderate References: 1219724,CVE-2024-24806 This update for libuv fixes the following issues: - CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4130-1 Released: Mon Dec 2 10:56:25 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1232063 This update for dracut fixes the following issue: - Version update: 059+suse.543.g98d7f037 * fix: removing systemd 59-persistent-storage-dm.rules (bsc#1232063). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4145-1 Released: Tue Dec 3 10:07:28 2024 Summary: Security update for wget Type: security Severity: moderate References: 1233773,CVE-2024-10524 This update for wget fixes the following issues: - CVE-2024-10524: Fixed SSRF via shorthand HTTP URL (bsc#1233773) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4163-1 Released: Wed Dec 4 08:57:12 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1230366,1232542,1232622,1232624,CVE-2024-45817,CVE-2024-45818,CVE-2024-45819 This update for xen fixes the following issues: Security issues fixed: - CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling (bsc#1232622) - CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables (bsc#1232624) - CVE-2024-45817: xen: x86: Deadlock in vlapic_error() (bsc#1230366) Non-security issues fixed: - Removed usage of net-tools-deprecated from supportconfig plugin (bsc#1232542) - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4171-1 Released: Wed Dec 4 15:25:41 2024 Summary: Recommended update for ldb, samba Type: recommended Severity: moderate References: 1229684,1231414,15280,15590,15624,15696,15699,15700 This update for ldb, samba fixes the following issues: ldb: - Update to 2.8.2 * libldb: fix performance issue with indexes (bso#15590) samba: - Update to 4.19.9 * DH reconnect error handling can lead to stale sharemode entries (bso#15624) * Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated (bso#15699, bsc#1229684) * irpc_destructor may crash during shutdown (bso#15280) * Compound SMB2 requests don't return NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses MacOSX clients (bso#15696) * Crash when readlinkat fails (bso#15700) - Adjust spec to split out rpcd_* binaries into a separate sub package (bsc#1231414, jsc#PED-11015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4181-1 Released: Thu Dec 5 05:59:03 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1231185,1231328 This update for suseconnect-ng fixes the following issues: - Integrating uptime-tracker - Honor auto-import-gpg-keys flag on migration (bsc#1231328) - Only send labels if targetting SCC - Skip the docker auth generation on RMT (bsc#1231185) - Add --set-labels to register command to set labels at registration time on SCC - Add a new function to display suse-uptime-tracker version - Add a command to show the info being gathered ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4196-1 Released: Thu Dec 5 13:56:06 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1233420,CVE-2024-52616 This update for avahi fixes the following issues: - CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4200-1 Released: Thu Dec 5 14:48:33 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4244-1 Released: Fri Dec 6 14:04:39 2024 Summary: Recommended update for shared-mime-info Type: recommended Severity: moderate References: 1231463 This update for shared-mime-info fixes the following issue: - Uninstall silently if update-mime-database is not present (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4295-1 Released: Wed Dec 11 15:40:56 2024 Summary: Security update for socat Type: security Severity: moderate References: 1225462,CVE-2024-54661 This update for socat fixes the following issues: - CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh (bsc#1225462) The following package changes have been done: - dracut-059+suse.543.g98d7f037-150600.3.14.2 updated - glib2-tools-2.78.6-150600.4.8.1 updated - glibc-locale-base-2.38-150600.14.17.2 updated - glibc-locale-2.38-150600.14.17.2 updated - glibc-2.38-150600.14.17.2 updated - hwdata-0.389-150000.3.71.2 updated - libavahi-client3-0.8-150600.15.6.1 updated - libavahi-common3-0.8-150600.15.6.1 updated - libcurl4-8.6.0-150600.4.15.1 updated - libgio-2_0-0-2.78.6-150600.4.8.1 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libgmodule-2_0-0-2.78.6-150600.4.8.1 updated - libgobject-2_0-0-2.78.6-150600.4.8.1 updated - libldb2-2.8.2-150600.3.6.1 updated - libnfsidmap1-1.0-150600.28.6.2 updated - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - libsolv-tools-base-0.7.31-150600.8.7.2 updated - libuv1-1.44.2-150500.3.5.1 updated - libzypp-17.35.14-150600.3.32.2 updated - nfs-client-2.6.4-150600.28.6.2 updated - openssh-clients-9.6p1-150600.6.12.1 updated - openssh-common-9.6p1-150600.6.12.1 updated - openssh-server-9.6p1-150600.6.12.1 updated - openssh-9.6p1-150600.6.12.1 updated - python3-base-3.6.15-150300.10.78.1 updated - python3-3.6.15-150300.10.78.1 updated - samba-client-libs-4.19.8+git.399.71536ca297e-150600.3.9.6 updated - shared-mime-info-2.4-150600.3.3.2 updated - socat-1.8.0.0-150600.20.6.1 updated - suseconnect-ng-1.13.0-150600.3.11.1 updated - wget-1.20.3-150600.19.9.1 updated - xen-libs-4.18.3_06-150600.3.12.1 updated - xen-tools-domU-4.18.3_06-150600.3.12.1 updated - zypper-1.14.78-150600.10.16.3 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:29:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:29:42 +0100 (CET) Subject: SUSE-IU-2024:2011-1: Security update of sles-15-sp6-chost-byos-v20241211-arm64 Message-ID: <20241213072942.6A6E6FBA0@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20241211-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:2011-1 Image Tags : sles-15-sp6-chost-byos-v20241211-arm64:20241211 Image Release : Severity : important Type : security References : 1027519 1216982 1219724 1225451 1225462 1226216 1229010 1229072 1229449 1229684 1230366 1230914 1231185 1231328 1231414 1231463 1231463 1231775 1231776 1231795 1232063 1232542 1232616 1232622 1232624 1233282 1233307 1233420 1233699 1233773 1234068 1234217 15280 15590 15624 15696 15699 15700 CVE-2024-10524 CVE-2024-11053 CVE-2024-11168 CVE-2024-24806 CVE-2024-45817 CVE-2024-45818 CVE-2024-45819 CVE-2024-52533 CVE-2024-52616 CVE-2024-54661 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20241211-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4043-1 Released: Mon Nov 25 08:22:47 2024 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1230914 This update for nfs-utils fixes the following issues: - nfsd: Revert 'nfsd: Remove the ability to enable NFS v2.' (bsc#1230914). - mount.nfs: Revert 'mount: Remove NFS v2 support from mount.nfs' (bsc#1230914). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4044-1 Released: Mon Nov 25 08:28:17 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update to v0.389: * Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4067-1 Released: Tue Nov 26 11:33:47 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1229010,1229072,1229449 This update for openssh fixes the following issues: - Fixed a regression introduced in 9.6 that makes X11 forwarding very slow. (bsc#1229449) - Fixed RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (bsc#1229010). - Fix a dbus connection leaked in the logind patch that was missing a sd_bus_unref call. - Fixed a small memory leak when parsing the subsystem configuration option. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4087-1 Released: Thu Nov 28 08:38:52 2024 Summary: Recommended update for google-guest-agent, google-guest-configs, google-osconfig-agent Type: recommended Severity: moderate References: 1231775,1231776 This update for google-guest-agent, google-guest-configs, google-osconfig-agent fixes the following issues: - Update to version 20241011.01 (bsc#1231775, bsc#1231776) - Set enable regardless of previous check failed or not - Avoid unnecessary reloads, check before overwriting configs - network/netplan: Do generate instead of apply - Skip SetupInterfaces if configs are already applied - Repeated logging could be mistaken for a recurring issue, log mds mtls endpoint error only once - Retry MDS PUT operation, reload netplan/networkctl only if configs are changed - Log interface state after setting up network - network: Debian 12 rollback only if default netplan is ok - Change mtls mds defaults, update log message to assure error is harmless - network: Restore Debian 12 netplan configuration - network: Remove primary NIC left over configs - Update VLAN interfaces format to match with MDS - Fix panics in agent when setting up VLAN with netplan - Add VLAN NIC support for NetworkManager - Fix debian12 netplan config issue, use ptr receiver - Introduce a configuration toggle for enabling/disabling cloud logging - Adapt and update config key to be consistent with MDS - Allow users to enable/disable the mds mtls via metadata key - Make primary nic management config consistent across all network managers - Avoid writing configuration files when they already exist on wicked - Fix where agent panics on nil event - Update NIC management strategy - Only release dhclient leases for an interface if the respective dhclient is still running - Disable OS Login without pruning off any extra suffix - Skip root cert rotation if installed once - Add ipv6 support to guest agent - Update google-startup-scripts.service to enable logging - Network subsystem remove os rules - oslogin: Don't remove sshca watcher when oslogin is disabled - Network manager netplan implementation - Log current available routes on error - Fix command monitor bugs - windows account: Ignore 'user already belongs to group' error - Add more error logging in snapshot handling requests, use common retry util - All non-200 status code from MDS should raise error - Change metadata key to enable-oslogin-certificates - Update dhclient pid/lease file directory to abide apparmor rules - Add require-oslogin-certificates logic to disable keys - systemd-networkd: Support Debian 12's version - NetworkManager: Only set secondary interfaces as up - address manager: Make sure we check for oldMetadata - network: Early setup network - NetworkManager: Fix ipv6 and ipv4 mode attribute - Network Manager: Make sure we clean up ifcfg files - metadata script runner: Fix script download - oslogin: Avoid adding extra empty line at the end of /etc/security/group.conf - Dynamic vlan - Check for nil response - Create NetworkManager implementation - Skip interface manager on Windows - network: Remove ignore setup - Create wicked network service implementation and its respective unit - Update metadata script runner, add tests - Refactor guest-agent to use common retry util - Flush logs before exiting - Implement retry util - Refactor utils package to not dump everything unrelated into one file - Set version on metadata script runner - Implement cleanup of deprecated configuration directives - Ignore DHCP offered routes only for secondary nics - Deprecate DHClient in favor of systemd-networkd - Generate windows and linux licenses - Remove quintonamore from OWNERS - Delete integration tests - Add configuration toggle to enable/disable use of OS native certificate stores - Avoid writing configuration files when they already exist on wicked and NetworkManager - Get rid of deprecated dependencies in snapshot service generate code - Configure primary nic if only set in cfg file ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4109-1 Released: Thu Nov 28 17:15:36 2024 Summary: Security update for libuv Type: security Severity: moderate References: 1219724,CVE-2024-24806 This update for libuv fixes the following issues: - CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4130-1 Released: Mon Dec 2 10:56:25 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1232063 This update for dracut fixes the following issue: - Version update: 059+suse.543.g98d7f037 * fix: removing systemd 59-persistent-storage-dm.rules (bsc#1232063). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4145-1 Released: Tue Dec 3 10:07:28 2024 Summary: Security update for wget Type: security Severity: moderate References: 1233773,CVE-2024-10524 This update for wget fixes the following issues: - CVE-2024-10524: Fixed SSRF via shorthand HTTP URL (bsc#1233773) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4163-1 Released: Wed Dec 4 08:57:12 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1230366,1232542,1232622,1232624,CVE-2024-45817,CVE-2024-45818,CVE-2024-45819 This update for xen fixes the following issues: Security issues fixed: - CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling (bsc#1232622) - CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables (bsc#1232624) - CVE-2024-45817: xen: x86: Deadlock in vlapic_error() (bsc#1230366) Non-security issues fixed: - Removed usage of net-tools-deprecated from supportconfig plugin (bsc#1232542) - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4171-1 Released: Wed Dec 4 15:25:41 2024 Summary: Recommended update for ldb, samba Type: recommended Severity: moderate References: 1229684,1231414,15280,15590,15624,15696,15699,15700 This update for ldb, samba fixes the following issues: ldb: - Update to 2.8.2 * libldb: fix performance issue with indexes (bso#15590) samba: - Update to 4.19.9 * DH reconnect error handling can lead to stale sharemode entries (bso#15624) * Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated (bso#15699, bsc#1229684) * irpc_destructor may crash during shutdown (bso#15280) * Compound SMB2 requests don't return NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses MacOSX clients (bso#15696) * Crash when readlinkat fails (bso#15700) - Adjust spec to split out rpcd_* binaries into a separate sub package (bsc#1231414, jsc#PED-11015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4181-1 Released: Thu Dec 5 05:59:03 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1231185,1231328 This update for suseconnect-ng fixes the following issues: - Integrating uptime-tracker - Honor auto-import-gpg-keys flag on migration (bsc#1231328) - Only send labels if targetting SCC - Skip the docker auth generation on RMT (bsc#1231185) - Add --set-labels to register command to set labels at registration time on SCC - Add a new function to display suse-uptime-tracker version - Add a command to show the info being gathered ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4196-1 Released: Thu Dec 5 13:56:06 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1233420,CVE-2024-52616 This update for avahi fixes the following issues: - CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4200-1 Released: Thu Dec 5 14:48:33 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4244-1 Released: Fri Dec 6 14:04:39 2024 Summary: Recommended update for shared-mime-info Type: recommended Severity: moderate References: 1231463 This update for shared-mime-info fixes the following issue: - Uninstall silently if update-mime-database is not present (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4269-1 Released: Mon Dec 9 17:34:34 2024 Summary: Recommended update for libnvme, nvme-cli Type: recommended Severity: moderate References: 1216982,1226216,1232616,1234217 This update for libnvme, nvme-cli fixes the following issues: - Version update (1.8+79.g69e7772) * docs: update check-tls-key arguments (bsc#1216982, bsc#1226216). * docs: update gen-tls-key arguments (bsc#1216982, bsc#1226216). * docs: update TLS options (bsc#1216982, bsc#1226216). * fabrics: add support to connect to accept a PSK command line and configuration (bsc#1216982, bsc#1226216). * fabrics: fix map error level in __nvmf_add_ctrl (bsc#1216982, bsc#1226216). * fabrics: add ctrl connect interface (bsc#1216982, bsc#1226216). * fabrics: use hex numbers when generating command line options (bsc#1216982, bsc#1226216). * fabrics: rename first argument for argument macros (bsc#1216982, bsc#1226216). * fabrics: do not attempt to import keys if tls is not enabled (bsc#1216982, bsc#1226216). * fabrics: skip namespace scan for fabric commands (bsc#1232616). * json: move keystore operations out of the JSON parser (bsc#1216982, bsc#1226216). * json: do not escape strings when printing the configuration (bsc#1216982, bsc#1226216). * linux: do not do any keyring ops when no key is provided (bsc#1216982, bsc#1226216). * linux: do not return w/o OpenSSL support enabled (bsc#1216982, bsc#1226216). * linux: fix derive_psk_digest OpenSSL 1.1 version (bsc#1216982, bsc#1226216). * linux: fixup PSK HMAC type '0' handling (bsc#1216982, bsc#1226216). * linux: handle key import correctly (bsc#1216982, bsc#1226216). * linux: export keys to config (bsc#1216982, bsc#1226216). * linux: only return the description of a key (bsc#1216982, bsc#1226216). * linux: use ssize_t as return type for nvme_identity_len (bsc#1216982, bsc#1226216). * linux: reorder variable declarations (bsc#1216982 bsc#1226216 (bsc#1216982, bsc#1226216). * linux: Remove the use of OpenSSL Engine API. * linux: add import/export function for TLS pre-shared keys (bsc#1216982, bsc#1226216). * netapp-smdev: remove redundant code (bsc#1234217). * netapp-smdev: add verbose output (bsc#1234217). * netapp-smdev-doc: add verbose details (bsc#1234217). * netapp-ontapdev: fix JSON output for nsze and nuse (bsc#1234217). * netapp-ontapdev: fix fw version handling (bsc#1234217). * netapp-ontapdev-doc: add verbose details (bsc#1232616). * netapp-ontapdev: add verbose output (bsc#1232616). * nvme: use unsigned char for hmac and identity (bsc#1216982, bsc#1226216). * nvme: add support to append TLS PSK to keyfile for check-tls-key (bsc#1216982, bsc#1226216). * nvme: return correct error code in append_keyfile (bsc#1216982, bsc#1226216). * nvme: add support to add derive TLS PSK to keyfile (bsc#1216982, bsc#1226216). * nvme: rename identity to version (bsc#1216982, bsc#1226216). * nvme: set file permission for keyfile to owner only (bsc#1216982, bsc#1226216). * nvme: export tls keys honoring version and hmac (bsc#1216982, bsc#1226216). * nvme-netapp: update err messages (bsc#1234217). * nvmf-keys: add udev rule to import tls keys (bsc#1216982, bsc#1226216). * test: add pre-shared key json tests (bsc#1216982, bsc#1226216). * test: extend psk to test new 'versioned' API (bsc#1216982, bsc#1226216). * test: add test case for importing/exporting PSKs (bsc#1216982, bsc#1226216). * test: make config-diff more flexible to use (bsc#1216982, bsc#1226216). * tree: optionally skip namespaces during scanning (bsc#1232616). * tree: do no export tls keys when not provided by user (bsc#1216982, bsc#1226216). * tree: read tls_configured_key and tls_keyring from sysfs (bsc#1216982, bsc#1226216). * tree: move dhchap and tls sysfs parser into separate functions (bsc#1216982, bsc#1226216). * tree: add getter/setters for TLS PSK (bsc#1216982, bsc#1226216). * util: added error code for ENOKEY (bsc#1216982, bsc#1226216). * util: Add string constant for ENVME_CONNECT_IGNORED. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4295-1 Released: Wed Dec 11 15:40:56 2024 Summary: Security update for socat Type: security Severity: moderate References: 1225462,CVE-2024-54661 This update for socat fixes the following issues: - CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh (bsc#1225462) The following package changes have been done: - dracut-059+suse.543.g98d7f037-150600.3.14.2 updated - glib2-tools-2.78.6-150600.4.8.1 updated - glibc-locale-base-2.38-150600.14.17.2 updated - glibc-locale-2.38-150600.14.17.2 updated - glibc-2.38-150600.14.17.2 updated - google-guest-agent-20241011.01-150000.1.51.1 updated - google-osconfig-agent-20240926.03-150000.1.38.1 updated - hwdata-0.389-150000.3.71.2 updated - libavahi-client3-0.8-150600.15.6.1 updated - libavahi-common3-0.8-150600.15.6.1 updated - libcurl4-8.6.0-150600.4.15.1 updated - libgio-2_0-0-2.78.6-150600.4.8.1 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libgmodule-2_0-0-2.78.6-150600.4.8.1 updated - libgobject-2_0-0-2.78.6-150600.4.8.1 updated - libldb2-2.8.2-150600.3.6.1 updated - libnfsidmap1-1.0-150600.28.6.2 updated - libnvme-mi1-1.8+79.g69e7772-150600.3.12.2 updated - libnvme1-1.8+79.g69e7772-150600.3.12.2 updated - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - libsolv-tools-base-0.7.31-150600.8.7.2 updated - libuv1-1.44.2-150500.3.5.1 updated - libzypp-17.35.14-150600.3.32.2 updated - nfs-client-2.6.4-150600.28.6.2 updated - nvme-cli-2.8+87.g29df38e-150600.3.12.2 updated - openssh-clients-9.6p1-150600.6.12.1 updated - openssh-common-9.6p1-150600.6.12.1 updated - openssh-server-9.6p1-150600.6.12.1 updated - openssh-9.6p1-150600.6.12.1 updated - python3-base-3.6.15-150300.10.78.1 updated - python3-3.6.15-150300.10.78.1 updated - samba-client-libs-4.19.8+git.399.71536ca297e-150600.3.9.6 updated - shared-mime-info-2.4-150600.3.3.2 updated - socat-1.8.0.0-150600.20.6.1 updated - suseconnect-ng-1.13.0-150600.3.11.1 updated - wget-1.20.3-150600.19.9.1 updated - xen-libs-4.18.3_06-150600.3.12.1 updated - zypper-1.14.78-150600.10.16.3 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:37:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:37:06 +0100 (CET) Subject: SUSE-CU-2024:6382-1: Recommended update of suse/sles/15.7/cdi-apiserver Message-ID: <20241213073706.E8717FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6382-1 Container Tags : suse/sles/15.7/cdi-apiserver:1.58.0 , suse/sles/15.7/cdi-apiserver:1.58.0-150700.7.25 , suse/sles/15.7/cdi-apiserver:1.58.0.27.58 Container Release : 27.58 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - containerized-data-importer-api-1.58.0-150700.7.25 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:37:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:37:12 +0100 (CET) Subject: SUSE-CU-2024:6383-1: Recommended update of suse/sles/15.7/cdi-cloner Message-ID: <20241213073712.DD38FFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6383-1 Container Tags : suse/sles/15.7/cdi-cloner:1.58.0 , suse/sles/15.7/cdi-cloner:1.58.0-150700.7.25 , suse/sles/15.7/cdi-cloner:1.58.0.28.58 Container Release : 28.58 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - containerized-data-importer-cloner-1.58.0-150700.7.25 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:37:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:37:20 +0100 (CET) Subject: SUSE-CU-2024:6384-1: Recommended update of suse/sles/15.7/cdi-controller Message-ID: <20241213073720.3ACFEFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6384-1 Container Tags : suse/sles/15.7/cdi-controller:1.58.0 , suse/sles/15.7/cdi-controller:1.58.0-150700.7.25 , suse/sles/15.7/cdi-controller:1.58.0.27.58 Container Release : 27.58 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - containerized-data-importer-controller-1.58.0-150700.7.25 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:37:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:37:27 +0100 (CET) Subject: SUSE-CU-2024:6385-1: Security update of suse/sles/15.7/cdi-importer Message-ID: <20241213073727.85AF7FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6385-1 Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.25 , suse/sles/15.7/cdi-importer:1.58.0.29.24 Container Release : 29.24 Severity : important Type : security References : 1231463 1233282 1233699 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libgcrypt20-1.11.0-150700.2.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - libgmodule-2_0-0-2.78.6-150600.4.8.1 updated - libnettle8-3.10-150700.2.2 updated - libhogweed6-3.10-150700.2.2 updated - containerized-data-importer-importer-1.58.0-150700.7.25 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:37:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:37:33 +0100 (CET) Subject: SUSE-CU-2024:6386-1: Recommended update of suse/sles/15.7/cdi-operator Message-ID: <20241213073733.73CD7FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6386-1 Container Tags : suse/sles/15.7/cdi-operator:1.58.0 , suse/sles/15.7/cdi-operator:1.58.0-150700.7.25 , suse/sles/15.7/cdi-operator:1.58.0.27.58 Container Release : 27.58 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - containerized-data-importer-operator-1.58.0-150700.7.25 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:37:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:37:42 +0100 (CET) Subject: SUSE-CU-2024:6387-1: Recommended update of suse/sles/15.7/cdi-uploadproxy Message-ID: <20241213073742.74F83FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6387-1 Container Tags : suse/sles/15.7/cdi-uploadproxy:1.58.0 , suse/sles/15.7/cdi-uploadproxy:1.58.0-150700.7.25 , suse/sles/15.7/cdi-uploadproxy:1.58.0.27.58 Container Release : 27.58 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - containerized-data-importer-uploadproxy-1.58.0-150700.7.25 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:37:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:37:49 +0100 (CET) Subject: SUSE-CU-2024:6388-1: Security update of suse/sles/15.7/cdi-uploadserver Message-ID: <20241213073749.F18E5FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6388-1 Container Tags : suse/sles/15.7/cdi-uploadserver:1.58.0 , suse/sles/15.7/cdi-uploadserver:1.58.0-150700.7.25 , suse/sles/15.7/cdi-uploadserver:1.58.0.28.66 Container Release : 28.66 Severity : important Type : security References : 1231463 1233282 1233699 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libgcrypt20-1.11.0-150700.2.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - libgmodule-2_0-0-2.78.6-150600.4.8.1 updated - libnettle8-3.10-150700.2.2 updated - libhogweed6-3.10-150700.2.2 updated - containerized-data-importer-uploadserver-1.58.0-150700.7.25 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:37:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:37:56 +0100 (CET) Subject: SUSE-CU-2024:6389-1: Security update of suse/sle15 Message-ID: <20241213073756.2A092FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6389-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-1.2 , suse/sle15:15.7 , suse/sle15:15.7-1.2 Container Release : 1.2 Severity : important Type : security References : 1225451 1231463 1233282 1233699 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4200-1 Released: Thu Dec 5 14:48:33 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libgcrypt20-1.11.0-150700.2.2 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - libopenssl3-3.2.3-150700.1.4 updated - libsolv-tools-base-0.7.31-150600.8.7.2 updated - libzypp-17.35.14-150600.3.32.2 updated - openssl-3-3.2.3-150700.1.4 updated - sle-module-basesystem-release-15.7-150700.14.1 updated - sle-module-python3-release-15.7-150700.14.1 updated - sle-module-server-applications-release-15.7-150700.14.1 updated - sles-release-15.7-150700.14.1 updated - zypper-1.14.78-150600.10.16.3 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:38:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:38:03 +0100 (CET) Subject: SUSE-CU-2024:6390-1: Recommended update of suse/sles/15.7/virt-api Message-ID: <20241213073803.37907FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6390-1 Container Tags : suse/sles/15.7/virt-api:1.1.1 , suse/sles/15.7/virt-api:1.1.1-150700.9.29 , suse/sles/15.7/virt-api:1.1.1.27.59 Container Release : 27.59 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/sles/15.7/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - kubevirt-virt-api-1.1.1-150700.9.29 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:38:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:38:10 +0100 (CET) Subject: SUSE-CU-2024:6391-1: Recommended update of suse/sles/15.7/virt-controller Message-ID: <20241213073810.5D269FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6391-1 Container Tags : suse/sles/15.7/virt-controller:1.1.1 , suse/sles/15.7/virt-controller:1.1.1-150700.9.29 , suse/sles/15.7/virt-controller:1.1.1.27.59 Container Release : 27.59 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/sles/15.7/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - kubevirt-virt-controller-1.1.1-150700.9.29 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:38:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:38:16 +0100 (CET) Subject: SUSE-CU-2024:6392-1: Recommended update of suse/sles/15.7/virt-exportproxy Message-ID: <20241213073816.CB54BFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6392-1 Container Tags : suse/sles/15.7/virt-exportproxy:1.1.1 , suse/sles/15.7/virt-exportproxy:1.1.1-150700.9.29 , suse/sles/15.7/virt-exportproxy:1.1.1.11.59 Container Release : 11.59 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - kubevirt-virt-exportproxy-1.1.1-150700.9.29 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:38:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:38:23 +0100 (CET) Subject: SUSE-CU-2024:6393-1: Recommended update of suse/sles/15.7/virt-exportserver Message-ID: <20241213073823.39B49FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6393-1 Container Tags : suse/sles/15.7/virt-exportserver:1.1.1 , suse/sles/15.7/virt-exportserver:1.1.1-150700.9.29 , suse/sles/15.7/virt-exportserver:1.1.1.12.59 Container Release : 12.59 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - kubevirt-virt-exportserver-1.1.1-150700.9.29 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:38:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:38:31 +0100 (CET) Subject: SUSE-CU-2024:6394-1: Security update of suse/sles/15.7/virt-handler Message-ID: <20241213073831.79CF7FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6394-1 Container Tags : suse/sles/15.7/virt-handler:1.1.1 , suse/sles/15.7/virt-handler:1.1.1-150700.9.29 , suse/sles/15.7/virt-handler:1.1.1.29.70 Container Release : 29.70 Severity : important Type : security References : 1231463 1233282 1233699 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libgcrypt20-1.11.0-150700.2.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - sles-release-15.7-150700.14.1 updated - kubevirt-container-disk-1.1.1-150700.9.29 updated - kubevirt-virt-handler-1.1.1-150700.9.29 updated - libgmodule-2_0-0-2.78.6-150600.4.8.1 updated - libnettle8-3.10-150700.2.2 updated - libhogweed6-3.10-150700.2.2 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:38:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:38:40 +0100 (CET) Subject: SUSE-CU-2024:6395-1: Security update of suse/sles/15.7/virt-launcher Message-ID: <20241213073840.AA9F4FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6395-1 Container Tags : suse/sles/15.7/virt-launcher:1.1.1 , suse/sles/15.7/virt-launcher:1.1.1-150700.9.29 , suse/sles/15.7/virt-launcher:1.1.1.34.49 Container Release : 34.49 Severity : important Type : security References : 1231463 1231463 1233282 1233699 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4244-1 Released: Fri Dec 6 14:04:39 2024 Summary: Recommended update for shared-mime-info Type: recommended Severity: moderate References: 1231463 This update for shared-mime-info fixes the following issue: - Uninstall silently if update-mime-database is not present (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libgcrypt20-1.11.0-150700.2.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - sles-release-15.7-150700.14.1 updated - kubevirt-container-disk-1.1.1-150700.9.29 updated - libgmodule-2_0-0-2.78.6-150600.4.8.1 updated - libgobject-2_0-0-2.78.6-150600.4.8.1 updated - libnettle8-3.10-150700.2.2 updated - shared-mime-info-2.4-150600.3.3.2 updated - libhogweed6-3.10-150700.2.2 updated - xen-libs-4.19.0_04-150700.1.13 updated - libgio-2_0-0-2.78.6-150600.4.8.1 updated - glib2-tools-2.78.6-150600.4.8.1 updated - kubevirt-virt-launcher-1.1.1-150700.9.29 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:38:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:38:46 +0100 (CET) Subject: SUSE-CU-2024:6396-1: Security update of suse/sles/15.7/libguestfs-tools Message-ID: <20241213073846.C18C9FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6396-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.29 , suse/sles/15.7/libguestfs-tools:1.1.1.28.81 Container Release : 28.81 Severity : important Type : security References : 1225451 1231463 1231463 1231795 1232063 1233282 1233307 1233699 CVE-2024-11168 CVE-2024-52533 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4130-1 Released: Mon Dec 2 10:56:25 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1232063 This update for dracut fixes the following issue: - Version update: 059+suse.543.g98d7f037 * fix: removing systemd 59-persistent-storage-dm.rules (bsc#1232063). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4200-1 Released: Thu Dec 5 14:48:33 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4244-1 Released: Fri Dec 6 14:04:39 2024 Summary: Recommended update for shared-mime-info Type: recommended Severity: moderate References: 1231463 This update for shared-mime-info fixes the following issue: - Uninstall silently if update-mime-database is not present (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libgcrypt20-1.11.0-150700.2.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - libsolv-tools-base-0.7.31-150600.8.7.2 updated - sles-release-15.7-150700.14.1 updated - libzypp-17.35.14-150600.3.32.2 updated - zypper-1.14.78-150600.10.16.3 updated - libguestfs-winsupport-1.54.0-150700.1.4 updated - libgmodule-2_0-0-2.78.6-150600.4.8.1 updated - libgobject-2_0-0-2.78.6-150600.4.8.1 updated - libnettle8-3.10-150700.2.2 updated - shared-mime-info-2.4-150600.3.3.2 updated - libhogweed6-3.10-150700.2.2 updated - python3-base-3.6.15-150300.10.78.1 updated - libpython3_6m1_0-3.6.15-150300.10.78.1 updated - xen-libs-4.19.0_04-150700.1.13 updated - libgio-2_0-0-2.78.6-150600.4.8.1 updated - glib2-tools-2.78.6-150600.4.8.1 updated - dracut-059+suse.543.g98d7f037-150600.3.14.2 updated - dracut-fips-059+suse.543.g98d7f037-150600.3.14.2 updated - libguestfs0-1.54.0-150700.1.4 updated - libguestfs-devel-1.54.0-150700.1.4 updated - libguestfs-appliance-1.54.0-150700.1.4 updated - libguestfs-1.54.0-150700.1.4 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Fri Dec 13 07:38:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Dec 2024 08:38:51 +0100 (CET) Subject: SUSE-CU-2024:6397-1: Recommended update of suse/sles/15.7/virt-operator Message-ID: <20241213073851.AFADCFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:6397-1 Container Tags : suse/sles/15.7/virt-operator:1.1.1 , suse/sles/15.7/virt-operator:1.1.1-150700.9.29 , suse/sles/15.7/virt-operator:1.1.1.27.59 Container Release : 27.59 Severity : moderate Type : recommended References : 1233699 ----------------------------------------------------------------- The container suse/sles/15.7/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). The following package changes have been done: - glibc-2.38-150600.14.17.2 updated - libopenssl3-3.2.3-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.1.4 updated - kubevirt-virt-operator-1.1.1-150700.9.29 updated - container:sles15-image-15.7.0-1.2 updated From sle-container-updates at lists.suse.com Mon Dec 2 12:18:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 2 Dec 2024 13:18:36 +0100 (CET) Subject: SUSE-IU-2024:1907-1: Security update of containers/apache-tomcat Message-ID: <20241202121836.A3DFEFD85@maintenance.suse.de> SUSE Image Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1907-1 Image Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.33-openjdk11 , containers/apache-tomcat:10.1.33-openjdk11-59.4 Image Release : 59.4 Severity : critical Type : security References : 1029961 1047218 1062631 1079603 1091109 1094832 1097410 1101560 1101645 1101651 1101655 1101656 1106873 1111162 1112142 1112143 1112144 1112145 1112146 1112147 1112148 1112149 1113734 1115375 1119069 1119105 1120360 1120431 1122293 1122299 1131378 1132728 1132732 1133997 1134001 1137264 1140461 1141322 1141322 1141780 1141781 1141782 1141783 1141784 1141785 1141787 1141788 1141789 1145693 1146299 1151059 1152856 1153311 1154212 1158527 1159819 1159819 1160968 1167462 1169444 1169511 1169746 1171696 1171978 1172961 1173600 1174157 1174230 1174628 1174697 1176206 1176384 1176756 1176899 1176934 1177180 1177488 1177568 1177914 1177943 1177977 1179382 1179926 1180215 1181239 1182284 1182708 1182748 1182754 1183942 1184123 1184123 1184356 1184357 1184606 1184755 1185055 1185056 1185116 1185116 1185476 1186328 1187446 1187446 1188468 1188469 1188529 1188564 1188565 1188566 1188891 1189201 1190252 1190660 1190663 1191546 1191546 1191546 1191546 1191901 1191903 1191904 1191906 1191909 1191910 1191911 1191912 1191913 1191914 1192079 1192079 1192080 1192080 1192086 1192086 1192087 1192087 1192228 1192228 1192449 1193314 1193743 1193795 1194925 1194926 1194927 1194928 1194929 1194930 1194931 1194932 1194933 1194934 1194935 1194937 1194939 1194940 1194941 1195108 1195557 1195654 1196025 1196026 1196168 1196169 1196171 1196784 1198279 1198404 1198486 1198486 1198671 1198672 1198673 1198674 1198675 1198739 1198823 1198830 1198832 1198833 1198880 1198925 1198980 1198980 1198980 1199652 1199944 1200027 1200027 1200278 1200426 1200551 1200802 1201081 1201298 1201298 1201298 1201298 1201316 1201317 1201684 1201692 1201694 1202118 1202118 1202645 1202870 1202870 1203154 1203438 1203476 1203515 1203516 1203672 1203673 1203674 1203868 1204173 1204272 1204284 1204468 1204471 1204472 1204473 1204475 1204480 1204523 1204708 1204729 1204729 1204918 1205138 1205142 1205647 1206018 1206400 1206401 1206549 1207038 1207209 1207246 1207248 1207922 1208138 1208242 1208574 1208999 1210419 1210628 1210631 1210632 1210634 1210635 1210636 1210637 1213470 1213473 1213474 1213475 1213479 1213481 1213482 1214790 1214980 1214980 1215973 1216198 1216374 1217390 1217649 1218640 1218903 1218905 1218906 1218907 1218909 1218911 1219208 1219530 1219559 1219862 1220262 1221289 1221385 1221385 1221386 1221386 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1222979 1222983 1222984 1222986 1222987 1223724 1224113 1224113 1224115 1224116 1224118 1224258 1224260 1224264 1224265 1224266 1224267 1224268 1224269 1224270 1224271 1224272 1224273 1224275 1224410 1225551 1225907 1226463 1227138 1227298 1227399 1227918 1228046 1228047 1228048 1228050 1228051 1228052 1228322 1228322 1228618 1228619 1228623 1229783 1229930 1229931 1229932 1231347 1231428 1231702 1231711 1231716 1231719 1232579 1233434 974847 CVE-2016-3977 CVE-2018-0495 CVE-2018-11212 CVE-2018-11490 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18508 CVE-2018-2940 CVE-2018-2952 CVE-2018-2972 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3150 CVE-2018-3157 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-6942 CVE-2019-11745 CVE-2019-15133 CVE-2019-17006 CVE-2019-17006 CVE-2019-17566 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2818 CVE-2019-2821 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2977 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-7317 CVE-2020-11022 CVE-2020-11023 CVE-2020-11979 CVE-2020-11987 CVE-2020-11988 CVE-2020-12399 CVE-2020-12400 CVE-2020-12401 CVE-2020-12403 CVE-2020-13956 CVE-2020-14344 CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 CVE-2020-15522 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 CVE-2020-15683 CVE-2020-15969 CVE-2020-15999 CVE-2020-1945 CVE-2020-25648 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2655 CVE-2020-26945 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-28052 CVE-2020-2816 CVE-2020-2830 CVE-2020-2875 CVE-2020-2933 CVE-2020-2934 CVE-2020-6829 CVE-2020-8908 CVE-2021-2161 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-2471 CVE-2021-26291 CVE-2021-27807 CVE-2021-27906 CVE-2021-29425 CVE-2021-30560 CVE-2021-33813 CVE-2021-33813 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 CVE-2021-36373 CVE-2021-36374 CVE-2021-37533 CVE-2021-40633 CVE-2021-42550 CVE-2021-43980 CVE-2021-44228 CVE-2021-45046 CVE-2022-1348 CVE-2022-1664 CVE-2022-2047 CVE-2022-2048 CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVE-2022-21540 CVE-2022-21541 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-23437 CVE-2022-23491 CVE-2022-24839 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-28366 CVE-2022-28506 CVE-2022-29599 CVE-2022-31741 CVE-2022-31741 CVE-2022-34169 CVE-2022-3479 CVE-2022-37865 CVE-2022-37866 CVE-2022-38398 CVE-2022-38648 CVE-2022-38752 CVE-2022-39399 CVE-2022-40146 CVE-2022-40149 CVE-2022-40150 CVE-2022-40674 CVE-2022-42252 CVE-2022-42889 CVE-2022-43680 CVE-2022-45685 CVE-2022-45693 CVE-2023-0767 CVE-2023-2004 CVE-2023-21835 CVE-2023-21843 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-22081 CVE-2023-25193 CVE-2023-37460 CVE-2023-46589 CVE-2023-48161 CVE-2023-49582 CVE-2023-50782 CVE-2023-52425 CVE-2023-5388 CVE-2023-5388 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926 CVE-2024-20945 CVE-2024-20952 CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147 CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 CVE-2024-22029 CVE-2024-23672 CVE-2024-23672 CVE-2024-24549 CVE-2024-24549 CVE-2024-28168 CVE-2024-28757 CVE-2024-34750 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-4741 CVE-2024-50602 CVE-2024-52316 CVE-2024-5535 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1462-1 Released: Tue Jul 31 14:04:41 2018 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1101645,1101651,1101655,1101656,CVE-2018-2940,CVE-2018-2952,CVE-2018-2972,CVE-2018-2973 This java-11-openjdk update to version jdk-11+24 fixes the following issues: Security issues fixed: - CVE-2018-2940: Fix unspecified vulnerability in subcomponent Libraries (bsc#1101645). - CVE-2018-2952: Fix unspecified vulnerability in subcomponent Concurrency (bsc#1101651). - CVE-2018-2972: Fix unspecified vulnerability in subcomponent Security (bsc#1101655). - CVE-2018-2973: Fix unspecified vulnerability in subcomponent JSSE (bsc#1101656). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2298-1 Released: Wed Oct 17 17:02:57 2018 Summary: Recommended update for java-11-openjdk Type: recommended Severity: moderate References: 1111162,1112142,1112143,1112144,1112145,1112146,1112147,1112148,1112149,CVE-2018-3136,CVE-2018-3139,CVE-2018-3149,CVE-2018-3150,CVE-2018-3157,CVE-2018-3169,CVE-2018-3180,CVE-2018-3183 This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.1+13 (Oracle October 2018 CPU) Security fixes: - S8202936, CVE-2018-3183, bsc#1112148: Improve script engine support - S8199226, CVE-2018-3169, bsc#1112146: Improve field accesses - S8199177, CVE-2018-3149, bsc#1112144: Enhance JNDI lookups - S8202613, CVE-2018-3180, bsc#1112147: Improve TLS connections stability - S8208209, CVE-2018-3180, bsc#1112147: Improve TLS connection stability again - S8199172, CVE-2018-3150, bsc#1112145: Improve jar attribute checks - S8200648, CVE-2018-3157, bsc#1112149: Make midi code more sound - S8194534, CVE-2018-3136, bsc#1112142: Manifest better support - S8208754, CVE-2018-3136, bsc#1112142: The fix for JDK-8194534 needs updates - S8196902, CVE-2018-3139, bsc#1112143: Better HTTP Redirection Security-In-Depth fixes: - S8194546: Choosier FileManagers - S8195874: Improve jar specification adherence - S8196897: Improve PRNG support - S8197881: Better StringBuilder support - S8201756: Improve cipher inputs - S8203654: Improve cypher state updates - S8204497: Better formatting of decimals - S8200666: Improve LDAP support - S8199110: Address Internet Addresses Update to upstream tag jdk-11+28 (OpenJDK 11 rc1) - S8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy - S8207838: AArch64: Float registers incorrectly restored in JNI call - S8209637: [s390x] Interpreter doesn't call result handler after native calls - S8209670: CompilerThread releasing code buffer in destructor is unsafe - S8209735: Disable avx512 by default - S8209806: API docs should be updated to refer to javase11 - Report version without the '-internal' postfix - Don't build against gdk making the accessibility depend on a particular version of gtk. Update to upstream tag jdk-11+27 - S8031761: [TESTBUG] Add a regression test for JDK-8026328 - S8151259: [TESTBUG] nsk/jvmti/RedefineClasses/redefclass030 fails with 'unexpected values of outer fields of the class' when running with -Xcomp - S8164639: Configure PKCS11 tests to use user-supplied NSS libraries - S8189667: Desktop#moveToTrash expects incorrect '<>' FilePermission - S8194949: [Graal] gc/TestNUMAPageSize.java fail with OOM in -Xcomp - S8195156: [Graal] serviceability/jvmti/GetModulesInfo/ /JvmtiGetAllModulesTest.java fails with Graal in Xcomp mode - S8199081: [Testbug] compiler/linkage/LinkageErrors.java fails if run twice - S8201394: Update java.se module summary to reflect removal of java.se.ee module - S8204931: Colors with alpha are painted incorrectly on Linux - S8204966: [TESTBUG] hotspot/test/compiler/whitebox/ /IsMethodCompilableTest.java test fails with -XX:CompileThreshold=1 - S8205608: Fix 'frames()' in ThreadReferenceImpl.c to prevent quadratic runtime behavior - S8205687: TimeoutHandler generates huge core files - S8206176: Remove the temporary tls13VN field - S8206258: [Test Error] sun/security/pkcs11 tests fail if NSS libs not found - S8206965: java/util/TimeZone/Bug8149452.java failed on de_DE and ja_JP locale. - S8207009: TLS 1.3 half-close and synchronization issues - S8207046: arm32 vm crash: C1 arm32 platform functions parameters type mismatch - S8207139: NMT is not enabled on Windows 2016/10 - S8207237: SSLSocket#setEnabledCipherSuites is accepting empty string - S8207355: C1 compilation hangs in ComputeLinearScanOrder::compute_dominator - S8207746: C2: Lucene crashes on AVX512 instruction - S8207765: HeapMonitorTest.java intermittent failure - S8207944: java.lang.ClassFormatError: Extra bytes at the end of class file test' possibly violation of JVMS 4.7.1 - S8207948: JDK 11 L10n resource file update msg drop 10 - S8207966: HttpClient response without content-length does not return body - S8208125: Cannot input text into JOptionPane Text Input Dialog - S8208164: (str) improve specification of String::lines - S8208166: Still unable to use custom SSLEngine with default TrustManagerFactory after JDK-8207029 - S8208189: ProblemList compiler/graalunit/JttThreadsTest.java - S8208205: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!' - S8208226: ProblemList com/sun/jdi/BasicJDWPConnectionTest.java - S8208251: serviceability/jvmti/HeapMonitor/MyPackage/ /HeapMonitorGCCMSTest.java fails intermittently on Linux-X64 - S8208305: ProblemList compiler/jvmci/compilerToVM/GetFlagValueTest.java - S8208347: ProblemList compiler/cpuflags/TestAESIntrinsicsOnSupportedConfig.java - S8208353: Upgrade JDK 11 to libpng 1.6.35 - S8208358: update bug ids mentioned in tests - S8208370: fix typo in ReservedStack tests' @requires - S8208391: Differentiate response and connect timeouts in HTTP Client API - S8208466: Fix potential memory leak in harfbuzz shaping. - S8208496: New Test to verify concurrent behavior of TLS. - S8208521: ProblemList more tests that fail due to 'Error attaching to process: Can't create thread_db agent!' - S8208640: [a11y] [macos] Unable to navigate between Radiobuttons in Radio group using keyboard. - S8208663: JDK 11 L10n resource file update msg drop 20 - S8208676: Missing NULL check and resource leak in NetworkPerformanceInterface::NetworkPerformance::network_utilization - S8208691: Tighten up jdk.includeInExceptions security property - S8209011: [TESTBUG] AArch64: sun/security/pkcs11/Secmod/ /TestNssDbSqlite.java fails in aarch64 platforms - S8209029: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!' in jdk-11+25 testing - S8209149: [TESTBUG] runtime/RedefineTests/ /RedefineRunningMethods.java needs a longer timeout - S8209451: Please change jdk 11 milestone to FCS - S8209452: VerifyCACerts.java failed with 'At least one cacert test failed' - S8209506: Add Google Trust Services GlobalSign root certificates - S8209537: Two security tests failed after JDK-8164639 due to dependency was missed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2307-1 Released: Thu Oct 18 14:42:54 2018 Summary: Recommended update for libxcb Type: recommended Severity: moderate References: 1101560 This update for libxcb provides the following fix: - Fix some IO errors when using KWin in combination with the NVIDIA driver. (bsc#1101560) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2625-1 Released: Mon Nov 12 08:58:25 2018 Summary: Recommended update for java-11-openjdk Type: recommended Severity: moderate References: 1113734 This update for java-11-openjdk fixes the following issues: Merge into the JDK following modules from github.com/javaee: * com.sum.xml.fastinfoset * org.jvnet.staxex * com.sun.istack.runtime * com.sun.xml.txw2 * com.sun.xml.bind This provides a default implementation of JAXB-API that existed in JDK before Java 11 and that some applications depend on. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:3044-1 Released: Fri Dec 21 18:47:21 2018 Summary: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Type: security Severity: important References: 1097410,1106873,1119069,1119105,CVE-2018-0495,CVE-2018-12384,CVE-2018-12404,CVE-2018-12405,CVE-2018-17466,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498 This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:221-1 Released: Fri Feb 1 15:20:56 2019 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1120431,1122293,1122299,CVE-2018-11212,CVE-2019-2422,CVE-2019-2426 This update for java-11-openjdk to version 11.0.2+7 fixes the following issues: Security issues fixed: - CVE-2019-2422: Better FileChannel transfer performance (bsc#1122293) - CVE-2019-2426: Improve web server connections - CVE-2018-11212: Improve JPEG processing (bsc#1122299) - Better route routing - Better interface enumeration - Better interface lists - Improve BigDecimal support - Improve robot support - Better icon support - Choose printer defaults - Proper allocation handling - Initial class initialization - More reliable p11 transactions - Improve NIO stability - Better loading of classloader classes - Strengthen Windows Access Bridge Support - Improved data set handling - Improved LSA authentication - Libsunmscapi improved interactions Non-security issues fix: - Do not resolve by default the added JavaEE modules (bsc#1120431) - ~2.5% regression on compression benchmark starting with 12-b11 - java.net.http.HttpClient hangs on 204 reply without Content-length 0 - Add additional TeliaSonera root certificate - Add more ld preloading related info to hs_error file on Linux - Add test to exercise server-side client hello processing - AES encrypt performance regression in jdk11b11 - AIX: ProcessBuilder: Piping between created processes does not work. - AIX: Some class library files are missing the Classpath exception - AppCDS crashes for some uses with JRuby - Automate vtable/itable stub size calculation - BarrierSetC1::generate_referent_check() confuses register allocator - Better HTTP Redirection - Catastrophic size_t underflow in BitMap::*_large methods - Clip.isRunning() may return true after Clip.stop() was called - Compiler thread creation should be bounded by available space in memory and Code Cache - com.sun.net.httpserver.HttpServer returns Content-length header for 204 response code - Default mask register for avx512 instructions - Delayed starting of debugging via jcmd - Disable all DES cipher suites - Disable anon and NULL cipher suites - Disable unsupported GCs for Zero - Epsilon alignment adjustments can overflow max TLAB size - Epsilon elastic TLAB sizing may cause misalignment - HotSpot update for vm_version.cpp to recognise updated VS2017 - HttpClient does not retrieve files with large sizes over HTTP/1.1 - IIOException 'tEXt chunk length is not proper' on opening png file - Improve TLS connection stability again - InitialDirContext ctor sometimes throws NPE if the server has sent a disconnection - Inspect stack during error reporting - Instead of circle rendered in appl window, but ellipse is produced JEditor Pane - Introduce diagnostic flag to abort VM on failed JIT compilation - Invalid assert(HeapBaseMinAddress > 0) in ReservedHeapSpace::initialize_compressed_heap - jar has issues with UNC-path arguments for the jar -C parameter [windows] - java.net.http HTTP client should allow specifying Origin and Referer headers - java.nio.file.Files.writeString writes garbled UTF-16 instead of UTF-8 - JDK 11.0.1 l10n resource file update - JDWP Transport Listener: dt_socket thread crash - JVMTI ResourceExhausted should not be posted in CompilerThread - LDAPS communication failure with jdk 1.8.0_181 - linux: Poor StrictMath performance due to non-optimized compilation - Missing synchronization when reading counters for live threads and peak thread count - NPE in SupportedGroupsExtension - OpenDataException thrown when constructing CompositeData for StackTraceElement - Parent class loader may not have a referred ClassLoaderData instance when obtained in Klass::class_in_module_of_loader - Populate handlers while holding streamHandlerLock - ppc64: Enable POWER9 CPU detection - print_location is not reliable enough (printing register info) - Reconsider default option for ClassPathURLCheck change done in JDK-8195874 - Register to register spill may use AVX 512 move instruction on unsupported platform. - s390: Use of shift operators not covered by cpp standard - serviceability/sa/TestUniverse.java#id0 intermittently fails with assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded - SIGBUS in CodeHeapState::print_names() - SIGSEGV in MethodArityHistogram() with -XX:+CountCompiledCalls - Soft reference reclamation race in com.sun.xml.internal.stream.util.ThreadLocalBufferAllocator - Swing apps are slow if displaying from a remote source to many local displays - switch jtreg to 4.2b13 - Test library OSInfo.getSolarisVersion cannot determine Solaris version - TestOptionsWithRanges.java is very slow - TestOptionsWithRanges.java of '-XX:TLABSize=2147483648' fails intermittently - The Japanese message of FileNotFoundException garbled - The 'supported_groups' extension in ServerHellos - ThreadInfoCompositeData.toCompositeData fails to map ThreadInfo to CompositeData - TimeZone.getDisplayName given Locale.US doesn't always honor the Locale. - TLS 1.2 Support algorithm in SunPKCS11 provider - TLS 1.3 handshake server name indication is missing on a session resume - TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and psk_key_exchange_modes - TLS 1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth - tz: Upgrade time-zone data to tzdata2018g - Undefined behaviour in ADLC - Update avx512 implementation - URLStreamHandler initialization race - UseCompressedOops requirement check fails fails on 32-bit system - windows: Update OS detection code to recognize Windows Server 2019 - x86: assert on unbound assembler Labels used as branch targets - x86: jck tests for ldc2_w bytecode fail - x86: sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization - '-XX:OnOutOfMemoryError' uses fork instead of vfork ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1052-1 Released: Fri Apr 26 14:33:42 2019 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1132728,1132732,CVE-2019-2602,CVE-2019-2684 This update for java-11-openjdk to version 11.0.3+7 fixes the following issues: Security issues fixed: - CVE-2019-2602: Fixed excessive use of CPU time in the BigDecimal implementation (bsc#1132728). - CVE-2019-2684: Fixed a flaw in the RMI registry implementation which could lead to selection of an incorrect skeleton class (bsc#1132732). Non-security issues fixed: - Multiple bug fixes and improvements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1152-1 Released: Fri May 3 18:06:09 2019 Summary: Recommended update for java-11-openjdk Type: recommended Severity: moderate References: 1131378 This update for java-11-openjdk fixes the following issues: - Require update-ca-certificates by the headless subpackage (bsc#1131378) - Removed a font rendering patch with broke related to other font changes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1807-1 Released: Wed Jul 10 13:13:21 2019 Summary: Recommended update for java-11-openjdk Type: recommended Severity: moderate References: 1137264 This update ships the OpenJDK LTS version 11 in the java-11-openjdk packages. (FATE#326347 bsc#1137264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2002-1 Released: Mon Jul 29 13:00:27 2019 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1115375,1140461,1141780,1141781,1141782,1141783,1141784,1141785,1141787,1141788,1141789,CVE-2019-2745,CVE-2019-2762,CVE-2019-2766,CVE-2019-2769,CVE-2019-2786,CVE-2019-2816,CVE-2019-2818,CVE-2019-2821,CVE-2019-7317 This update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-7317: Improve PNG support options (bsc#1141780). - CVE-2019-2818: Better Poly1305 support (bsc#1141788). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2821: Improve TLS negotiation (bsc#1141781). - Certificate validation improvements Non-security issues fixed: - Do not fail installation when the manpages are not present (bsc#1115375) - Backport upstream fix for JDK-8208602: Cannot read PEM X.509 cert if there is whitespace after the header or footer (bsc#1140461) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2142-1 Released: Wed Aug 14 18:14:04 2019 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1141322 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.45 (bsc#1141322) : * New function in pk11pub.h: PK11_FindRawCertsWithSubject * The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374) * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078). * Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579) * Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262) * Add IPSEC IKE support to softoken (bmo#1546229) * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616) * Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed. * Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime. mozilla-nspr was updated to version 4.21 * Changed prbit.h to use builtin function on aarch64. * Removed Gonk/B2G references. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2998-1 Released: Mon Nov 18 15:17:23 2019 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1152856,1154212,CVE-2019-2894,CVE-2019-2933,CVE-2019-2945,CVE-2019-2949,CVE-2019-2958,CVE-2019-2962,CVE-2019-2964,CVE-2019-2973,CVE-2019-2975,CVE-2019-2977,CVE-2019-2978,CVE-2019-2981,CVE-2019-2983,CVE-2019-2987,CVE-2019-2988,CVE-2019-2989,CVE-2019-2992,CVE-2019-2999 This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues: Security issues fixed (October 2019 CPU bsc#1154212): - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2975: Unexpected exception in jjs - CVE-2019-2978: Improved handling of jar files - CVE-2019-2977: Improve String index handling - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3395-1 Released: Mon Dec 30 14:05:06 2019 Summary: Security update for mozilla-nspr, mozilla-nss Type: security Severity: moderate References: 1141322,1158527,1159819,CVE-2018-18508,CVE-2019-11745,CVE-2019-17006 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:213-1 Released: Wed Jan 22 15:38:15 2020 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1160968,CVE-2020-2583,CVE-2020-2590,CVE-2020-2593,CVE-2020-2601,CVE-2020-2604,CVE-2020-2654,CVE-2020-2655 This update for java-11-openjdk fixes the following issues: Update to version jdk-11.0.6-10 (January 2020 CPU, bsc#1160968) Fixing these security related issues: - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2655: Better TLS messaging support - CVE-2020-2654: Improve Object Identifier Processing ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:338-1 Released: Thu Feb 6 13:00:23 2020 Summary: Recommended update for apr Type: recommended Severity: moderate References: 1151059 This update for apr fixes the following issues: - Increase timeout to fix random failure of testsuite [bsc#1151059]. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:362-1 Released: Fri Feb 7 11:14:20 2020 Summary: Recommended update for libXi Type: recommended Severity: moderate References: 1153311 This update for libXi fixes the following issue: - The libXi6-32bit library on x86_64 are now shipped in the Basesystem module. (bsc#1153311) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1353-1 Released: Wed May 20 13:02:32 2020 Summary: Security update for freetype2 Type: security Severity: moderate References: 1079603,1091109,CVE-2018-6942 This update for freetype2 to version 2.10.1 fixes the following issues: Security issue fixed: - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603). Non-security issues fixed: - Update to version 2.10.1 * The bytecode hinting of OpenType variation fonts was flawed, since the data in the `CVAR' table wasn't correctly applied. * Auto-hinter support for Mongolian. * The handling of the default character in PCF fonts as introduced in version 2.10.0 was partially broken, causing premature abortion of charmap iteration for many fonts. * If `FT_Set_Named_Instance' was called with the same arguments twice in a row, the function returned an incorrect error code the second time. * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug introduced in version 2.10.0). * Increased precision while computing OpenType font variation instances. * The flattening algorithm of cubic Bezier curves was slightly changed to make it faster. This can cause very subtle rendering changes, which aren't noticeable by the eye, however. * The auto-hinter now disables hinting if there are blue zones defined for a `style' (i.e., a certain combination of a script and its related typographic features) but the font doesn't contain any characters needed to set up at least one blue zone. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * A bunch of new functions has been added to access and process COLR/CPAL data of OpenType fonts with color-layered glyphs. * As a GSoC 2018 project, Nikhil Ramakrishnan completely overhauled and modernized the API reference. * The logic for computing the global ascender, descender, and height of OpenType fonts has been slightly adjusted for consistency. * `TT_Set_MM_Blend' could fail if called repeatedly with the same arguments. * The precision of handling deltas in Variation Fonts has been increased.The problem did only show up with multidimensional designspaces. * New function `FT_Library_SetLcdGeometry' to set up the geometry of LCD subpixels. * FreeType now uses the `defaultChar' property of PCF fonts to set the glyph for the undefined character at glyph index 0 (as FreeType already does for all other supported font formats). As a consequence, the order of glyphs of a PCF font if accessed with FreeType can be different now compared to previous versions. This change doesn't affect PCF font access with cmaps. * `FT_Select_Charmap' has been changed to allow parameter value `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT formats to access built-in cmaps that don't have a predefined `FT_Encoding' value. * A previously reserved field in the `FT_GlyphSlotRec' structure now holds the glyph index. * The usual round of fuzzer bug fixes to better reject malformed fonts. * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been removed.These two functions were public by oversight only and were never documented. * A new function `FT_Error_String' returns descriptions of error codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined. * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new functions limited to Adobe MultiMaster fonts to directly set and get the weight vector. - Enable subpixel rendering with infinality config: - Re-enable freetype-config, there is just too many fallouts. - Update to version 2.9.1 * Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). * CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage. * Emboldening of bitmaps didn't work correctly sometimes, showing various artifacts (bug introduced in version 2.8.1). * The auto-hinter script ranges have been updated for Unicode 11. No support for new scripts have been added, however, with the exception of Georgian Mtavruli. - freetype-config is now deprecated by upstream and not enabled by default. - Update to version 2.10.1 * The `ftmulti' demo program now supports multiple hidden axes with the same name tag. * `ftview', `ftstring', and `ftgrid' got a `-k' command line option to emulate a sequence of keystrokes at start-up. * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG file. * The bytecode debugger, `ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new `-d' command line option. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * The `ftdump' demo program has new options `-c' and `-C' to display charmaps in compact and detailed format, respectively. Option `-V' has been removed. * The `ftview', `ftstring', and `ftgrid' demo programs use a new command line option `-d' to specify the program window's width, height, and color depth. * The `ftview' demo program now displays red boxes for zero-width glyphs. * `ftglyph' has limited support to display fonts with color-layered glyphs.This will be improved later on. * `ftgrid' can now display bitmap fonts also. * The `ttdebug' demo program has a new option `-f' to select a member of a TrueType collection (TTC). * Other various improvements to the demo programs. - Remove 'Supplements: fonts-config' to avoid accidentally pulling in Qt dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is fundamental but ft2demos seldom installs by end users. only fonts-config maintainers/debuggers may use ft2demos along to debug some issues. - Update to version 2.9.1 * No changelog upstream. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1511-1 Released: Fri May 29 18:03:39 2020 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1167462,1169511,CVE-2020-2754,CVE-2020-2755,CVE-2020-2756,CVE-2020-2757,CVE-2020-2767,CVE-2020-2773,CVE-2020-2778,CVE-2020-2781,CVE-2020-2800,CVE-2020-2803,CVE-2020-2805,CVE-2020-2816,CVE-2020-2830 This update for java-11-openjdk fixes the following issues: Java was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511). Security issues fixed: - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2755: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2756: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2757: Fixed an object deserialization issue that could have resulted in denial of service via crafted serialized input (bsc#1169511). - CVE-2020-2767: Fixed an incorrect handling of certificate messages during TLS handshakes (bsc#1169511). - CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511). - CVE-2020-2778: Fixed the incorrect handling of SSLParameters in setAlgorithmConstraints(), which could have been abused to override the defined systems security policy and lead to the use of weak crypto algorithms (bsc#1169511). - CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions (bsc#1169511). - CVE-2020-2800: Fixed an HTTP header injection issue caused by mishandling of CR/LF in header values (bsc#1169511). - CVE-2020-2803: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2805: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2816: Fixed an incorrect handling of application data packets during TLS handshakes (bsc#1169511). - CVE-2020-2830: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1677-1 Released: Thu Jun 18 18:16:39 2020 Summary: Security update for mozilla-nspr, mozilla-nss Type: security Severity: important References: 1159819,1169746,1171978,CVE-2019-17006,CVE-2020-12399 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53 - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1852-1 Released: Mon Jul 6 16:50:23 2020 Summary: Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts Type: recommended Severity: moderate References: 1169444 This update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts fixes the following issues: Changes in fontforge: - Support transforming bitmap glyphs from python. (bsc#1169444) - Allow python-Sphinx >= 3 Changes in ttf-converter: - Update from version 1.0 to version 1.0.6: * ftdump is now shipped additionally as new dependency for ttf-converter * Standardize output when converting vector and bitmap fonts * Add more subfamilies fixes (bsc#1169444) * Add --family and --subfamily arguments to force values on those fields * Add parameters to fix glyph unicode values --fix-glyph-unicode : Try to fix unicode points and glyph names based on glyph names containing hexadecimal codes (like '$0C00', 'char12345' or 'uni004F') --replace-unicode-values: When passed 2 comma separated numbers a,b the glyph with an unicode value of a is replaced with the unicode value b. Can be used more than once. --shift-unicode-values: When passed 3 comma separated numbers a,b,c this shifts the unicode values of glyphs between a and b (both included) by adding c. Can be used more than once. * Add --bitmapTransform parameter to transform bitmap glyphs. (bsc#1169444) When used, all glyphs are modified with the transformation function and values passed as parameters. The parameter has three values separated by commas: fliph|flipv|rotate90cw|rotate90ccw|rotate180|skew|transmove,xoff,yoff * Add support to convert bitmap fonts (bsc#1169444) * Rename MediumItalic subfamily to Medium Italic * Show some more information when removing duplicated glyphs * Add a --force-monospaced argument instead of hardcoding font names * Convert `BoldCond` subfamily to `Bold Condensed` * Fixes for Monospaced fonts and force the Nimbus Mono L font to be Monospaced. (bsc#1169444 #c41) * Add a --version argument * Fix subfamily names so the converted font's subfamily match the original ones. (bsc#1169444 #c41) Changes in xorg-x11-fonts: - Use ttf-converter 1.0.6 to build an Italic version of cu12.pcf.gz in the converted subpackage - Include the subfamily in the filename of converted fonts - Use ttf-converter's new bitmap font support to convert Schumacher Clean and Schumacher Clean Wide (bsc#1169444 #c41) - Replace some unicode values in cu-pua12.pcf.gz to fix them - Shift some unicode values in arabic24.pcf.gz and cuarabic12.pcf.gz so glyphs don't pretend to be latin characters when they're not. - Don't distribute converted fonts with wrong unicode values in their glyphs. (bsc#1169444) Bitstream-Charter-*.otb, Cursor.ttf,Sun-OPEN-LOOK-*.otb, MUTT-ClearlyU-Devangari-Extra-Regular, MUTT-ClearlyU-Ligature-Wide-Regular, and MUTT-ClearlyU-Devanagari-Regular Changes in ghostscript-fonts: - Force the converted Nimbus Mono font to be monospaced. (bsc#1169444 #c41) Use the --force-monospaced argument of ttf-converter 1.0.3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2116-1 Released: Tue Aug 4 15:12:41 2020 Summary: Security update for libX11 Type: security Severity: important References: 1174628,CVE-2020-14344 This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2143-1 Released: Thu Aug 6 11:06:49 2020 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1174157,CVE-2020-14556,CVE-2020-14562,CVE-2020-14573,CVE-2020-14577,CVE-2020-14581,CVE-2020-14583,CVE-2020-14593,CVE-2020-14621 This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.8+10 (July 2020 CPU, bsc#1174157) * Security fixes: + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming + JDK-8233239, CVE-2020-14562: Enhance TIFF support + JDK-8233255: Better Swing Buttons + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236867, CVE-2020-14573: Enhance Graal interface handling + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238013: Enhance String writing + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240482: Improved WAV file playback + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling * Other changes: + JDK-6933331: (d3d/ogl) java.lang.IllegalStateException: Buffers have not been created + JDK-7124307: JSpinner and changing value by mouse + JDK-8022574: remove HaltNode code after uncommon trap calls + JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails + JDK-8040630: Popup menus and tooltips flicker with previous popup contents when first shown + JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) + JDK-8048215: [TESTBUG] java/lang/management/ManagementFactory/ThreadMXBeanProxy.java Expected non-null LockInfo + JDK-8051349: nsk/jvmti/scenarios/sampling/SP06/sp06t003 fails in nightly + JDK-8080353: JShell: Better error message on attempting to add default method + JDK-8139876: Exclude hanging nsk/stress/stack from execution with deoptimization enabled + JDK-8146090: java/lang/ref/ReachabilityFenceTest.java fails with -XX:+DeoptimizeALot + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8156207: Resource allocated BitMaps are often cleared unnecessarily + JDK-8159740: JShell: corralled declarations do not have correct source to wrapper mapping + JDK-8175984: ICC_Profile has un-needed, not-empty finalize method + JDK-8176359: Frame#setMaximizedbounds not working properly in multi screen environments + JDK-8183369: RFC unconformity of HttpURLConnection with proxy + JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT + JDK-8189861: Refactor CacheFind + JDK-8191169: java/net/Authenticator/B4769350.java failed intermittently + JDK-8191930: [Graal] emits unparseable XML into compile log + JDK-8193879: Java debugger hangs on method invocation + JDK-8196019: java/awt/Window/Grab/GrabTest.java fails on Windows + JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails + JDK-8198000: java/awt/List/EmptyListEventTest/EmptyListEventTest.java debug assert on Windows + JDK-8198001: java/awt/Menu/WrongParentAfterRemoveMenu/ /WrongParentAfterRemoveMenu.java debug assert on Windows + JDK-8198339: Test javax/swing/border/Test6981576.java is unstable + JDK-8200701: jdk/jshell/ExceptionsTest.java fails on Windows, after JDK-8198801 + JDK-8203264: JNI exception pending in PlainDatagramSocketImpl.c:740 + JDK-8203672: JNI exception pending in PlainSocketImpl.c + JDK-8203673: JNI exception pending in DualStackPlainDatagramSocketImpl.c:398 + JDK-8204834: Fix confusing 'allocate' naming in OopStorage + JDK-8205399: Set node color on pinned HashMap.TreeNode deletion + JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure + JDK-8206179: com/sun/management/OperatingSystemMXBean/ /GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value + JDK-8207334: VM times out in VM_HandshakeAllThreads::doit() with RunThese30M + JDK-8208277: Code cache heap (-XX:ReservedCodeCacheSize) doesn't work with 1GB LargePages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2995-1 Released: Thu Oct 22 10:03:09 2020 Summary: Security update for freetype2 Type: security Severity: important References: 1177914,CVE-2020-15999 This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3091-1 Released: Thu Oct 29 16:35:37 2020 Summary: Security update for MozillaThunderbird and mozilla-nspr Type: security Severity: important References: 1174230,1176384,1176756,1176899,1177977,CVE-2020-15673,CVE-2020-15676,CVE-2020-15677,CVE-2020-15678,CVE-2020-15683,CVE-2020-15969 This update for MozillaThunderbird and mozilla-nspr fixes the following issues: - Mozilla Thunderbird 78.4 * new: MailExtensions: browser.tabs.sendMessage API added * new: MailExtensions: messageDisplayScripts API added * changed: Yahoo and AOL mail users using password authentication will be migrated to OAuth2 * changed: MailExtensions: messageDisplay APIs extended to support multiple selected messages * changed: MailExtensions: compose.begin functions now support creating a message with attachments * fixed: Thunderbird could freeze when updating global search index * fixed: Multiple issues with handling of self-signed SSL certificates addressed * fixed: Recipient address fields in compose window could expand to fill all available space * fixed: Inserting emoji characters in message compose window caused unexpected behavior * fixed: Button to restore default folder icon color was not keyboard accessible * fixed: Various keyboard navigation fixes * fixed: Various color-related theme fixes * fixed: MailExtensions: Updating attachments with onBeforeSend.addListener() did not work MFSA 2020-47 (bsc#1177977) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Thunderbird 78.4 - Mozilla Thunderbird 78.3.3 * OpenPGP: Improved support for encrypting with subkeys * OpenPGP message status icons were not visible in message header pane * Creating a new calendar event did not require an event title - Mozilla Thunderbird 78.3.2 (bsc#1176899) * OpenPGP: Improved support for encrypting with subkeys * OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly * Single-click deletion of recipient pills with middle mouse button restored * Searching an address book list did not display results * Dark mode, high contrast, and Windows theming fixes - Mozilla Thunderbird 78.3.1 * fix crash in nsImapProtocol::CreateNewLineFromSocket - Mozilla Thunderbird 78.3.0 MFSA 2020-44 (bsc#1176756) * CVE-2020-15677 Download origin spoofing via redirect * CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element * CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario * CVE-2020-15673 Memory safety bugs fixed in Thunderbird 78.3 - update mozilla-nspr to version 4.25.1 * The macOS platform code for shared library loading was changed to support macOS 11. * Dependency needed for the MozillaThunderbird udpate ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3359-1 Released: Tue Nov 17 13:18:30 2020 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1177943,CVE-2020-14779,CVE-2020-14781,CVE-2020-14782,CVE-2020-14792,CVE-2020-14796,CVE-2020-14797,CVE-2020-14798,CVE-2020-14803 This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.9-11 (October 2020 CPU, bsc#1177943) * New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector * Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Other changes + JDK-6532025: GIF reader throws misleading exception with truncated images + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/ /PDialogTest.java needs update by removing an infinite loop + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/ /Test8017492.java fails + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed + JDK-8134599: TEST_BUG: java/rmi/transport/closeServerSocket/ /CloseServerSocket.java fails intermittently with Address already in use + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8172404: Tools should warn if weak algorithms are used before restricting them + JDK-8193367: Annotated type variable bounds crash javac + JDK-8202117: com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset + JDK-8203026: java.rmi.NoSuchObjectException: no such object in table + JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called + JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout + JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java + JDK-8204963: javax.swing.border.TitledBorder has a memory leak + JDK-8204994: SA might fail to attach to process with 'Windbg Error: WaitForEvent failed' + JDK-8205534: Remove SymbolTable dependency from serviceability agent + JDK-8206309: Tier1 SA tests fail + JDK-8208281: java/nio/channels/ /AsynchronousSocketChannel/Basic.java timed out + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version - step1 + JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect + JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent! + JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version - step2 + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC + JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java + JDK-8210131: vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ /ap10t001/TestDescription.java failed with ObjectFree: GetCurrentThreadCpuTimerInfo returned unexpected error code + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version - step3 + JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack + JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version - step4 + JDK-8210977: jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject + JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test + JDK-8211694: JShell: Redeclared variable should be reset + JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent + JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57) - unexpected. lastLine=52, minLine=52, maxLine=55 + JDK-8212807: tools/jar/multiRelease/Basic.java times out + JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent) + JDK-8213214: Set -Djava.io.tmpdir= when running tests + JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found + JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes + JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface + JDK-8214074: Ghash optimization using AVX instructions + JDK-8214491: Upgrade to JLine 3.9.0 + JDK-8214797: TestJmapCoreMetaspace.java timed out + JDK-8215243: JShell tests failing intermitently with 'Problem cleaning up the following threads:' + JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed + JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions) + JDK-8215438: jshell tool: Ctrl-D causes EOF + JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows + JDK-8216974: HttpConnection not returned to the pool after 204 response + JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time + JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs + JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs + JDK-8221658: aarch64: add necessary predicate for ubfx patterns + JDK-8221759: Crash when completing 'java.io.File.path' + JDK-8221918: runtime/SharedArchiveFile/serviceability/ /ReplaceCriticalClasses.java fails: Shared archive not found + JDK-8222074: Enhance auto vectorization for x86 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command + JDK-8223688: JShell: crash on the instantiation of raw anonymous class + JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error + JDK-8223940: Private key not supported by chosen signature algorithm + JDK-8224184: jshell got IOException at exiting with AIX + JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc + JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException + JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions + JDK-8226536: Catch OOM from deopt that fails rematerializing objects + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8227059: sun/security/tools/keytool/ /DefaultSignatureAlgorithm.java timed out + JDK-8227269: Slow class loading when running with JDWP + JDK-8227595: keytool/fakegen/DefaultSignatureAlgorithm.java fails due to 'exitValue = 6' + JDK-8228448: Jconsole can't connect to itself + JDK-8228967: Trust/Key store and SSL context utilities for tests + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8229815: Upgrade Jline to 3.12.1 + JDK-8230000: some httpclients testng tests run zero test + JDK-8230002: javax/xml/jaxp/unittest/transform/ /SecureProcessingTest.java runs zero test + JDK-8230010: Remove jdk8037819/BasicTest1.java + JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter + JDK-8230402: Allocation of compile task fails with assert: 'Leaking compilation tasks?' + JDK-8230767: FlightRecorderListener returns null recording + JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231586: enlarge encoding space for OopMapValue offsets + JDK-8231953: Wrong assumption in assertion in oop::register_oop + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232083: Minimal VM is broken after JDK-8231586 + JDK-8232161: Align some one-way conversion in MS950 charset with Windows + JDK-8232855: jshell missing word in /help help + JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration + JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR + JDK-8233386: Initialize NULL fields for unused decorations + JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result + JDK-8233686: XML transformer uses excessive amount of memory + JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions + JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment + JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose + JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater() + JDK-8234058: runtime/CompressedOops/ /CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr + JDK-8234149: Several regression tests do not dispose Frame at end + JDK-8234347: 'Turkey' meta time zone does not generate composed localized names + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/ /bug6980209.java fails in linux nightly + JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC + JDK-8234541: C1 emits an empty message when it inlines successfully + JDK-8234687: change javap reporting on unknown attributes + JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11 + JDK-8236548: Localized time zone name inconsistency between English and other locales + JDK-8236617: jtreg test containers/docker/ /TestMemoryAwareness.java fails after 8226575 + JDK-8237182: Update copyright header for shenandoah and epsilon files + JDK-8237888: security/infra/java/security/cert/ /CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval + JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java + JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response + JDK-8238284: [macos] Zero VM build fails due to an obvious typo + JDK-8238380: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code + JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() || ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete_methods())), 'should be non-static concrete method'); + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8240169: javadoc fails to link to non-modular api docs + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8240360: NativeLibraryEvent has wrong library name on Linux + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + JDK-8241065: Shenandoah: remove leftover code after JDK-8231086 + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows + JDK-8241130: com.sun.jndi.ldap.EventSupport.removeDeadNotifier: java.lang.NullPointerException + JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark + JDK-8241478: vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME + JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8242184: CRL generation error with RSASSA-PSS + JDK-8242283: Can't start JVM when java home path includes non-ASCII character + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8243029: Rewrite javax/net/ssl/compatibility/ /Compatibility.java with a flexible interop test framework + JDK-8243138: Enhance BaseLdapServer to support starttls extended request + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8243389: enhance os::pd_print_cpu_info on linux + JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment + JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows) + JDK-8244087: 2020-04-24 public suffix list update + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base + JDK-8244196: adjust output in os_linux + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8244287: JFR: Methods samples have line number 0 + JDK-8244703: 'platform encoding not initialized' exceptions with debugger, JNI + JDK-8244719: CTW: C2 compilation fails with 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed: remove node from hash table before modifying it' + JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb + JDK-8244763: Update --release 8 symbol information after JSR 337 MR3 + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8245151: jarsigner should not raise duplicate warnings on verification + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9 + JDK-8245714: 'Bad graph detected in build_loop_late' when loads are pinned on loop limit check uncommon branch + JDK-8245801: StressRecompilation triggers assert 'redundunt OSR recompilation detected. memory leak in CodeCache!' + JDK-8245832: JDK build make-static-libs should build all JDK libraries + JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan + JDK-8245981: Upgrade to jQuery 3.5.1 + JDK-8246027: Minimal fastdebug build broken after JDK-8245801 + JDK-8246094: [macos] Sound Recording and playback is not working + JDK-8246153: TestEliminateArrayCopy fails with -XX:+StressReflectiveCode + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ + JDK-8246196: javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError + JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN + JDK-8246330: Add TLS Tests for Legacy ECDSA curves + JDK-8246453: TestClone crashes with 'all collected exceptions must come from the same place' + JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods + JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node + JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code + JDK-8247615: Initialize the bytes left for the heap sampler + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand + JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&' + JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield + JDK-8248348: Regression caused by the update to BCEL 6.0 + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1 + JDK-8248495: [macos] zerovm is broken due to libffi headers location + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows + JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650 + JDK-8249215: JFrame::setVisible crashed with -Dfile.encoding=UTF-8 on Japanese Windows. + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel + JDK-8249255: Build fails if source code in cygwin home dir + JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11 + JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList + JDK-8249560: Shenandoah: Fix racy GC request handling + JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets + JDK-8250609: C2 crash in IfNode::fold_compares + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java + JDK-8250787: Provider.put no longer registering aliases in FIPS env + JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM + JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk + JDK-8250844: Make sure {type,obj}ArrayOopDesc accessors check the bounds + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase + JDK-8252120: compiler/oracle/TestCompileCommand.java misspells 'occured' + JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility + JDK-8252258: [11u] JDK-8242154 changes the default vendor + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011 + JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11 + JDK-8253283: [11u] Test build/translations/ /VerifyTranslations.java failing after JDK-8252258 + JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes + Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk 11.0.9 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:352-1 Released: Tue Feb 9 15:02:05 2021 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1181239 This update for java-11-openjdk fixes the following issues: java-11-openjdk was upgraded to include January 2021 CPU (bsc#1181239) - Enable Sheandoah GC for x86_64 (jsc#ECO-3171) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1007-1 Released: Thu Apr 1 17:47:20 2021 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1183942,CVE-2021-23981,CVE-2021-23982,CVE-2021-23984,CVE-2021-23987 This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1409-1 Released: Wed Apr 28 16:32:50 2021 Summary: Security update for giflib Type: security Severity: low References: 1184123 This update for giflib fixes the following issues: - Enable Position Independent Code and inherit CFLAGS from the build system (bsc#1184123). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1554-1 Released: Tue May 11 09:43:41 2021 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1184606,1185055,1185056,CVE-2021-2161,CVE-2021-2163 This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.11+9 (April 2021 CPU) * CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055) * CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder (bsc#1185056) - moved mozilla-nss dependency to java-11-openjdk-headless package, this is necessary to be able to do crypto with just java-11-openjdk-headless installed (bsc#1184606). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2952-1 Released: Fri Sep 3 14:38:44 2021 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1185476,1188564,1188565,1188566,CVE-2021-2341,CVE-2021-2369,CVE-2021-2388 This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.12+7 - CVE-2021-2369: Fixed JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. (bsc#1188566) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3115-1 Released: Thu Sep 16 14:04:26 2021 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1029961,1174697,1176206,1176934,1179382,1188891,CVE-2020-12400,CVE-2020-12401,CVE-2020-12403,CVE-2020-25648,CVE-2020-6829 This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version. Mozilla NSS was updated to version 3.68: * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports('vsx') with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the ???Staat der Nederlanden Root CA - G3??? root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008???. * bmo#1694291 - Tracing fixes for ECH. update to NSS 3.62 * bmo#1688374 - Fix parallel build NSS-3.61 with make * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt 'cachedCertTable' * bmo#1690583 - Fix CH padding extension size calculation * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail * bmo#1690421 - Install packaged libabigail in docker-builds image * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing * bmo#1674819 - Fixup a51fae403328, enum type may be signed * bmo#1681585 - Add ECH support to selfserv * bmo#1681585 - Update ECH to Draft-09 * bmo#1678398 - Add Export/Import functions for HPKE context * bmo#1678398 - Update HPKE to draft-07 update to NSS 3.61 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. Update to NSS 3.60.1: Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. Update to NSS 3.59.1: * bmo#1679290 - Fix potential deadlock with certain third-party PKCS11 modules Update to NSS 3.59: Notable changes: * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. update to NSS 3.57 * The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097 * The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3 * Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed. * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting 'all' as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. update to NSS 3.54 Notable changes * Support for TLS 1.3 external pre-shared keys (bmo#1603042). * Use ARM Cryptography Extension for SHA256, when available (bmo#1528113) * The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017. * The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3. * A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list. Bugs fixed * bmo#1528113 - Use ARM Cryptography Extension for SHA256. * bmo#1603042 - Add TLS 1.3 external PSK support. * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows. * bmo#1645186 - Add 'certSIGN Root CA G2' root certificate. * bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate. * bmo#1641716 - Add Microsoft's non-EV root certificates. * bmo1621151 - Disable email trust bit for 'O=Government Root Certification Authority; C=TW' root. * bmo#1645199 - Remove AddTrust root certificates. * bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate. * bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root certificate. * bmo#1618402 - Remove Symantec root certificates and disable email trust bit. * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26. * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c. * bmo#1642153 - Fix infinite recursion building NSS. * bmo#1642638 - Fix fuzzing assertion crash. * bmo#1642871 - Enable SSL_SendSessionTicket after resumption. * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs. * bmo#1643557 - Fix numerous compile warnings in NSS. * bmo#1644774 - SSL gtests to use ClearServerCache when resetting self-encrypt keys. * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c. * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3171-1 Released: Mon Sep 20 17:26:34 2021 Summary: Recommended update for java-11-openjdk Type: recommended Severity: important References: 1189201,1190252 This update for java-11-openjdk fixes the following issues: - Implement FIPS support in OpenJDK - Fix build with 'glibc-2.34' (bsc#1189201) - Add support for 'riscv64' (zero VM) - Make NSS the default security provider. (bsc#1190252) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3671-1 Released: Tue Nov 16 14:48:10 2021 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1191901,1191903,1191904,1191906,1191909,1191910,1191911,1191912,1191913,1191914,CVE-2021-35550,CVE-2021-35556,CVE-2021-35559,CVE-2021-35561,CVE-2021-35564,CVE-2021-35565,CVE-2021-35567,CVE-2021-35578,CVE-2021-35586,CVE-2021-35603 This update for java-11-openjdk fixes the following issues: Update to 11.0.13+8 (October 2021 CPU) - CVE-2021-35550, bsc#1191901: Update the default enabled cipher suites preference - CVE-2021-35565, bsc#1191909: com.sun.net.HttpsServer spins on TLS session close - CVE-2021-35556, bsc#1191910: Richer Text Editors - CVE-2021-35559, bsc#1191911: Enhanced style for RTF kit - CVE-2021-35561, bsc#1191912: Better hashing support - CVE-2021-35564, bsc#1191913: Improve Keystore integrity - CVE-2021-35567, bsc#1191903: More Constrained Delegation - CVE-2021-35578, bsc#1191904: Improve TLS client handshaking - CVE-2021-35586, bsc#1191914: Better BMP support - CVE-2021-35603, bsc#1191906: Better session identification - Improve Stream handling for SSL - Improve requests of certificates - Correct certificate requests - Enhance DTLS client handshake ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4107-1 Released: Thu Dec 16 19:02:22 2021 Summary: Security update for log4j Type: security Severity: important References: 1193743,CVE-2021-44228,CVE-2021-45046 This update for log4j fixes the following issue: - Previously published fixes for log4jshell turned out to be incomplete. Upstream has followed up on the original patch for CVE-2021-44228 with several additional changes (LOG4J2-3198, LOG4J2-3201, LOG4J2-3208, and LOG4J2-3211) that are included in this update. Since the totality of those patches is pretty much equivalent to an update to the latest version of log4j, we did update the package's tarball from version 2.13.0 to 2.16.0 instead of trying to apply those patches to the old version. This change brings in a new dependency on 'jakarta-servlet' and a version update of 'disruptor'. [bsc#1193743, CVE-2021-45046] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:12-1 Released: Mon Jan 3 15:36:04 2022 Summary: Recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff Type: recommended Severity: moderate References: This recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff provides the following fix: - Ship some missing binaries to PackageHub. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:143-1 Released: Thu Jan 20 14:32:30 2022 Summary: Recommended update for java-11-openjdk Type: recommended Severity: moderate References: 1193314 This update for java-11-openjdk fixes the following issues: - Java Cryptography was always operating in FIPS mode if crypto-policies was not used. - Allow plain key import in fips mode unless 'com.suse.fips.plainKeySupport' is set to false ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:816-1 Released: Mon Mar 14 10:22:04 2022 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1194925,1194926,1194927,1194928,1194929,1194930,1194931,1194932,1194933,1194934,1194935,1194937,1194939,1194940,1194941,CVE-2022-21248,CVE-2022-21277,CVE-2022-21282,CVE-2022-21283,CVE-2022-21291,CVE-2022-21293,CVE-2022-21294,CVE-2022-21296,CVE-2022-21299,CVE-2022-21305,CVE-2022-21340,CVE-2022-21341,CVE-2022-21360,CVE-2022-21365,CVE-2022-21366 This update for java-11-openjdk fixes the following issues: - CVE-2022-21248: Fixed incomplete deserialization class filtering in ObjectInputStream. (bnc#1194926) - CVE-2022-21277: Fixed incorrect reading of TIFF files in TIFFNullDecompressor. (bnc#1194930) - CVE-2022-21282: Fixed Insufficient URI checks in the XSLT TransformerImpl. (bnc#1194933) - CVE-2022-21283: Fixed unexpected exception thrown in regex Pattern. (bnc#1194937) - CVE-2022-21291: Fixed Incorrect marking of writeable fields. (bnc#1194925) - CVE-2022-21293: Fixed Incomplete checks of StringBuffer and StringBuilder during deserialization. (bnc#1194935) - CVE-2022-21294: Fixed Incorrect IdentityHashMap size checks during deserialization. (bnc#1194934) - CVE-2022-21296: Fixed Incorrect access checks in XMLEntityManager. (bnc#1194932) - CVE-2022-21299: Fixed Infinite loop related to incorrect handling of newlines in XMLEntityScanner. (bnc#1194931) - CVE-2022-21305: Fixed Array indexing issues in LIRGenerator. (bnc#1194939) - CVE-2022-21340: Fixed Excessive resource use when reading JAR manifest attributes. (bnc#1194940) - CVE-2022-21341: Fixed OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream. (bnc#1194941) - CVE-2022-21360: Fixed Excessive memory allocation in BMPImageReader. (bnc#1194929) - CVE-2022-21365: Fixed Integer overflow in BMPImageReader. (bnc#1194928) - CVE-2022-21366: Fixed Excessive memory allocation in TIFF*Decompressor. (bnc#1194927) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1033-1 Released: Tue Mar 29 18:42:05 2022 Summary: Recommended update for java-11-openjdk Type: recommended Severity: moderate References: This update for java-11-openjdk fixes the following issues: - Build failure on Solaris. - Unable to connect to https://google.com using java.net.HttpClient. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1513-1 Released: Tue May 3 16:13:25 2022 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1198671,1198672,1198673,1198674,1198675,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21476,CVE-2022-21496 This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198672). - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198674). - CVE-2022-21496: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198673). - CVE-2022-21443: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198675). - CVE-2022-21476: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198671). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1565-1 Released: Fri May 6 17:09:36 2022 Summary: Security update for giflib Type: security Severity: moderate References: 1094832,1146299,1184123,974847,CVE-2016-3977,CVE-2018-11490,CVE-2019-15133 This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero (bsc#1146299). - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c (bsc#1094832). - CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb (bsc#974847). Update to version 5.2.1 * In gifbuild.c, avoid a core dump on no color map. * Restore inadvertently removed library version numbers in Makefile. Changes in version 5.2.0 * The undocumented and deprecated GifQuantizeBuffer() entry point has been moved to the util library to reduce libgif size and attack surface. Applications needing this function are couraged to link the util library or make their own copy. * The following obsolete utility programs are no longer installed: gifecho, giffilter, gifinto, gifsponge. These were either installed in error or have been obsolesced by modern image-transformmation tools like ImageMagick convert. They may be removed entirely in a future release. * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 * Address SF bug #134: Giflib fails to slurp significant number of gifs * Apply SPDX convention for license tagging. Changes in version 5.1.9 * The documentation directory now includes an HTMlified version of the GIF89 standard, and a more detailed description of how LZW compression is applied to GIFs. * Address SF bug #129: The latest version of giflib cannot be build on windows. * Address SF bug #126: Cannot compile giflib using c89 Changes in version 5.1.8 * Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299) * Address SF bug #125: 5.1.7: xmlto is still required for tarball * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible * Address SF bug #122: 5.1.7 installs manpages to wrong directory * Address SF bug #121: make: getversion: Command not found * Address SF bug #120: 5.1.7 does not build a proper library - no Changes in version 5.1.7 * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. Changes in version 5.1.6 * Fix library installation in the Makefile. Changes in version 5.1.5 * Fix SF bug #114: Null dereferences in main() of gifclrmp * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. This had been assigned (CVE-2018-11490 bsc#1094832). * Fix SF bug #111: segmentation fault in PrintCodeBlock * Fix SF bug #109: Segmentation fault of giftool reading a crafted file * Fix SF bug #107: Floating point exception in giftext utility * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 * Fix SF bug #104: Ineffective bounds check in DGifSlurp * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847) * The horrible old autoconf build system has been removed with extreme prejudice. You now build this simply by running 'make' from the top-level directory. The following non-security bugs were fixed: - build path independent objects and inherit CFLAGS from the build system (bsc#1184123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2060-1 Released: Mon Jun 13 15:26:16 2022 Summary: Recommended update for geronimo-specs Type: recommended Severity: moderate References: 1200426 This recommended update for geronimo-specs provides the following fix: - Ship geronimo-annotation-1_0-api to SUSE Manager server as it is now needed by google-gson. (bsc#1200426) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2396-1 Released: Thu Jul 14 11:57:58 2022 Summary: Security update for logrotate Type: security Severity: important References: 1192449,1199652,1200278,1200802,CVE-2022-1348 This update for logrotate fixes the following issues: Security issues fixed: - CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652). - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2533-1 Released: Fri Jul 22 17:37:15 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2595-1 Released: Fri Jul 29 16:00:42 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2707-1 Released: Tue Aug 9 10:18:18 2022 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1201684,1201692,1201694,CVE-2022-21540,CVE-2022-21541,CVE-2022-34169 This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2939-1 Released: Mon Aug 29 14:49:17 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1201298,1202645 This update for mozilla-nss fixes the following issues: Update to NSS 3.79.1 (bsc#1202645) * compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_ComputeCertType. * protect SFTKSlot needLogin with slotLock. * avoid data race on primary password change. * check for null template in sec_asn1{d,e}_push_state. - FIPS: unapprove the rest of the DSA ciphers, keeping signature verification only (bsc#1201298). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3252-1 Released: Mon Sep 12 09:07:53 2022 Summary: Security update for freetype2 Type: security Severity: moderate References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406 This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830). - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832). - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823). Non-security fixes: - Updated to version 2.10.4 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3873-1 Released: Fri Nov 4 14:58:08 2022 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.34.1: * add file descriptor sanity checks in the NSPR poll function. mozilla-nss was updated to NSS 3.79.2 (bsc#1204729): * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. Other fixes that were applied: - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Prevent TLS sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Use libjitterentropy for entropy (bsc#1202870). - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3958-1 Released: Fri Nov 11 15:20:45 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.79.2 (bsc#1204729) * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). - FIPS: Prevent sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Enable userspace entropy gathering via libjitterentropy (bsc#1202870). - FIPS: Prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - FIPS: Use libjitterentropy for entropy. - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4078-1 Released: Fri Nov 18 15:34:17 2022 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1203476,1204468,1204471,1204472,1204473,1204475,1204480,1204523,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21626,CVE-2022-21628,CVE-2022-39399 This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.17+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21626: Key X509 usages (bsc#1204471) - CVE-2022-21618: Wider MultiByte (bsc#1204468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4492-1 Released: Wed Dec 14 13:52:39 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298 This update for mozilla-nss fixes the following issues: - FIPS: Disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298) - FIPS: Allow the use SHA keygen mechs (bsc#1191546). - FIPS: ensure abort() is called when the repeat integrity check fails (bsc#1198980). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:119-1 Released: Fri Jan 20 10:28:07 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1204272,1207038,CVE-2022-23491,CVE-2022-3479 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:434-1 Released: Thu Feb 16 09:08:05 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1208138,CVE-2023-0767 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:557-1 Released: Tue Feb 28 09:29:15 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:752-1 Released: Thu Mar 16 08:40:03 2023 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1206549,1207246,1207248,CVE-2023-21835,CVE-2023-21843 This update for java-11-openjdk fixes the following issues: - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). Bugfixes: - Remove broken accessibility sub-package (bsc#1206549). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:775-1 Released: Thu Mar 16 15:58:55 2023 Summary: Feature for updating the Java stack Type: feature Severity: critical References: 1047218,1062631,1120360,1133997,1134001,1145693,1171696,1172961,1173600,1177180,1177488,1177568,1179926,1180215,1182284,1182708,1182748,1182754,1184356,1184357,1184755,1186328,1187446,1188468,1188469,1188529,1190660,1190663,1193795,1195108,1195557,1198279,1198404,1198739,1198833,1201081,1201316,1201317,1203154,1203515,1203516,1203672,1203673,1203674,1203868,1204173,1204284,1204918,1205138,1205142,1205647,1206018,1206400,1206401,CVE-2019-17566,CVE-2020-11022,CVE-2020-11023,CVE-2020-11979,CVE-2020-11987,CVE-2020-11988,CVE-2020-13956,CVE-2020-15522,CVE-2020-1945,CVE-2020-26945,CVE-2020-28052,CVE-2020-2875,CVE-2020-2933,CVE-2020-2934,CVE-2020-8908,CVE-2021-2471,CVE-2021-26291,CVE-2021-27807,CVE-2021-27906,CVE-2021-29425,CVE-2021-33813,CVE-2021-36373,CVE-2021-36374,CVE-2021-37533,CVE-2021-42550,CVE-2021-43980,CVE-2022-2047,CVE-2022-2048,CVE-2022-23437,CVE-2022-24839,CVE-2022-28366,CVE-2022-29599,CVE-2022-37865,CVE-2022-37866,CVE-2022-38398,CVE-2022-38648,CVE-2022-38752,CVE-20 22-40146,CVE-2022-40149,CVE-2022-40150,CVE-2022-42252,CVE-2022-42889,CVE-2022-45685,CVE-2022-45693 This feature update for the Java stack provides: ant: - Update ant from version 1.10.7 to version 1.10.12. (jsc#SLE-23217) * CVE-2021-36374: Excessive memory allocation when reading a crafted ZIP archive or a derived formats. (bsc#1188469) * CVE-2021-36373: Excessive memory allocation when reading a crafted TAR archive. (bsc#1188468) * Do not follow redirects if the 'followRedirects' attribute is set to 'false'. * Make sure setting build.compiler to the fully qualified classname that corresponds to extJavac or modern has the same effect as using the shorter alias names. * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. * Avoid file name canonicalization when possible. * Upgraded AntUnit to 1.4.1. * CVE-2020-11979: Fixed an insecure temporary file vulnerability. (bnc#1177180) * CVE-2020-1945: insecure temporary file vulnerability. (bsc#1171696) * sshexec, sshsession and scp now support a new sshConfig parameter. It specifies the SSH configuration file (typically ${user.home}/.ssh/config) defining the username and keyfile to be used per host. * Add rhino to the ant-apache-bsf optional tasks. (bsc#1134001) * Remove jakarta-commons-* dependencies and use apache-commons-logging and apache-commons-net in optional tasks. (bsc#1133997) * Use xml-commons-apis-bootstrap as jar in classpath instead of the common xml-apis jar. * Do not build against the log4j12 packages, use the new reload4j ant-antlr: - Update ant-antlr from version 1.10.7 to version 1.10.12. (jsc#SLE-23217) * CVE-2021-36374: Excessive memory allocation when reading a crafted ZIP archive or a derived formats. (bsc#1188469) * CVE-2021-36373: Excessive memory allocation when reading a crafted TAR archive. (bsc#1188468) * Do not follow redirects if the 'followRedirects' attribute is set to 'false'. * Make sure setting build.compiler to the fully qualified classname that corresponds to extJavac or modern has the same effect as using the shorter alias names. * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. * Avoid file name canonicalization when possible. * Upgraded AntUnit to 1.4.1. * CVE-2020-11979: Fixed an insecure temporary file vulnerability. (bnc#1177180) * CVE-2020-1945: insecure temporary file vulnerability. (bsc#1171696) * sshexec, sshsession and scp now support a new sshConfig parameter. It specifies the SSH configuration file (typically ${user.home}/.ssh/config) defining the username and keyfile to be used per host. * Add rhino to the ant-apache-bsf optional tasks. (bsc#1134001) * Remove jakarta-commons-* dependencies and use apache-commons-logging and apache-commons-net in optional tasks. (bsc#1133997) * Use xml-commons-apis-bootstrap as jar in classpath instead of the common xml-apis jar. * Do not build against the log4j12 packages, use the new reload4j ant-contrib: - Fix build with apache-ivy 2.5.1 (jsc#SLE-23217) ant-junit: - Update ant-junit from version 1.10.7 to version 1.10.12. (jsc#SLE-23217) * CVE-2021-36374: Excessive memory allocation when reading a crafted ZIP archive or a derived formats. (bsc#1188469) * CVE-2021-36373: Excessive memory allocation when reading a crafted TAR archive. (bsc#1188468) * Do not follow redirects if the 'followRedirects' attribute is set to 'false'. * Make sure setting build.compiler to the fully qualified classname that corresponds to extJavac or modern has the same effect as using the shorter alias names. * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. * Avoid file name canonicalization when possible. * Upgraded AntUnit to 1.4.1. * CVE-2020-11979: Fixed an insecure temporary file vulnerability. (bnc#1177180) * CVE-2020-1945: insecure temporary file vulnerability. (bsc#1171696) * sshexec, sshsession and scp now support a new sshConfig parameter. It specifies the SSH configuration file (typically ${user.home}/.ssh/config) defining the username and keyfile to be used per host. * Add rhino to the ant-apache-bsf optional tasks. (bsc#1134001) * Remove jakarta-commons-* dependencies and use apache-commons-logging and apache-commons-net in optional tasks. (bsc#1133997) * Use xml-commons-apis-bootstrap as jar in classpath instead of the common xml-apis jar. * Do not build against the log4j12 packages, use the new reload4j ant-junit5: - Update ant-junit5 from version 1.10.7 to version 1.10.12. (jsc#SLE-23217) * CVE-2021-36374: Excessive memory allocation when reading a crafted ZIP archive or a derived formats. (bsc#1188469) * CVE-2021-36373: Excessive memory allocation when reading a crafted TAR archive. (bsc#1188468) * Do not follow redirects if the 'followRedirects' attribute is set to 'false'. * Make sure setting build.compiler to the fully qualified classname that corresponds to extJavac or modern has the same effect as using the shorter alias names. * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. * Avoid file name canonicalization when possible. * Upgraded AntUnit to 1.4.1. * CVE-2020-11979: Fixed an insecure temporary file vulnerability. (bnc#1177180) * CVE-2020-1945: insecure temporary file vulnerability. (bsc#1171696) * sshexec, sshsession and scp now support a new sshConfig parameter. It specifies the SSH configuration file (typically ${user.home}/.ssh/config) defining the username and keyfile to be used per host. * Add rhino to the ant-apache-bsf optional tasks. (bsc#1134001) * Remove jakarta-commons-* dependencies and use apache-commons-logging and apache-commons-net in optional tasks. (bsc#1133997) * Use xml-commons-apis-bootstrap as jar in classpath instead of the common xml-apis jar. - Do not build against the log4j12 packages, use the new reload4j antlr: - Build antlr-manual package without examples files. (bsc#1120360) antlr3: - Build with source and target levels 8 (jsc#SLE-23217) antlr4: - Update antlr4 from version 4.7.2 to version 4.9.3. (jsc#SLE-23217) * The libantlr4-runtime-devel now requires utfcpp-devel * For more details check: https://github.com/antlr/antlr4/compare/4.7.2...4.9.3 aopalliance: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-beanutils: - Provide apache-commons-beanutils 1.9.4 and solve installation issues. (jsc#SLE-23217) - There are no source changes. apache-commons-cli: - Update apache-commons-cli from version 1.4 to version 1.5.0. (jsc#SLE-23217) * Replace deprecated FindBugs with SpotBugs * Replace CLIRR with JApiCmp. * Update Java from version 5 to 7 * Remove deprecated sudo setting * Bump junit:junit to 4.13.2 * Bump commons-parent to 52 * Bump maven-pmd-plugin to 3.15.0 * Bump actions/checkout to v2.3.5 * Bump actions/setup-java to v2 * Bump maven-antrun-plugin to 3.0.0 * Bump maven-checkstyle-plugin to 3.1.2 * Bump checkstyle to 9.0.1 * Bump actions/cache to 2.1.6 * Bump commons.animal-sniffer.version to 1.20 * Bump maven-bundle-plugin to 5.1.2 * Bump biz.aQute.bndlib.version to 6.0.0 * Bump spotbugs to 4.4.2 * Bump spotbugs-maven-plugin to 4.4.2.2 * Add OSGi manifest to the build files. * Set java source/target levels to 6 apache-commons-codec: - Update apache-commons-codec from version 1.11 to version 1.15. (jsc#SLE-23217) * Do not alias the artifact to itself * Base16Codec and Base16Input/OutputStream. * Hex encode/decode with existing arrays. * Base32/Base64 Input/OutputStream: Added strict decoding property to control handling of trailing bits. Default lenient mode discards them without error. Strict mode raise an exception. * Update tests from JUnit to 4.13. * Update actions/checkout to v2.3.2 * Update actions/setup-java to v1.4.1. * MurmurHash3: Deprecate hash64 methods and hash methods accepting a String that use the default encoding. * Allow repeat calls to MurmurHash3.IncrementalHash32.end() to generate the same value. * Add RandomAccessFile digest methods * Add Path APIs to org.apache.commons.codec.digest.DigestUtils similar to File APIs. * Add SHA-512/224 and SHA-512/256 to DigestUtils for Java 9 and up. * Deprecate Charset constants in org.apache.commons.codec.Charsets in favor of java.nio.charset.StandardCharsets. * Reject any decode request for a value that is impossible to encode to for Base32/Base64. * MurmurHash2 for 32-bit or 64-bit value. * MurmurHash3 for 32-bit or 128-bit value. * Update from Java 6 to Java 7. * Add Percent-Encoding Codec (described in RFC3986 and RFC7578) * Add SHA-3 methods in DigestUtils. apache-commons-collections4: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-collections: - Do not use a dummy pom that only declares dependencies for the testframework artifact apache-commons-compress: - Remove support for pack200 which depends on old asm3. (jsc#SLE-23217) apache-commons-configuration: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-csv: - Provide apache-commons-csv version 1.9.0 (jsc#SLE-23217) apache-commons-daemon: - Update apache-commons-daemon from version 1.0.15 to version 1.2.4. (jsc#SLE-23217) * Build with source/target levels 8 * Ensure that log messages written to stdout and stderr are not lost during start-up. * Enable the service to start if the Options value is not present in the registry. * jsvc. Don't fail if the CAP_DAC_READ_SEARCH capability is not available. Fall back to using argv[0] rather than /proc/self/exe to determine the path for the current binary. * Improved JRE/JDK detection to support increased range of both JVM versions and vendors * Correct multiple issues related to enabling a service to interact with the desktop. Provide a better error message if this option is used with an invalid user, install the service with the option enabled if requested and correctly save the setting if it is enabled in the GUI. * Update the list of paths searched for libjvm.so to include the path used by OpenJDK 11. * Add additional debug logging for Java start mode. * Remove incorrect definition 'supported_os' which defined in psupport.m4 file to fix jsvc build error on s390, arm, aarch64, mipsel and mips. * More debug logging in prunsrv.c and javajni.c. * Update arguments.c to support Java 11 --enable-preview. * jsvc and Procrun: ad support for Java native memory tracking. * Procrun. Add a new command, print, that outputs the command to (re-)configure the service with the current settings. This is intended to be used to save settings such as before an upgrade. * Update: Update Commons-Parent to version 49. * Add AArch64 support to src/native/unix/support/apsupport.m4. * Procrun. When running in jre mode, if the standard Java registry entries for JavaHome and RuntimeLib are not present, attempt to use the Procrun JavaHome key to find the runtime library. * Procrun. Add an option to configure the service to use the 'Automatic (Delayed Start)' startup mode. * jsvc. Include the full path to the jsvc executable in the debug log. * Remove support for building Procrun for the Itanium platform. apache-commons-dbcp: - Provide apache-commons-dbcp version 2.1.1 and solve installation issues. (jsc#SLE-23217) - There are no source changes. apache-commons-digester: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-el: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-exec: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-fileupload: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-io: - Update apache-commons-io from version 2.6 to version 2.11.0. (jsc#SLE-23217) * CVE-2021-29425: Limited path traversal in Apache Commons IO (bsc#1184755) * Java 8 or later is required * This update provides several fixes and enhancements. For a full overview please, visit: https://commons.apache.org/proper/commons-io/changes-report.html apache-commons-jexl: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-lang3: - Update apache-commons-lang3 from version 3.8.1 to version 3.12.0. (jsc#SLE-23217) * Remove the junit bom dependency as it breaks the build of other packages like log4j. * Fix component version in default.properties to 3.12 * Add BooleanUtils.booleanValues(). * Add BooleanUtils.primitiveValues(). * Add StringUtils.containsAnyIgnoreCase(CharSequence, CharSequence...). * Add StopWatch.getStopTime(). * Add fluent-style ArraySorter. * Add and use LocaleUtils.toLocale(Locale) to avoid NPEs. * Add FailableShortSupplier, handy for JDBC APIs. * Add JavaVersion.JAVA_17. * Add missing boolean[] join method. * Add StringUtils.substringBefore(String, int). * Add Range.INTEGER. * Add DurationUtils. * Introduce the use of @Nonnull, and @Nullable, and the Objects class as a helper tool. * Add and use true and false String constants. * Add and use ObjectUtils.requireNonEmpty(). * Correct implementation of RandomUtils.nextLong(long, long). * Restore handling of collections for non-JSON ToStringStyle. * ContextedException Javadoc add missing semicolon. * Resolve JUnit pioneer transitive dependencies using JUnit BOM. * NumberUtilsTest - incorrect types in min/max tests. * Improve StringUtils.stripAccents conversion of remaining accents. * StringUtils.countMatches - clarify Javadoc. * Remove redundant argument from substring call. * BigDecimal is created when you pass it the min and max values. * TypeUtils.isAssignable returns wrong result for GenericArrayType and ParameterizedType. * testGetAllFields and testGetFieldsWithAnnotation sometimes fail. * TypeUtils. containsTypeVariables does not support GenericArrayType. * Refine StringUtils.lastIndexOfIgnoreCase. * Refine StringUtils.abbreviate. * Refine StringUtils.isNumericSpace. * Refine StringUtils.deleteWhitespace. * MethodUtils.invokeMethod NullPointerException in case of null in args list. * Fix 2 digit week year formatting. * Add and use ThreadUtils.sleep(Duration). * Add and use ThreadUtils.join(Thread, Duration). * Add ObjectUtils.wait(Duration). * ArrayUtils.toPrimitive(Object) does not support boolean and other types. * Processor.java: check enum equality with == instead of .equals() method. * Use own validator ObjectUtils.anyNull to check null String input. * Add ArrayUtils.isSameLength() to compare more array types. * Added the Locks class as a convenient possibility to deal with locked objects. * Add to Functions: FailableBooleanSupplier, FailableIntSupplier, FailableLongSupplier, FailableDoubleSupplier... * Add ArrayUtils.get(T[], index, T) to provide an out-of-bounds default value. * Add JavaVersion enum constants for Java 14, 15 and 16. * Use Java 8 lambdas and Map operations. * Change removeLastFieldSeparator to use endsWith. * Change a Pattern to a static final field, for not letting it compile each time the function invoked. * Add ImmutablePair factory methods left() and right(). * Add ObjectUtils.toString(Object, Supplier). * Add org.apache.commons.lang3.StringUtils.substringAfter(String, int). * Add org.apache.commons.lang3.StringUtils.substringAfterLast(String, int). * Use StandardCharsets.UTF_8. * Use Collections.singletonList insteadof Arrays.asList when there be only one element. * Change array style from `int a[]` to `int[] a`. * Change from addAll to constructors for some List. * Simplify if as some conditions are covered by others. * Fixed Javadocs for setTestRecursive(). * ToStringBuilder.reflectionToString - Wrong JSON format when object has a List of Enum. * Make org.apache.commons.lang3.CharSequenceUtils.toCharArray(CharSequence) public. * Update actions/cache from v2 to v2.1.4. * Update actions/checkout from v2.3.1 to v2.3.4. * Update actions/setup-java from v1.4.0 to v1.4.2. * Update biz.aQute.bndlib from 5.1.1 to 5.3.0. * Update com.puppycrawl.tools:checkstyle to 8.34. * Update commons.jacoco.version 0.8.5 to 0.8.6 (Fixes Java 15 builds). * Update commons.japicmp.version to 0.15.2. * Update jmh.version from 1.21 to 1.27. * Update junit-bom from 5.7.0 to 5.7.1. * Update junit-jupiter to 5.7.0. * Update junit-pioneer to 1.3.0. * Update maven-checkstyle-plugin to 3.1.2. * Update maven-pmd-plugin from 3.13.0 to 3.14.0. * Update maven-surefire-plugin 2.22.2 -> 3.0.0-M5. * Update org.apache.commons:commons-parent to 51. * Update org.easymock:easymock to 4.2. * Update org.hamcrest:hamcrest 2.1 -> 2.2. * Update org.junit.jupiter:junit-jupiter to 5.6.2. * Update spotbugs to 4.2.1. * Update spotbugs-maven-plugin from 4.0.0 to 4.2.0. * Add ExceptionUtils.throwableOfType(Throwable, Class) and friends. * Add EMPTY_ARRAY constants to classes in org.apache.commons.lang3.tuple. * Add null-safe StringUtils APIs to wrap String#getBytes([Charset|String]). * Add zero arg constructor for org.apache.commons.lang3.NotImplementedException. * Add ArrayUtils.addFirst() methods. * Add Range.fit(T) to fit a value into a range. * Added Functions.as*, and tests thereof, as suggested by Peter Verhas * Add getters for lhs and rhs objects in DiffResult. * Generify builder classes Diffable, DiffBuilder, and DiffResult. * Add ClassLoaderUtils with toString() implementations. * Add null-safe APIs as StringUtils.toRootLowerCase(String) and StringUtils.toRootUpperCase(String). * Add org.apache.commons.lang3.time.Calendars. * Add EnumUtils getEnum() methods with default values. * Added indexesOf methods and simplified removeAllOccurences. * Add support of lambda value evaluation for defaulting methods. * Add factory methods to Pair classes with Map.Entry input. * Add StopWatch convenience APIs to format times and create a simple instance. * Allow a StopWatch to carry an optional message. * Add ComparableUtils. * Add org.apache.commons.lang3.SystemUtils.getUserName(). * Add ObjectToStringComparator. * Add org.apache.commons.lang3.arch.Processor.Arch.getLabel(). * Add IS_JAVA_14 and IS_JAVA_15 to org.apache.commons.lang3.SystemUtils. * ObjectUtils: Get first non-null supplier value. * Added the Streams class, and Functions.stream() as an accessor thereof. * Make test more stable by wrapping assertions in hashset. * Use synchronize on a set created with Collections.synchronizedSet before iterating. * StringUtils.unwrap incorrect throw StringIndexOutOfBoundsException. * StringIndexOutOfBoundsException in StringUtils.replaceIgnoreCase. * StringUtils.removeIgnoreCase('?a', 'a') throws IndexOutOfBoundsException. * StringUtils abbreviate returns String of length greater than maxWidth. * Deprecate org.apache.commons.lang3.ArrayUtils.removeAllOccurences(*) for org.apache.commons.lang3.ArrayUtils.removeAllOccurrences(*). * Requires jdk >= 1.8 * Add more SystemUtils.IS_JAVA_XX variants * Adding the Functions class * Add @FunctionalInterface to ThreadPredicate and ThreadGroupPredicate * Add isEmpty method to ObjectUtils * null-safe StringUtils.valueOf(char[]) to delegate to String.valueOf(char[]). * Add API org.apache.commons.lang3.SystemUtils.isJavaVersionAtMost(JavaVersion) * Consolidate the StringUtils equals and equalsIgnoreCase * Add OSGi manifest apache-commons-logging: - Do not build against the log4j12 packages, use the new reload4j (jsc#SLE-23217) apache-commons-math: - Provide apache-commons-math version 3.6.1 (jsc#SLE-23217) apache-commons-net: - Update from version 3.6 to version 3.9.0 (jsc#SLE-23217) * CVE-2021-37533: FTP client trusts the host from PASV response by default (bsc#1206018) * Build with source and target levels 8 apache-commons-ognl: - Provide apache-commons-ognl version 4.0-20191021git51cf8f4. (jsc#SLE-23217) apache-commons-parent: - Update apache-commons-parent from version 47 to version 52. (jsc#SLE-23217) * For a full changelog, please visit: https://github.com/apache/commons-parent/compare/commons-parent-47...rel/commons-parent-52 apache-commons-pool2: - Provide apache-commons-pool2 2.4.2 and solve installation issues. (jsc#SLE-23217) - There are no source changes. apache-commons-text: - Provide apache-commons-text version 1.10.0 (jsc#SLE-23217) * CVE-2022-42889: code execution when processing untrusted input due to insecure interpolation defaults. (bsc#1204284) * This is a new dependency of maven-javadoc-plugin. * Build with ant in order to avoid build cycles. apache-ivy: - Upgrade from version 2.4.0 to version 2.5.1. (jsc#SLE-23217) * CVE-2022-37866: path traversal via user-supplied pattern (bsc#1205142) * CVE-2022-37865: apache-ivy: Apache Ivy allow create/overwrite any file on the system. (bsc#1205138) * Breaking: + Removed old `fr\jayasoft\ivy\ant\antlib.xml` AntLib definition file. * Force building with JDK < 14, since it imports statically a class removed in JDK14. * Change dependencies for the httpclient to httpcomponents-client instead of apache-commons-httpclient. apache-logging-parent: - Update apache-logging-parent from version 2 to version 5. (jsc#SLE-23217) * Do not require maven-local, since it can be handled by javapackages-local apache-parent: - Check upstream source signature apache-pdfbox: - Update apache-pdfbox from version 1.8.16 to version 2.0.23. (jsc#SLE-23217) * CVE-2021-27807: infinite loop while loading a crafted PDF file. (bsc#1184356) * CVE-2021-27906: OutOfMemory-Exception while loading a crafted PDF file. (bsc#1184357) * Fix build with bouncycastle 1.71 and the new bcutil artifact * Build with source/target levels 8 * Package all resources in pdfbox module * Improve document signing * Allow reuse of subsetted fonts by inverting the ToUnicode CMap * Improve performance in signature validation * Add more checks to PDFXrefStreamParser and reduce memory footprint * Use StringBuilder for key in PDDeviceN.toRGBWithTintTransform() * Don't use RGB loop in PDDeviceN.toRGBWithTintTransform() * Add source signature and keyring * Move from 1.x release line to the 2.x one. This is a ABI change * Generate the ant build system from the maven one and customize it. apache-resource-bundles: - Provide apache-resource-bundles version 2 (jsc#SLE-23217) * This package contains templates for generating necessary license files and notices for all Apache releases. * This is a build dependency of apache-sshd apache-sshd: - Provide apache-sshd version 2.7.0 as dependency of eclipse-jgit (jsc#SLE-23217) apiguardian: - Build with source and target levels 8 (jsc#SLE-23217) aqute-bnd: - Update aqute-bnd from version 3.5.0 to version 5.2.0. (jsc#SLE-23217) * ant plugin is in separate artifact. * Produce bytecode compatible with Java 8 * Port to OSGI 7.0.0 * Require aqute-bndlib args4j: - Build with source and target levels 8 (jsc#SLE-23217) asm3: - Build with source and target levels 8 (jsc#SLE-23217) atinject: - Update atinject from version 1+20100611git1f74ea7 to version 1+20160610git1f74ea7. (jsc#SLE-23217) * Alias to the new jakarta name * Fetch the sources using a source service * Do not use the upstream build.sh, but use it to write a necessary part directly to the spec file * Build with source/target levels 8 * Fix build with javadoc 17. auto: - Update auto from version 1.3 to version 1.6.1. (jsc#SLE-23217) * Provide the auto-value-annotations artifact needed by google-errorprone * Provide auto-service-annotations and fix dependencies issues. avalon-framework: - Do not build against the log4j12 packages, use the new reload4j. (jsc#SLE-23217) avalon-logkit: - Do not build against the log4j12 packages, use the new reload4j. (jsc#SLE-23217) - Do not build the org.apache.log.output.lf5 package aws-sdk-java: - Build with java source and target levels 8. (jsc#SLE-23217) - Build against the standalone JavaEE modules unconditionally - Double the maximum memory for javadoc to avoid out-of-memory on certain architectures - Force generating javadoc with maven-javadoc-plugin, since the xmvn javadoc mojo doesn't work here. axis: - Require glassfish-activation-api in order to prevent missing APIs when running the ant task. (jsc#SLE-23217) - Unify the dependency on glassfish-activation-api instead of jaf and gnu-jaf. (jsc#SLE-23217) - On systems where the JavaEE modules exist, allow building against newer versions of APIs (jsc#SLE-23217) - Alias relevant artifacts to org.apache.axis (jsc#SLE-23217) - Do not build against the log4j12 packages, use the new reload4j (jsc#SLE-23217) - Require Java >= 1.8 (jsc#SLE-23217) base64coder: - Provide base64coder 20101219 and solve installation issues. (jsc#SLE-23217) - There are no source changes. beust-jcommander: - Provide beust-jcommander 1.71 and solve installation issues. (jsc#SLE-23217) - There are no source changes. bnd-maven-plugin: - Update bnd-maven-plugin from version 3.5.2 to version 5.2.0. (jsc#SLE-23217) * Produce bytecode compatible with Java 8 * Port to OSGI 7.0.0 * Require maven-mapping bouncycastle: - Update bouncycastle from version 1.64 to version 1.71. (jsc#SLE-23217) * Relevant fixes - CVE-2020-28052: OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password. (bsc#1180215) - CVE-2020-15522: Timing issue within the EC math library. (bsc#1186328) - Blake 3 output limit is enforced. - The PKCS12 KeyStore was relying on default precedence for its key Cipher implementation so was sometimes failing if used from the keytool. The KeyStore class now makes sure it uses the correct Cipher implementation. - ASN.1: More robust handling of high tag numbers and definite-length forms. - BCJSSE: Don't log sensitive system property values (GH#976). - The IES AlgorithmParameters object has been re-written to properly support all the variations of IESParameterSpec. - PGPPublicKey.getBitStrength() now properly recognises EdDSA keys. - In line with GPG the PGP API now attempts to preserve comments containing non-ascii UTF8 characters. - An accidental partial dependency on Java 1.7 has been removed from the TLS API. - Lightweight and JCA conversion of Ed25519 keys in the PGP API could drop the leading byte as it was zero. This has been fixed. - Marker packets appearing at the start of PGP public key rings could cause parsing failure. This has been fixed. - ESTService could fail for some valid Content-Type headers. This has been fixed. - CertificateFactory.generateCertificates()/generateCRLs() would throw an exception if extra data was found at the end of a PEM file even if valid objects had been found. Extra data is now ignored providing at least one object found. - PGP ArmoredInputStream now fails earlier on malformed headers. - Ed25519 keys being passed in via OpenSSH key spec are now validated in the KeyFactory. - Blowfish keys are now range checked on cipher construction. - The BasicConstraintsValidation class in the BC cert path validation tools has improved conformance to RFC 5280. - Fix various conversions and interoperability for XDH and EdDSA between BC and SunEC providers. - TLS: Prevent attempts to use KeyUpdate mechanism in versions before TLS 1.3. - Some BigIntegers utility methods would fail for BigInteger.ZERO. This has been fixed. - PGPUtil.isKeyRing() was not detecting secret sub-keys in its input. This has been fixed. - BCJSSE: Lock against multiple writers - a possible synchronization issue has been removed. - Certificates/CRLs with short signatures could cause an exception in toString() in the BC X509 Certificate implmentation - In line with latest changes in the JVM, SignatureSpis which don't require parameters now return null on engineGetParameters() - The RSA KeyFactory now always preferentially produces RSAPrivateCrtKey where it can on requests for a KeySpec based on an RSAPrivateKey - CMSTypedStream$FullReaderStream now handles zero length reads correctly - CMS with Ed448 using a direct signature was using id-shake256-len rather than id-shake256. - Use of GCMParameterSpec could cause an AccessControlException under some circumstances. - DTLS: Fixed high-latency HelloVerifyRequest handshakes. - An encoding bug for rightEncoded() in KMAC has been fixed. - For a few values the cSHAKE implementation would add unnecessary pad bytes where the N and S strings produced encoded data that was block aligned. - DLExternal would encode using DER encoding for tagged SETs. - ChaCha20Poly1305 could fail for large (>~2GB) files. - ChaCha20Poly1305 could fail for small updates when used via the provider. - Properties.getPropertyValue could ignore system property when other local overrides set. - The entropy gathering thread was not running in daemon mode, meaning there could be a delay in an application shutting down due to it. - A recent change in Java 11 could cause an exception with the BC Provider's implementation of PSS. - BCJSSE: TrustManager now tolerates having no trusted certificates. - BCJSSE: Choice of credentials and signing algorithm now respect the peer's signature_algorithms extension properly. * Additional Features and Functionality - Missing PGP CRC checksums can now be optionally ignored using setDetectMissingCRC() (default false) on ArmoredInputStream. - PGPSecretKey.copyWithNewPassword() now has a variant which uses USAGE_SHA1 for key protection if a PGPDigestCalculator is passed in. - PGP ASCII armored data now skips '\t', '\v', and '\f'. - PKCS12 files with duplicate localKeyId attributes on certificates will now have the incorrect attributes filtered out, rather than the duplicate causing an exception. - PGPObjectFactory will now ignore packets representing unrecognised signature versions in the input stream. - The X.509 extension generator will now accumulate some duplicate X.509 extensions into a single extension where it is possible to do so. - Removed support for maxXofLen in Kangaroo digest. - Ignore marker packets in PGP Public and Secret key ring collection. - An implementation of LEA has been added to the low-level API. - Access, recovery, and direct use for PGP session keys has been added to the OpenPGP API for processing encrypted data. - A PGPCanonicalizedDataGenerator has been added which converts input into canonicalized literal data for text and UTF-8 mode. - A getUserKeyingMaterial() method has been added to the KeyAgreeRecipientInformation class. - ASN.1: Tagged objects (and parsers) now support all tag classes. Special code for ApplicationSpecific has been deprecated and re-implemented in terms of TaggedObject. - ASN.1: Improved support for nested tagging. - ASN.1: Added support for GraphicString, ObjectDescriptor, RelativeOID. - ASN.1: Added support for constructed BitString encodings, including efficient parsing for large values. - TLS: Added support for external PSK handshakes. - TLS: Check policy restrictions on key size when determining cipher suite support. - A performance issue in KeccakDigest due to left over debug code has been identified and dealt with. - BKS key stores can now be used for collecting protected keys (note: any attempt to store such a store will cause an exception). - A method for recovering user keying material has been added to KeyAgreeRecipientInformation. - Support has been added to the CMS API for SHA-3 based PLAIN-ECDSA. - The low level BcDefaultDigestProvider now supports the SHAKEfamily of algorithms and the SM3 alogirthm. - PGPKeyRingGenerator now supports creation of key-rings with direct-key identified keys. - The PQC NIST candidate, signature algorithm SPHINCS+ has been added to the low-level API. - ArmoredInputStream now explicitly checks for a '\n' if in crLF mode. - Direct support for NotationDataOccurances, Exportable,Revocable, IntendedRecipientFingerPrints, and AEAD algorithm preferences has been added to PGPSignatureSubpacketVector. - Further support has been added for keys described using S-Expressions in GPG 2.2.X. - Support for OpenPGP Session Keys from the (draft) Stateless OpenPGP CLI has been added. - Additional checks have been added for PGP marker packets in the parsing of PGP objects. - A CMSSignedData.addDigestAlgorithm() has been added to allow for adding additional digest algorithm identifiers to CMS SignedData structures when required. - Support has been added to CMS for the LMS/HSS signature algorithm. - The system property 'org.bouncycastle.jsse.client.assumeOriginalHostName' (default false) has been added for dealing with SNI problems related to the host name not being propagate by the JVM. - The JcePKCSPBEOutputEncryptorBuilder now supports SCRYPT with ciphers that do not have algorithm parameters (e.g. AESKWP). - Support is now added for certificates using ETSI TS 103 097, 'Intelligent Transport Systems (ITS)' in the bcpkix package. - Added support for OpenPGP regular expression signature packets. - added support for OpenPGP PolicyURI signature packets. - A utility method has been added to PGPSecretKeyRing to allow for inserting or replacing a PGPPublicKey. - The NIST PQC Finalist, Classic McEliece has been added to the low level API and the BCPQC provider. - The NIST PQC Alternate Candidate, SPHINCS+ has been added to the BCPQC provider. - The NIST PQC Alternate Candidate, FrodoKEM has been added to the low level API and the BCPQC provider. - The NIST PQC Finalist, SABER has been added to the low level API and the BCPQC provider. - KMAC128, KMAC256 has been added to the BC provider (empty customization string). - TupleHash128, TupleHash256 has been added to the BC provider (empty customization string). - ParallelHash128, ParallelHash256 has been added to the BC provider (empty customization string, block size 1024 bits). - Two new properties: 'org.bouncycastle.rsa.max_size' (default 15360) and 'org.bouncycastle.ec.fp_max_size' (default 1042) have been added to cap the maximum size of RSA and EC keys. - RSA modulus are now checked to be provably composite using the enhanced MR probable prime test. - Imported EC Fp basis values are now validated against the MR prime number test before use. The certainty level of the prime test can be determined by 'org.bouncycastle.ec.fp_certainty' (default 100). - The BC entropy thread now has a specific name: 'BC-ENTROPY-GATHERER'. - Utility methods have been added for joining/merging PGP public keys and signatures. - Blake3-256 has been added to the BC provider. - DTLS: optimisation to delayed handshake hash. - Further additions to the ETSI 102 941 support in the ETSI/ITS package: certification request, signed message generation and verification now supported. - CMSSignedDataGenerator now supports the direct generation of definite-length data. - The NetscapeCertType class now has a hasUsages() method on it for querying usage settings on its bit string. - Support for additional input has been added for deterministic (EC)DSA. - The OpenPGP API provides better support for subkey generation. - BCJSSE: Added boolean system properties 'org.bouncycastle.jsse.client.dh.disableDefaultSuites' and 'org.bouncycastle.jsse.server.dh.disableDefaultSuites'. Default 'false'. Set to 'true' to disable inclusion of DH cipher suites in the default cipher suites for client/server respectively. - GCM-SIV has been added to the lightweight API and the provider. - Blake3 has been added to the lightweight API. - The OpenSSL PEMParser can now be extended to add specialised parsers. - Base32 encoding has now been added, the default alphabet is from RFC 4648. - The KangarooTwelve message digest has been added to the lightweight API. - An implementation of the two FPE algorithms, FF1 and FF3-1 in SP 800-38G has been added to the lightweight API and the JCE provider. - An implementation of ParallelHash has been added to the lightweight API. - An implementation of TupleHash has been added to the lightweight API. - RSA-PSS now supports the use of SHAKE128 and SHAKE256 as the mask generation function and digest. - ECDSA now supports the use of SHAKE128 and SHAKE256. - PGPPBEEncryptedData will now reset the stream if the initial checksum fails so another password can be tried. - Iterators on public and secret key ring collections in PGP now reflect the original order of the public/secret key rings they contain. - KeyAgreeRecipientInformation now has a getOriginator() method for retrieving the underlying orginator information. - PGPSignature now has a getDigestPrefix() method for people wanting exposure to the signature finger print details. - The old BKS-V1 format keystore is now disabled by default. If you need to use BKS-V1 for legacy reasons, it can be re-enabled by adding: org.bouncycastle.bks.enable_v1=true to the java.security file. We would be interested in hearing from anyone that needs to do this. - PLAIN-ECDSA now supports the SHA3 digests. - Some highlevel support for RFC 4998 ERS has been added for ArchiveTimeStamp and EvidenceRecord. The new classes are in the org.bouncycastle.tsp.ers package. - ECIES has now also support SHA256, SHA384, and SHA512. - digestAlgorithms filed in CMS SignedData now includes counter signature digest algorithms where possible. - A new property 'org.bouncycastle.jsse.config' has been added which can be used to configure the BCJSSE provider when it is created using the no-args constructor. - In line with changes in OpenSSL 1.1.0, OpenSSLPBEParametersGenerator can now be configured with a digest. - PGPKeyRingGenerator now includes a method for adding a subkey with a primary key binding signature. - Support for ASN.1 PRIVATE tags has been added. - Performance enhancements to Nokeon, AES, GCM, and SICBlockCipher. - Support for ecoding/decoding McElieceCCA2 keys has been added to the PQC API - BCJSSE: Added support for jdk.tls.maxCertificateChainLength system property (default is 10). - BCJSSE: Added support for jdk.tls.maxHandshakeMessageSize system property (default is 32768). - BCJSSE: Added support for jdk.tls.client.enableCAExtension (default is 'false'). - BCJSSE: Added support for jdk.tls.client.cipherSuites system property. - BCJSSE: Added support for jdk.tls.server.cipherSuites system property. - BCJSSE: Extended ALPN support via standard JSSE API to JDK 8 versions after u251/u252. - BCJSSE: Key managers now support EC credentials for use with TLS 1.3 ECDSA signature schemes (including brainpool). - TLS: Add TLS 1.3 support for brainpool curves per RFC 8734. - BCJSSE: Added support for system property com.sun.net.ssl.requireCloseNotify. Note that we are using a default value of 'true'. - BCJSSE: 'TLSv1.3' is now a supported protocol for both client and server. For now it is only enabled by default for the 'TLSv1.3' SSLContext, but can be explicitly enabled using 'setEnabledProtocols' on an SSLSocket or SSLEngine, or via SSLParameters. - BCJSSE: Session resumption is now also supported for servers in TLS 1.2 and earlier. For now it is disabled by default, and can be enabled by setting the boolean system property org.bouncycastle.jsse.server.enableSessionResumption to 'true'. - The provider RSA-PSS signature names that follow the JCA naming convention. - FIPS mode for the BCJSSE now enforces namedCurves for any presented certificates. - PGPSignatureSubpacketGenerator now supports editing of a pre-existing sub-packet list. - Performance improvement of Argon2 and Noekeon - A setSessionKeyObfuscation() method has been added to PublicKeyKeyEncryptionMethodGenerator to allow turning off of session key obfuscation (default is on, method primarily to get around early version GPG issues with AES-128 keys) - Implemented 'safegcd' constant-time modular inversion (as well as a variable-time variant). It has replaced Fermat inversion in all our EC code, and BigInteger.modInverse in several other places, particularly signers. This improves side-channel protection, and also gives a significant performance boost - Performance of custom binary ECC curves and Edwards Curves has been improved - BCJSSE: New boolean system property 'org.bouncycastle.jsse.keyManager.checkEKU' allows to disable ExtendedKeyUsage restrictions when selecting credentials (although the peer may still complain) - Initial support has been added for 'Composite Keys and Signatures For Use In Internet PKI' using the test OID. Please note there will be further refinements to this as the draft is standardised - The BC EdDSA signature API now supports keys implementing all methods on the EdECKey and XECKey interfaces directly - Further optimization work has been done on GCM - A NewHope based processor, similar to the one for Key Agreement has been added for trying to 'quantum hard' KEM algorithms - PGP clear signed signatures now support SHA-224 - Treating absent vs NULL as equivalent can now be configured by a system property. By default this is not enabled - Mode name checks in Cipher strings should now make sure an improper mode name always results in a NoSuchAlgorithmException - In line with changes in OpenSSL, the OpenSSLPBKDF now uses UTF8 encoding - The qTESLA signature algorithm has been updated to v2.8 (20191108). - BCJSSE: Client-side OCSP stapling now supports status_request_v2 extension. - Support has been added for 'ocsp.enable', 'ocsp.responderURL' and PKIXRevocationChecker for users of Java 8 and later. - Support has been added for 'org.bouncycastle.x509.enableCRLDP' to the PKIX validator. - BCJSSE: Now supports system property 'jsse.enableFFDHE' - BCJSSE: Now supports system properties 'jdk.tls.client.SignatureSchemes' and 'jdk.tls.server.SignatureSchemes'. - Multi-release support has been added for Java 11 XECKeys. - Multi-release support has been added for Java 15 EdECKeys. - The MiscPEMGenerator will now output general PrivateKeyInfo structures. - A new property 'org.bouncycastle.pkcs8.v1_info_only' has been added to make the provider only produce version 1 PKCS8 PrivateKeyInfo structures. - The PKIX CertPathBuilder will now take the target certificate from the target constraints if a specific certificate is given to the selector. - BCJSSE: A range of ARIA and CAMELLIA cipher suites added to supported list. - BCJSSE: Now supports the PSS signature schemes from RFC 8446 (TLS 1.2 onwards). - Performance of the Base64 encoder has been improved. - The PGPPublicKey class will now include direct key signatures when checking for key expiry times. - LMS and HSS (RFC 8554) support has been added to the low level library and the PQC provider. - SipHash128 support has been added to the low level library and the JCE provider. - BCJSSE: BC API now supports explicitly specifying the session to resume. - BCJSSE: Ed25519, Ed448 are now supported when TLS 1.2 or higher is negotiated (except in FIPS mode). - BCJSSE: Added support for extended_master_secret system properties: jdk.tls.allowLegacyMasterSecret, jdk.tls.allowLegacyResumption, jdk.tls.useExtendedMasterSecret. - BCJSSE: Ed25519, Ed448 are now supported when TLS 1.2 or higher is negotiated (except in FIPS mode). - BCJSSE: KeyManager and TrustManager now check algorithm constraints for keys and certificate chains. - BCJSSE: KeyManager selection of server credentials now prefers matching SNI hostname (if any). - BCJSSE: KeyManager may now fallback to imperfect credentials (expired, SNI mismatch). - BCJSSE: Client-side OCSP stapling support (beta version: via status_request extension only, provides jdk.tls.client.enableStatusRequestExtension, and requires CertPathBuilder support). - TLS: DSA in JcaTlsCrypto now falls back to stream signing to work around NoneWithDSA limitations in default provider. * Notes - The deprecated QTESLA implementation has been removed from the BCPQC provider. - The submission update to SPHINCS+ has been added. This changes the generation of signatures - particularly deterministic ones. - While this release should maintain source code compatibility, developers making use of some parts of the ASN.1 library will find that some classes need recompiling. Apologies for the inconvenience. - There is a small API change in the PKIX package to the DigestAlgorithmIdentifierFinder interface as a find() method that takes an ASN1ObjectIdentifier has been added to it. For people wishing to extend their own implementations, see DefaultDigestAlgorithmIdentifierFinder for a sample implementation. - A version of the bcmail API supporting Jakarta Mail has now been added (see bcjmail jar). - Some work has been done on moving out code that does not need to be in the provider jar. This has reduced the size of the provider jar and should also make it easier for developers to patch the classes involved as they no longer need to be signed. bcpkix and bctls are both dependent on the new bcutil jar. - The qTESLA update breaks compatibility with previous versions. Private keys now include a hash of the public key at the end, and signatures are no longer interoperable with previous versions. - Add build dependencies on mvn(jakarta.activation:jakarta.activation-api) and mvn(jakarta.mail:jakarta.mail-api) - Remove unneeded script bouncycastle_getpoms.sh from sources - Build against the standalone JavaEE modules unconditionally - Build with source/target levels 8 - Add glassfish-activation-api dependency so that we can build with JDK that does not contain the JavaEE modules - Add bouncycastle_getpoms.sh to get pom files from Maven repos - Add OSGi manifests to the distributed jars so that they can be used from eclipse (default enabled protocols). bsf: - Provide bsf 2.4.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. bsh2: - Provide bsh2 2.0.0.b6 and solve installation issues. (jsc#SLE-23217) - There are no source changes. cal10n: - Update cal10n from version 0.7.7 to version 0.8.1.10. (jsc#SLE-23217) * Fetch sources using source service from ch.qos git * Upgrade to the 10th commit after 0.8.1 calling it 0.8.1.10 * Add the cal10n-ant-task to built artifacts * This release adds JSR-269 support. In other words, verification of bundles can be performed at compilation time. See the related documentation for more details. * Fix issue with Eclipse not finding existing resources. Eclipse will find bundles located under 'src/main/resources' but still fail to find bundles located under 'src/test/resources/'. * When reading in bundles, the verify method in MessageKeyVerifier now uses the locale passed as parameter instead of always Locale.FR. * Update build.xml-0.7.7.tar.xz to build.xml-0.8.1.tar.xz with references to version 0.8.1 to build correctly versioned jar files. cbi-plugins: - Build only on architectures where eclipse is supported. (jsc#SLE-23217) - Do not build against the legacy version of guava any more. (jsc#SLE-23217) - Fix build with newer auto version by adding the auto-value-annotations artifact to the dependencies cdi-api: - Update cdi-api from version 1.2 to version 2.0.2. (jsc#SLE-23217) * Build with java source and target levels 8 * Remove dependency on glassfish-el cglib: - Update cglib from version 3.2.4 to version 3.3.0. (jsc#SLE-23217) * Remove links between artifacts and their parent since we are not building with maven * Don't inject true in cglib pom, as 3.3.0 already provides that option and it makes the POM xml incorrect. checker-qual: - Provide checker-qual version 3.22.0. (jsc#SLE-23217) * Checker Qual contains annotations (type qualifiers) that a programmer writes to specify Java code for type-checking by the Checker Framework. * This is a dependency of Guava classmate: - Provide classmate version 1.5.1 (jsc#SLE-23217) codemodel: - Provide codemodel version 2.6 (jsc#SLE-23217) codenarc: - Do not generate test stubs by gmavenplus-plugin, since we are not building or running tests during build. - Build with source and target levels 8 (jsc#SLE-23217) concurrentlinkedhashmap-lru: - Provide concurrentlinkedhashmap-lru version 1.3.2 (jsc#SLE-23217) decentxml: - Build with source and target levels 8 (jsc#SLE-23217) dom4j: - Build against the standalone JavaEE modules unconditionally. (jsc#SLE-23217) - Add alias to the new artifact coordinates org.dom4j:dom4j. (jsc#SLE-23217) - Add jaxb-api dependency for relevant distribution versions so that we can build with JDKs that do not include the JavaEE modules. (jsc#SLE-23217) ecj: - Update ecj from version 4.12 to version 4.18. (jsc#SLE-23217) * the encoding needs to be set for all JDK versions * Upgrade to eclipse 4.18 ecj * Switch java14api to java15api to be compatible to JDK 15 * Switch to JDK 11 for build a JDK 8 is not supported anymore by ecj * Switch java10api to java14api to be compatible to JDK 14 eclipse: - Update eclipse from version 4.9.0 to version 4.15. (jsc#SLE-23217) * Force building with Java 11, since tycho is not knowing about any Java >= 15 * Add support for riscv64 * Allow building with objectweb-asm 9.x * Do not require Java10 APIs artifact when building with java 11 * Fix unresolved symbols when trying to load libkeystorelinuxnative.so on platforms that have it * Build only on 64-bit architectures, since 32-bit support was dropped upstream * Fix build with gcc 10 * Build against jgit, since jgit-bootstrap does not exist * The dependencies of felix-scr changed. So stop linking xpp3 and kxml and link osgi.cmpn as symlink plugins. * Filter out the *SUNWprivate_1.1* symbols from requires eclipse-ecf: - Update eclipse-ecffrom version 3.14.1 to version 3.14.8. (jsc#SLE-23217) * Build against jgit, since jgit-bootstrap does not exist * Allow building with objectweb-asm 9.x * Force building with Java 11, since tycho is not knowing about any Java >= 15 eclipse-egit: - Update eclipse-egit from version 5.1.3 to version 5.11.0. (jsc#SLE-23217) * Needed because of change of eclipse-jgit to 5.11.0 * Force building with Java 11, since tycho is not knowing about any Java >= 15 * Build only on 64-bit architectures, since 32-bit support was dropped upstream eclipse-emf: - Update eclipse-emf from version 2.15.0~gitd1e5fdd to version 2.22.0. (jsc#SLE-23217) * Build against jgit, since jgit-bootstrap does not exist * Force building with Java 11, since tycho is not knowing about any Java >= 15 * Build only on 64-bit architectures, since 32-bit support was dropped upstream eclipse-jgit: - Update eclipse-jgit from version 5.1.3 to version 5.11.0. (jsc#SLE-23217) * Fix build against apache-sshd 2.7.0 * Restore java 8 compatibility when building with java 9+ * Split the build into two spec files instead of multibuild. One produces the maven artifacts, the jgit command-line and the other produces eclipse features. eclipse-license: - Update eclipse-license from version 2.0.1 to version 2.0.2. (jsc#SLE-23217) * Build only on architectures where eclipse is supported * Force building with Java 11, since tycho is not knowing about any Java >= 15 * Update the eclipse-license2 feature to 2.0.0 eclipse-swt: - Provide eclipse-swt version 4.9.0 for i586 architecture. (jsc#SLE-23217) ed25519-java: - Provide ed25519-java version 0.3.0. (jsc#SLE-23217) ee4j: - Provide ee4j veersion 1.0.7 exec-maven-plugin: - Update exec-maven-plugin from version 1.6.0 to version 3.0.0. (jsc#SLE-23217) extra166y: - Build with source and target levels 8 (jsc#SLE-23217) ezmorph: - Do not build against the log4j12 packages. (jsc#SLE-23217) - Build with source and target levels 8. (jsc#SLE-23217) felix-bundlerepository: - Provide felix-bundlerepository version 2.0.10. (jsc#SLE-23217) felix-gogo-command: - Remove forcing of maven.compiler.release, since it is not needed anymore. (jsc#SLE-23217) felix-gogo-runtime: - Rewrite the build system to ant so that is it possible to eventually avoid build cycles with maven-plugin-bundle built against felix-bundlerepository. (jsc#SLE-23217) felix-osgi-compendium: - Build with source and target levels 8 (jsc#SLE-23217) felix-osgi-foundation: - Build with source and target levels 8 (jsc#SLE-23217) felix-osgi-obr: - Provide felix-osgi-obr version 1.0.2. (jsc#SLE-23217) felix-scr: - Update felix-scr from version 2.0.14 to version 2.1.16. (jsc#SLE-23217) * Drop dependencies on kxml and xpp, use the system SAX implementation instead * Do not embed dependencies, use import-package instead felix-shell: - Rewrite the build system to ant so that is it possible to eventually avoid build cycles with maven-plugin-bundle built against felix-bundlerepository. (jsc#SLE-23217) - Build against OSGi R7 APIs felix-utils: - Update felix-utils from version 1.10.4 to version 1.11.4. (jsc#SLE-23217) * Migrate away from the old felix-osgi implementation fmpp: - Build with source and target levels 8 (jsc#SLE-23217) freemarker: - Update freemarker from version 2.3.28 to version 2.3.31. (jsc#SLE-23217) * Fix build with javacc 7.0.11 * Package the manual. Add build dependency on docbook5-xsl-stylesheets * On supported platforms, avoid building with OpenJ9, in order to prevent build cycles geronimo-specs: - Set version for the specs comming from tag 1_1_1 in order to avoid unexpanded version macros in pom files. - On supported platforms, avoid building with OpenJ9, in order to prevent build cycles. glassfish-activation: - Provide glassfish-activation version 1.2.0. (jsc#SLE-23217) glassfish-annotation-api: - Build with source and target levels 8 (jsc#SLE-23217) glassfish-dtd-parser: - Provide glassfish-dtd-parser version 1.4 (jsc#SLE-23217) glassfish-fastinfoset: - Provide glassfish-fastinfoset version 1.2.15. (jsc#SLE-23217) glassfish-jaxb-api: - Provide glassfish-activation version 2.4.0. (jsc#SLE-23217) glassfish-jaxb: - Provide glassfish-jaxb version 2.3.1. (jsc#SLE-23217) glassfish-jax-rs-api: - Change the tarball location, since the old location does not work anymore glassfish-jsp: - Build with source and target levels 8 (jsc#SLE-23217) glassfish-servlet-api: - Provide glassfish-servlet-api 3.1.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. glassfish-transaction-api: - Build with target source and target levels 8. (jsc#SLE-23217) - Specify specMode=javaee to be able to use newer spec-version-maven-plugin. gmavenplus-plugin: - Update gmavenplus-plugin from version 1.5 to version 1.13.1. (jsc#SLE-23217) * Relevant fixes: + Using bindAllProjectProperties and bindSessionUserOverrideProperties together can cause an NPE. + Certain AST transformations had classloader issues because 1.12.0 was no longer setting the context classloader. + The classloader project dependencies are loaded onto is reused between modules, so each module was a superset of all modules that preceded it. Also, the console, execute, and shell mojos didn't pass the classloader to use into the instantiated GroovyConsole/GroovyShell, so it accidentally was using the plugin classloader, even when configured to use PROJECT_ONLY classpath. Potentially breaking changes: This should be a non-breaking change (except for unusual situations that were relying on the previous incorrect behavior). However, since it's a significant change, there's a version bump for highlighitng the potential issue. + Disable system exits by default, to avoid potential thread safety issues. * Potentially breaking changes: changes the default of not allowing System.exits to allowing them. * Enhancements: + Add support for targetting Java 10, 11, 13, 14, 15, 17, 18. + Update Ant from 1.10.8 to 1.10.11. + Update Jansi to 2.x. + Change JDK compatibility check to also account for Java 16. + Some tweaks for Groovy 4 (most notably, invokedynamic is enabled by default for Groovy 4 and cannot be disabled). + New parameter (attachGroovyDocAnnotation) to enable attaching GroovyDoc annotation. + New parameter (parallelParsing) to enable parallel parsing (enabled by default with Groovy 4). + Remove previewFeatures parameter from stub generation goals, since it's not used there. + Ability to override classes used to generate GroovyDoc (#91) + Ability to override GStringTemplates used for GroovyDoc (#105) + Ability to bind overridden properties (by binding project properties and/or session user properties) (#72) + Ability to load a script when launching GroovyConsole (#165) + Change default GroovyDoc jar artifact type to javadoc, so its extension gets set to 'jar' by the artifact handler instead of 'groovydoc' by the default handler logic which uses the type for the extension in the case of unknown types (#151). + Add skipBytecodeCheck property and parameter, so if a Java version comes out the plugin doesn't recognize, you can use it without having to wait for an update. + Use groovy.ant.AntBuilder instead of groovy.util.AntBuilder (if available). + Support Java preview features (#125) + New goals to create GroovyDoc jars (#124) + Use the new 'groovy.console.ui.Console' package, if available, fall back to 'groovy.ui.Console' + [36] - Allow script files to be executed as filenames as well as URLs (see Significant changes of note for an example) + [41] - Verify Groovy version supports target bytecode (See Potentially breaking changes for a description) + [46] - Remove scriptExtensions config option + [31/58] - Goals not consistantly named / IntelliJ improperly adding stub directories to sources + [61] - You can now skip Groovydoc generation with new skipGroovyDoc property (Thanks rvenutolo!) + [45] - GROOVY-7423 (JEP 118) Support (requires Groovy 2.5.0-alpha-1 or newer and enabled with new parameters boolean property) * Potentially breaking changes: + 46 will break your build if you are using scriptExtensions. But the fix is simple, just the delete the configuration option and GMavenPlus will automatically do the right thing. + 41 will break your build if you were passing an invalid target bytecode. GMavenPlus will no longer allow Groovy to silently default to 1.4 or 1.5. It will verify that the bytecode is supported by your Groovy version (that is, the option exists in org.codehaus.groovy.control.CompilerConfiguration), and fail if it isn't. + 58 will require renaming goals testGenerateStubs to generateTestStubs and testCompile to compileTests. IntelliJ has hard-coded the goal names in their plugin, and these names will make IntelliJ work with both GMaven and GMavenPlus. + In order to support using the latest Maven plugins (and to make GMavenPlus easier to maintain), GMavenPlus now requires Java 6 or newer and Maven 3.0.1 or newer (previously was Java 5 or newer and Maven 2.2.1 or newer). + testStubsOutputDirectory and stubsOutputDirectory inadvertently got renamed to outputDirectory, which conflicts with the configuration in the compile and compileTests goals. You may need to setup separate executions with separate configurations for each if you need to set that configuration option. + The Jansi upgrade should generally be compatible, but could cause issues with scripts that were using Jansi 1.x specific classes. + If you were using the previewFeatures parameter without also including a compilation goal that would make that config valid, the build will fail because it's no longer a valid parameter. The fix would be to move that configuration to the appropriate execution(s). + GroovyDoc jars and test GroovyDoc jars will now be of type 'javadoc' and have extension 'jar'. Rather than type and extension 'groovydoc'. If you do not wish to transition to this new behavior, set the new artifactType or testArtifactType property to 'groovydoc' to revert to the previous behavior. Notes: while the artifact type of GroovyDoc jars has changed, the Maven classifier has not. It remains 'groovydoc', and you can still override that, just as before. + maven.groovydoc.skip property was renamed to skipGroovydoc so it matches the pattern of the other properties and won't seem to imply it's a property for a standard Maven plugin. + Using groovy.ant.AntBuilder instead of groovy.util.AntBuilder (when available on classpath). + Bundling Ant 1.10.7 instead of 1.10.5. + Bundling Ivy 2.5.0 instead of 2.4.0. + If you were using useSharedClasspath before, you will need to replace it with new values. Please, check the docuemntation for the full details. + Another notable difference is that when using this new configuration parameter in compile, compileTests, generateStubs, or generateTestStubs goals, now also uses the configurator to add the project dependencies to the classpath with the plugin's dependencies. Previously, this only happened in the goals other than the ones mentioned. + corrects an inadvertent breaking change made in 1.6.0 Please, check the documentation the full list of changes. + In addition, unused parameters have been removed: * addSources * -> skipTests * -> testSources * addStubSources * -> skipTests * -> sources * -> testSources * addTestSources * -> outputDirectory * -> skipTests * -> sources * addTestStubSources * -> sources * -> testSources * compile * -> skipTests * -> testSources * compileTests * -> sources * console * -> skipTests * execute * -> skipTests * generateStubs * -> skipTests * -> testSources * generateTestStubs * -> sources * groovydoc * -> skipTests * -> testSources * -> testGroovyDocOutputDirectory * groovydocTests * -> skipTests * -> sources * removeStubs * -> skipTests * -> sources * -> testSources * removeTestStubs * -> sources * -> testSources * shell * -> skipTests + Lastly, addTestStubSources and removeTestStubs now respect the skipTests flag, for consistency. * Notes: + Now officially requires Java 7 instead of 6. This is not a breaking change, however, since this was actually already required because of plexus-classworlds. This just wasn't discovered until an enforcer rule was added to check bytecode versions of dependencies. gmetrics: - Do not generate test stubs by gmavenplus-plugin, since we are not building or running tests during build. (jsc#SLE-23217) google-errorprone-annotations: - Provide google-errorprone-annotations 2.11.0. (jsc#SLE-23217) * This is a new dependency of Guava google-gson: - Update google-gson to version 2.8.9. (jsc#SLE-24261) * Make OSGi bundle's dependency on sun.misc optional. * Deprecate Gson.excluder() exposing internal Excluder class. * Prevent Java deserialization of internal classes. * Improve number strategy implementation. * Fix LongSerializationPolicy null handling being inconsistent with Gson. * Support arbitrary Number implementation for Object and Number deserialization. * Bump proguard-maven-plugin from 2.4.0 to 2.5.1. * Fix RuntimeTypeAdapterFactory depending on internal Streams class. * Build with Java >= 9 in order to produce a modular jar by compiling the module-info.java sources with all other classes built with release 8 and still compatible with Java 8 google-guice: - Avoid using xmvn-resolve and xmvn-install in order to avoid build cycles with new dependencies in dependent packages - Build only the NO_AOP version of the guice.jar and alias accordingly so that it provides both (jsc#SLE-23217) - Build with source/target 8 so that the default override from the interface can be used - Build javadoc with source level 8 - Do not build against the compatibility guava20 (jsc#SLE-23217) google-http-java-client: - Build with source and target levels 8 (jsc#SLE-23217) google-oauth-java-client: - Build with source and target levels 8 (jsc#SLE-23217) gpars: - Do not force building with java <= 15, since we now can run gradle-bootstrap with Java 17 too. (jsc#SLE-23217) - Build against the org.jboss.netty:netty artifact, since the compat versions are not existing any more - Build with source and target levels 8 gradle-bootstrap: - Update gradle-bootstrap from version 2.4.16 to version 2.4.21. (jsc#SLE-23217) * Regenerate to account for changes in gradle and groovy packages * Modify the launcher so that gradle-bootstrap can work with Java 17 * Adapt to the change in jline/jansi dependencies of gradle * The org.jboss.netty:netty artifact does not exist any more under compatibility versions * Regenerate to account for maven-resolver upgrade to 1.7.3 and the new added maven-resolver-named-locks artifact * Regenerate to account for aqute-bnd upgrade to 5.1.1 and related changes in other libraries * Regenerate to account for guava upgrade to 30.1.1 * Regenerate to account for groovy upgrade to 2.4.21 gradle: - Allow actually build gradle using Java 16+ - Modify the launcher so that gradle can work with Java 17 - Do not force building with java <= 15, since we now can run gradle-bootstrap with Java 17 too. (jsc#SLE-23217) - Build against jansi 2.x - Remove the jansi-native and hawtjni-runtime dependencies, since jansi 2.x does not depend on them - Fix build with maven-resolver 1.7.x - Remove from build dependencies some artifacts that are not needed - Add osgi-compendium to the dependencies, since newer qute-bnd uses it - Do not build against the legacy guava20 package any more - Port gradle 4.4.1 to guava 30.1.1 - Set source level to 1.8, since guava 30 uses default functions in interfaces, which is Java 8+ feature groovy: - Solve illegal reflective access with Java 16+ - Do not force building with java <= 15, since we now can run gradle-bootstrap with Java 17 too. (jsc#SLE-23217) - Add the content of org.gradle.jvmargs to to the forked jvm in root compileJava task - Fixes build with Java 17 - Port to build against jansi 2.4.0 - Build the whole with java source and target levels 8 - Resolve parameter ambiguities with recent Java versions - Remove a bogus dependency on old asm3 groovy18: - Fix build against jansi 2.4.0 - Port to use jline 2.x instead of 1.x - Do not fork the groovyc and java tasks in the ant build.xml file, so that the ANT_OPTS are propagated to the tasks - Fix build with jdk17 - Build with source and target levels 8. (jsc#SLE-23217) - Cast to Collection to help compiler to resolve ambiguities with new JDKs - Remove dependency on the old asm3 guava20: - Build with java source and target levels 8. (jsc#SLE-23217) - Add bundle manifest to the guava jar so that it might be usable from eclipse guava: - Update Guava from version 25.0 to version 30.1.1. (jsc#SLE-23217) * CVE-2020-8908: A temp directory creation vulnerability allows an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). (bsc#1179926) * Remove parent reference from ALL distributed pom files hamcrest: - Build with source/target levels 8 - Fix build with jdk17 hawtjni-maven-plugin: - Update hawtjni-maven-pluginfrom version 1.17 to version 1.18. (jsc#SLE-23217) * Build with java source and target levels 8 * Use commons-lang3 instead of the old commons-lang hawtjni-runtime: - Update hawtjni-runtime from version 1.17 to version 1.18. (jsc#SLE-23217) * Build with java source and target levels 8 * Use commons-lang3 instead of the old commons-lang * Use in the path of hawtjni-generator the asm-all.jar that is not modular. This solves some problems with ASM version mismatch. http-builder: - Build with source and target levels 8. (jsc#SLE-23217) - Do not require gmavenplus-plugin, since it is only necessary to generate test stubs, but we do not run tests during build httpcomponents-client: - Update httpcomponents-client from version 4.5.6 to version 4.5.12. (jsc#SLE-23217) * Build with source/target levels 8 httpcomponents-core: - Update httpcomponents-core from version 4.4.10 to version 4.4.13. (jsc#SLE-23217) * Build with source/target levels 8 icu4j: - Update icu4j from version 63.1 to version 71.1. (jsc#SLE-23217) * Remove build-dependency on java-javadoc, since it is not necessary with this version. * Updates to CLDR 41 locale data with various additions and corrections. * Adds phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * Adds support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as 'Hinglish'. * ICU 71 and CLDR 41 are minor releases, mostly focused on bug fixes and small enhancements. * Updates to the time zone data version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. * Unicode 13 (ICU-20893, same as in ICU 66) * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style and type * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches, and other tweaks to the code and data isorelax: - Build with java target and source version 1.8 (jsc#SLE-23217) istack-commons: - Provide istack-commons version 3.0.7 (jsc#SLE-23217) j2objc-annotations: - Provide j2objc-annotations version 2.2 (jsc#SLE-23217) * This is a new dependency of Guava jackson-modules-base: - Provide jackson-modules-base version 2.13.3 (jsc#SLE-23217) jackson-parent: - Update jackson-parent from version 2.10 to version 2.13. (jsc#SLE-23217) * Add 'mvnw' wrapper * 'JsonSubType.Type' should accept array of names * Jackson version alignment with Gradle 6 * Add '@JsonIncludeProperties' * Add '@JsonTypeInfo(use=DEDUCTION)' * Ability to use '@JsonAnyGetter' on fields * Add '@JsonKey' annotation * Allow repeated calls to 'SimpleObjectIdResolver.bindItem()' for same mapping * Add 'namespace' property for '@JsonProperty' (for XML module) * Add target 'ElementType.ANNOTATION_TYPE' for '@JsonEnumDefaultValue' (was missing for some reason) * 'JsonPattern.Value.pattern' retained as '', never (accidentally) exposed as 'null' * Remove `jackson-annotations` baseline dependency, version * Upgrade to oss-parent 43 (jacoco, javadoc plugin versions) * Remove managed junit version (due to [jackson-bom#43]), promoted higher up on parent pom stack (to 'jackson-base') * JDK baseline now JDK 8 jackson: - Remove all dependencies on asm3 - Build with java source and target levels 1.8 (jsc#SLE-23217) - Do not hardcode source and target levels, so that they can be overriden on command-line - Set classpath correctly so that the project builds with standalone JavaEE modules too jakarta-activation: - Provide jakarta-activation version 2.1.0. (jsc#SLE-23217) * Required by bouncycastle-jmail. jakarta-commons-discovery: - Distribute commons-discovery as maven artifact - Build with source and target levels 8 - Added build support for Enterprise Linux. jakarta-commons-modeler: - Update jakarta-commons-modeler from version 2.0 to version 2.0.1. (jsc#SLE-23217) * Build with java source and target levels 8 * Modeler 2.0.1 is binary and source compatible with Modeler 2.0 jakarta-mail: - Provide jakarta-mail version 2.1.0. (jsc#SLE-23217) * Requrired by bouncycastle-jmail. jakarta-taglibs-standard: - Provide jakarta-taglibs-standard 1.1.1 and solve installation issues. (jsc#SLE-23217) - There are no source changes. jandex: - Provide jandex version 2.4.2. (jsc#SLE-23217) janino: - Update janino from version 2.7.8 to version 3.1.6. (jsc#SLE-23217) * Build with source and target levels 8 * Require javapackages-tools * Provide commons-compiler subpackage that is needed by gradle jansi-native: - Build with source and target levels 8 (jsc#SLE-23217) jansi: - Update jansi from version 1.17.1 to version 2.4.0. (jsc#SLE-23217) * Build with source and target levels 8 * Give a possibility to load the native libjansi.so from system * Make the jansi package archful since it installs a native library and jni jar * Do not depend on jansi-native and hawtjni-runtime * Integrates jansi-native libraries jarjar: - Filter out the distributionManagement section from pom files, since we use aliases and not relocations - Drop maven2-plugin. (jsc#SLE-23217) jatl: - Build with source and target levels 8 (jsc#SLE-23217) javacc-maven-plugin: - Build with source and target levels 8 (jsc#SLE-23217) javacc: - Update javacc from version 7.0.4 to version 7.0.11. (jsc#SLE-23217) * The following changes are not upward compatible with the previous 7.0.5 version but have a very little impact on existing grammars. Main advantage is to prepare a more smooth upgrade with the upcoming javacc-8.0.0 major release. * C++ generation: renaming the option TOKEN_EXTENDS by TOKEN_SUPER_CLASS * C++ generation: renaming the option TOKEN_INCLUDES by TOKEN_INCLUDE * C++ generation: renaming the option PARSER_INCLUDES by PARSER_INCLUDE * C++ generation: renaming the option TOKEN_MANAGER_INCLUDES by TOKEN_MANAGER_INCLUDE * Add support for Java7 language features. * Allow empty type parameters in Java code of grammar files. * LookaheadSuccess creation performance improved. * Removing IDE specific files. * Declare trace_indent only if debug parser is enabled. * CPPParser.jj grammar added to grammars. * Build with Maven is working again. * WARNING: Required Java Platform: Standard Edition 7.0: known under Eclipse as JavaSE-1.7 * Build with source/target levels 8 java-cup: - Update java-cup from version 11a to version 11b. (jsc#SLE-23217) * Regenerate the generated files with newer flex * Fetch sources using source service java-cup-bootstrap: - Update java-cup-bootstrap from version 11a to version 11b. (jsc#SLE-23217) * Regenerate the generated files with newer flex * Fetch sources using source service javaewah: - Build with source and target levels 8 (jsc#SLE-23217) javamail: - Add alias to com.sun.mail:jakarta.mail needed by ant-javamail - Remove all parents, since this package is not built with maven - Assure that every dependency has a version, or at least 'any' and fixes use with gradle. (jsc#SLE-23217) - Build against the standalone JavaEE modules unconditionally - Build with source/target levels 8 - Add glassfish-activation-api dependency for relevant distribution versions to make buildable with JDK that does not contain the JavaEE modules javapackages-meta: - Fix requires not to have to redo the package on each javapackages-tools update. (jsc#SLE-23217) javapackages-tools: - Update javapackages-tools from version 5.3.0 to version 5.3.1. (jsc#SLE-23217) * Let maven_depmap.py generate metadata with dependencies under certain circumstances * Fix the python subpackage generation with python-rpm-macro * Support python subpackages for each flavor * Replace old nose with pytest gh#fedora-java/javapackages#86 * when building extra flavor, BuildRequire javapackages-filesystem: /etc/java is being cleaned out of the filesystems package. javaparser: - Update javaparser from version 3.3.5 to version 3.24.2. (jsc#SLE-23217) * Upgrade needed to be able to upgrade jctools and make them not depend hard on Java 8. For the full changelog, please refer to the official documentation. javassist: - Update javassist from version 3.23.1 to version 3.29.0. (jsc#SLE-23217) * Requires java >= 1.8 * Add OSGi manifest to the javassist.jar * For the full changelog, please check the official documentation. jboss-interceptors-1.2-api: - Build with source and target levels 8 (jsc#SLE-23217) jboss-websocket-1.0-api: - Build with source and target levels 8 (jsc#SLE-23217) jcache: - Provide jcache version 1.1.0 (jsc#SLE-23217) jcifs: - Build with source and target levels 8 (jsc#SLE-23217) jcip-annotations: - Provide jcip-annotations 1.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. jcsp: - Build with source and target levels 8 (jsc#SLE-23217) jctools: - Update jctools from version 2.1.2 to version 3.3.0. (jsc#SLE-23217) * Build with java source and target levels 8 * API Changes: * Removed MpscLinkedQueue7 and MpscLinkedQueue8 and consolidated into parent. This removes the need for the builder method on MpscLinkedQueue. * Deprecated QueueFactory and spec package classes. These are not used by any users and are only used for testing internally. * Removed some internal classes and reduced visibility of internal utilities where practical. The @InternalAPI tagging annotation is also used more extensively to discourage dependency. * XADD unbounded mpsc/mpmc queue: highly scalable linked array queues * New blocking consumer MPSC * Enhancements: * Xadd queues consumers can help producers * Update to latest JCStress * New features: * MpscBlockingConsumerArrayQueue * After long incubation and following a user request we move counters into core * Merging some experimental utils and we add a 'PaddedAtomicLong' * MpscBlockingConsumerArrayQueue::offerIfBelowThreshold is added jdependency: - Build with source and target levels 8 (jsc#SLE-23217) jdepend: - Update jdepend from version 2.9.1 to version 2.10. (jsc#SLE-23217) * Specify the source/target levels 8 on ant invocation * Official release that includes support for Java 8 constants * Updated license from BSD-3 Clause to MIT (as per LICENSE.md file). jdom: - Update jdom from version 1.1.1 to version 1.1.6. (jsc#SLE-23217) * CVE-2021-33813: XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request (bsc#1187446) * Remove unneeded dependency on glassfish-jaxb-api * Build against the standalone JavaEE modules unconditionally * Build with source/target levels 8 * Build against standalone jaxb-api on distributions that have JDK without the JavaEE modules * Alias the xom artifact to the new com.io7m.xom groupId * Update jaxen to version 1.1.6 * Increase java stack size to avoid overflow jdom2: - Update jdom2 from version 2.0.6 to version 2.0.6.1. (jsc#SLE-23217) * CVE-2021-33813: Fixed XXE issue in SAXBuilder that can cause a denial of service via a crafted HTTP request. (bsc#1187446) * Build with java-devel >= 1.7 jettison: - Update from version 1.3.7 to version 1.5.3 (jsc#SLE-23217) - CVE-2022-45685: Fixed stack overflow on malformed input. (bsc#1206400) - CVE-2022-45693: Fixed stack overflow when creating a JSON from a HashMap. (bsc#1206401) - CVE-2022-40149: Fixed stack overflow on malformed JSONs. (bsc#1203515) - CVE-2022-40150: Fixed infinite loop on non-terminated comments. (bsc#1203516) - Introducing new static methods to set the recursion depth limit - Incorrect recursion depth check in JSONTokener - Build with source and target levels 8 jetty-minimal: - Update jetty-minimal from version 9.4.43.v20210629 to version 9.4.48.v20220622 (jsc#SLE-23217) * CVE-2022-2047: Invalid URI parsing may produce invalid HttpURI.authority. (bsc#1201317) * CVE-2022-2048: Invalid HTTP/2 requests can lead to denial of service (bsc#1201316) * Make importing of package sun.misc optional since not all jdk versions export it * Build with java source and target levels 8 * Fix javadoc generation on JDK >= 13 * Option --write-module-graph produces wrong .dot file * ArrayTrie getBest fails to match the empty string entry in certain cases * For the full set of changes, please check the official documentation. jetty-websocket: - Update jetty-websocket from version 9.4.43.v20210629 to version 9.4.48.v20220622 (jsc#SLE-23217) * CVE-2022-2047: Invalid URI parsing may produce invalid HttpURI.authority. (bsc#1201317) * CVE-2022-2048: Invalid HTTP/2 requests can lead to denial of service (bsc#1201316) * Make importing of package sun.misc optional since not all jdk versions export it * Build with java source and target levels 8 * Fix javadoc generation on JDK >= 13 * Option --write-module-graph produces wrong .dot file * Make importing of package sun.misc optional since not all jdk versions export it jeuclid: - Update jeuclid from version 3.1.3 to version 3.1.9. (jsc#SLE-23217) * Build with source and target levels 8 * This version includes several changes and improvements. For the full overview please check the changelog. jflex: - Update jflex from version 1.4.3 to version 1.8.2. (jsc#SLE-23217) * Build against the standalone JavaEE modules unconditionally * Build against standalone glassfish-annotation-api for relevant distribution versions that have JDK that does not contain the JavaEE modules * Fix build with recent java-cup * Build the bootstrap package using ant with a generated build.xml * Build the non-bootstrap package using maven, since its dependency auto is already built with maven * Do not process auto-value-annotations in bootstrap build jflex-bootstrap: - Update jflex-bootstrap from version 1.4.3 to version 1.8.2. (jsc#SLE-23217) * Build against the standalone JavaEE modules unconditionally * Build against standalone glassfish-annotation-api for relevant distribution versions that have JDK that does not contain the JavaEE modules * Fix build with recent java-cup * Build the bootstrap package using ant with a generated build.xml * Build the non-bootstrap package using maven, since its dependency auto is already built with maven * Do not process auto-value-annotations in bootstrap build jformatstring: - Build with source and target levels 8 (jsc#SLE-23217) jgit: - Provide jgit version 5.11.0. (jsc#SLE-23217) * Fix build against apache-sshd 2.7.0 * Restore java 8 compatibility when building with java 9+ * Split the build into two spec files instead of multibuild. One produces the maven artifacts, the jgit command-line and the other produces eclipse features. jhighlight: - Build with source and target levels 8 (jsc#SLE-23217) jing-trang: - Update jing-trang from version 20151127 to version 20181222. (jsc#SLE-23217) * Avoid building old saxon validator in order to avoid dependency on old saxon6 * Do not use xmvn-tools, since this is a ring package * Package maven metadata * Use testng in build process * Require com.github.relaxng:relaxngDatatype >= 2011.1 * Require xml-resolver:xml-resolver jline: - Build with source and target levels 8 (jsc#SLE-23217) - Remove dependency on jansi-native and hawtjni-runtime - Fix jline build against jansi 2.4.x jline1: - Build with source and target levels 8 (jsc#SLE-23217) jna: - Update jna from version 5.4.0 to version 5.5.0. (jsc#SLE-23217) * Build with java source/target levels 8 * Features: * Add CoreFoundation, IOKit, and DiskArbitration mappings in c.s.j.p.mac. * c.s.j.p.mac.SystemB now extends c.s.j.p.unix.LibCAPI. * Add additional OSGi headers for the JNA bundle to support 32bit ARM (hardfloat) * Include Win32 COM utils (c.s.j.p.win32.com.util and c.s.j.p.win32.com.annotation) in OSGI bundle joda-convert: - Build with java source and target levels 8. (jsc#SLE-23217) - Do not use the legacy guava20 any more joda-time: - Build with source and target levels 8 (jsc#SLE-23217) jsch-agent-proxy: - Build with source and target levels 8 (jsc#SLE-23217) jsch: - Build with source and target levels 8 (jsc#SLE-23217) json-lib: - Do not build against the log4j12 packages - Build with source and target levels 8 (jsc#SLE-23217) - Do not depend on the old asm3 - Fix build with jdk17 - Specify source and target levels 8 for maven-antrun-plugin and for groovyc ant task jsonp: - Build with java source and target levels 8. (jsc#SLE-23217) - Build against standalone annotation api jsr-311: - Build with source and target levels 8 (jsc#SLE-23217) jtidy: - Build with java source and target levels 8. (jsc#SLE-23217) - Rewamp and simplify the build system junit: - Update junit from version 4.12 to version 4.13.2. (jsc#SLE-23217) * CVE-2020-1945: insecure temporary file vulnerability (bsc#1171696) * Build with source/target levels 8 junit5: - Update from version 5.5.2 to version 5.8.2. (jsc#SLE-23217) * This is a bugfix update. For the complete overview please check the documentation. jython: - Change dependencies to Python 3. (jsc#SLE-23217) - Build with java source and tartget level 1.8 jzlib: - Build with source and target levels 8 (jsc#SLE-23217) kryo: - Provide kryo 4.0.2 and solve installation issues. (jsc#SLE-23217) - There are no source changes. kxml: - Fetch the sources using https instead of http protocol. (bsc#1182284) - Specify java source and target levels 1.8 libreadline-java: - Provide libreadline-java 0.8.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. log4j: - Add dependency on standalone javax.activation-api that is not included in newer JDKs. (jsc#SLE-23217) logback: - Update logback from version 1.2.8 to version 1.2.11. (jsc#SLE-23217) * CVE-2021-42550: remote code execution through JNDI call from within its configuration file. (bsc#1193795) * Hardened logback's JNDI lookup mechanism to only honor requests in the java: namespace. All other types of requests are ignored. * SMTPAppender was hardened. * Temporarily removed DB support for security reasons. * Removed Groovy configuration support. As logging is so pervasive and configuration with Groovy is probably too powerful, this feature is unlikely to be reinstated for security reasons. * Set project.build.sourceEncoding property to ISO-8859-1 to avoid the new maven-resources-plugin chocking on trying to filter in UTF-8 encoding JKS (binary) resources * Do not build against the log4j12 packages lucene: - Update lucene from version 7.1.0 to version 8.5.0. (jsc#SLE-23217) * Do not abort compilation on html5 errors with javadoc 17 * Upgrade forbiddenapis to version 2.7; upgrade Groovy to 2.4.17. * Upgrade ecj to 3.19.0 to fix sporadic precommit javadoc issues * This update includes several API changes, runtime behavior, bugfixes and new features. For a full overview, please check the official documentation. maven: - Update maven from version 3.6.3 to version 3.8.5. (jsc#SLE-23217) * CVE-2021-26291: block repositories using http by default. (bsc#1188529) * CVE-2020-13956: incorrect handling of malformed URI authority component. (bsc#1177488) * Upgrade Maven Wagon to 3.5.1 * Upgrade Maven JAR Plugin to 3.2.2 * Upgrade Maven Parent to 35 * Upgrade Maven Resolver to 1.6.3 * Upgrade Maven Shared Utils to 3.3.4 * Upgrade Plexus Utils to 3.3.0 * Upgrade Plexus Interpolation to 1.26 * Upgrade Plexus Cipher and Sec Dispatcher to 2.0 * Upgrade Sisu Inject/Plexus to 0.3.5 * Upgrade SLF4J to 1.7.32 * Upgrade Jansi to 2.4.0 * Upgrade Guice to 4.2.2 * Fix syntax error with qdox 2.0.1 and method declarations containing the new keyword 'record' as name of variables * Fix build with modello-2.0.0 * Remove using of alternatives, since the symlinks are in a separate package that one can decide not to install and this is the only provider for mvn and mvnDebug links * Use libalternatives instead of update-alternatives. * Remove dependency on cglib and aopalliance, since the no_aop version of guice does not really depend on them * Fix build with the API incompatible maven-resolver 1.7.3 * Link the new maven-resolver-named-locks artifact too * Add upstream signing key and verify source signature * Do not build against the compatibility version guava20 any more, but use the default guava package * This update includes several bugfixes and new features. For a full overview, please check the official documentation. maven2: - Fix build with modello 2.0.0. (jsc#SLE-23217) - Build with source and target levels 8 maven-antrun-plugin: - Update maven-antrun-plugin from version 1.8 to version 3.0.0. (jsc#SLE-23217) * Removal of tasks (use target instead), sourceRoot and testSourceRoot parameters * Compatibility with new JDK versions * Build with java source and target levels 8 maven-archiver: - Build with source and target levels 8 (jsc#SLE-23217) maven-artifact-resolver: - Build with source and target levels 8 (jsc#SLE-23217) maven-artifact-transfer: - Update maven-artifact-transfer from version 0.11.0 to version 0.13.1. (jsc#SLE-23217) * Remove the old org.sonatype.aether dependencies, since we don't need maven 3.0.x * Build with source and target levels 8 * Do not use the legacy guava20 any more * Fix build against newer maven maven-assembly-plugin: - Update maven-assembly-plugin from version 3.2.0 to version 3.3.0. (jsc#SLE-23217) * Add Documentation for duplicateBehaviour option * Allow to override UID/GID for files stored in TAR * Apply try-with-resources * Use HTTPS instead of HTTP to resolve dependencies * Support concatenation of files maven-clean-plugin: - Build with source and target levels 8 (jsc#SLE-23217) maven-common-artifact-filters: - Build with source and target levels 8 (jsc#SLE-23217) maven-compiler-plugin: - Update maven-compiler-plugin from version 3.8.1 to version 3.10.1. (jsc#SLE-23217) * Remove deprecated mojos * Add flag to enable-preview java compiler feature * Add a boolean to generate missing package-info classes by default * Check jar files when determining if dependencies changed * Compile module descriptors with TestCompilerMojo * Changed dependency detection maven-dependency-analyzer: - Build with source and target levels 8. (jsc#SLE-23217) - Do not build against the legacy guava20 any more maven-dependency-plugin: - Update maven-dependency-plugin from version 3.1.1 to version 3.1.2. (jsc#SLE-23217) * Add a TOC to ease navigating to each goal usage * Add note on dependecy:tree -Dverbose support in 3.0+ * Perform transformation to artifact keys just once * Remove @param for a parameter which does not exists. * Remove newline and trailing space from log line. * Replace CapturingLog class with Mockito usage * Rewrite go-offline so it resembles resolve-plugins * Switch to asfMavenTlpPlgnBuild * Update ASM so it works with Java 13 * Upgrade maven-artifact-transfer to 0.11.0 * Upgrade maven-common-artifact-filters to 3.1.0 * Upgrade maven-dependency-analyzer to 1.11.1 * Upgrade maven-plugins parent to version 32 * Upgrade maven-shared-utils 3.2.1 * Upgrade parent POM from 32 to 33 * Upgrade plexus-archiver to 4.1.0 * Upgrade plexus-io to 3.1.0 * Upgrade plexus-utils to 3.3.0 * Use https for sigs, hashes and KEYS * Use sha512 checksums instead of sha1 maven-dependency-tree: - Update maven-dependency-tree from version 3.0 to version 3.0.1. (jsc#SLE-23217) * Build with java source and target levels 8 * Do not build against the legacy guava20 any more * Fixed JavaDoc issue for JDK 8 * maven-dependency-tree removes optional flag from managed dependencies * Change characters used to diplay trees to make relationships clearer * Pass source+target to m-invoker-p, easiest way to override default values of maven-compiler-plugin * Upgrade org.codehaus.plexus:plexus-component-metadata to 1.7.1 maven-doxia: - Fix build with modello 2.0.0 (jsc#SLE-23217) - Do not build against the log4j12 packages. (jsc#SLE-23217) - Fix the version of the log4j that doxia-module-fo needs at runtime. (jsc#SLE-23217) - Do not build against the legacy guava20 any more. (jsc#SLE-23217) maven-doxia-sitetools: - Fix build with modello 2.0.0 (jsc#SLE-23217) - Build with source and target levels 8 (jsc#SLE-23217) - Do not build against the legacy guava20 any more. (jsc#SLE-23217) maven-enforcer: - Build with source and target levels 8 (jsc#SLE-23217) maven-file-management: - Build with java source and target levels 8 (jsc#SLE-23217) - Fix build with modello 2.0.0 maven-filtering: - Update maven-filtering from version 3.1.1 to version 3.2.0 (jsc#SLE-23217) * Allow using a different encoding when filtering properties files * Upgrade plexus-interpolation to 1.25 * Upgrade maven-shared-utils to 3.2.1 * Upgrade plexus-utils to 3.1.0 * Upgrade parent to 32 * Upgrade maven-surefire/failsafe-plugin to 2.21.0 for JDK 10 * Upgrade maven-artifact-transfer to version 0.9.1 * Upgrade JUnit to 4.12 * Upgrade plexus-interpolation to 1.25 * Build with java source and target levels 8 * Do not build against legacy guava20 any more maven-install-plugin: - Update maven-install-plugin from version 2.5.2 to version 3.0.0. (jsc#SLE-23217) * Upgrade plexus-utils to 3.2.0 * Upgrade maven-plugins parent version 32 * Upgrade maven-plugin-testing-harness to 1.3 * Upgrade maven-shared-utils to 3.2.1 * Upgrade maven-shared-components parent to version 33 * Upgrade of commons-io to 2.5. maven-invoker: - Update maven-invoker from version 3.0.1 to version 3.1.0. (jsc#SLE-23217) * Build with java source and target levels 8 * Fixes build with maven-shared-utils 3.3.3 * Upgrade maven-shared-utils to 3.2.1 * Upgrade parent to 31 * Upgrade to JDK 7 minimum * Refactored to use maven-shared-utils instead of plexus-utils. * Remove hardcoded versions for plexus-component-annotations/plexus-component-metadata maven-jar-plugin: - Update maven-jar-plugin from version 3.2.0 to version 3.2.2. (jsc#SLE-23217) * Upgrade Maven Archiver to 3.5.2 * Upgrade Plexus Utils to 3.3.1 * Upgrade plexus-archiver 3.7.0 * Upgrade JUnit to 4.12 * Upgrade maven-plugins parent to version 32 * Build with java source and target levels 8 * Don't log a warning when jar will be empty and creation is forced * Reproducible Builds: make entries in output jar files reproducible (order + timestamp) maven-javadoc-plugin: - Update maven-javadoc-plugin from versionn 3.1.1. to version 3.3.2. (jsc#SLE-23217) * Fix build with modello 2.0.0 * Use the same encoding when writing and getting the stale data * Fixes build with utf-8 sources on non utf-8 platforms * Do not build against the legacy guava20 package anymore maven-mapping: - Provide maven-mapping version 3.0.0. (jsc#SLE-23217) * Required by bnd-maven-plugin maven-plugin-build-helper: - Update maven-plugin-build-helper from version 1.9.1 to version 3.2.0. (jsc#SLE-23217) * Set a property based on the maven.build.timestamp * rootlocation does not correctly work * Add profile to avoid showing warnings for maven plugin plugin goals not supported in m2e * Site: Properly showing 'value' tag on regex-properties usage page * Integration test reserve-ports-with-urls fails on windows maven-plugin-bundle: - Fix building with the new maven-reporting-api . (jsc#SLE-23217) - Build with the osgi bundle repository by default maven-plugin-testing: - Fix build against newer maven. (jsc#SLE-23217) - Do not build against the legacy guava20 package any more - Build with source and target levels 8 maven-plugin-tools: - Fix build with modello 2.0.0. (jsc#SLE-23217) - Do not force building with java-1_8_0-openjdk, since the package builds just fine with higher versions. - Do not build against the legacy guava20 package any more maven-remote-resources-plugin: - Update maven-remote-resources-plugin from version 1.5 to version 1.7.0. (jsc#SLE-23217) * use reproducible project.build.outputTimestamp * use sha512 checksums instead of sha1 * use https for sigs, hashes and KEYS * Upgrade plexus-utils from 3.0.24 to 3.1.0 * Upgrade plexus-interpolation to 1.25 * Upgrade JUnit to 4.12 * Upgrade parent to 32 * Upgrade maven-filtering to 3.1.1 * Upgrade plexus-resources from 1.0-alpha-7 to 1.0.1 * Avoid overwrite of the destination file if the produced contents is the same * Remove unused dependency maven-monitor * Upgrade to maven-plugins parent version 27 * Upgrade maven-plugin-testing-harness to 1.3 * Updated plexus-archiver * Build with source and target levels 8 maven-reporting-api: - Update maven-reporting-api from version 3.0 to version 3.1.0. (jsc#SLE-23217) * Build with source and target levels 8 * make build Reproducible * Upgrade to Doxia 1.11.1 maven-resolver: - Update maven-resolver from version 1.4.1 to version 1.7.3. (jsc#SLE-23217) * Build against the standalone JavaEE modules unconditionally * Remove the javax.annotation:javax.annotation-api dependency on distribution versions that do not incorporate the JavaEE modules * Add the glassfish-annotation-api jar to the build classpath * Upgrade Sisu Components to 0.3.4 * Upgrade SLF4J to 1.7.30 * Update mockito-core to 2.28.2 * Update Wagon Provider API to 3.4.0 * Update HttpComponents * Update Plexus Components * Remove synchronization in TrackingFileManager * Move GlobalSyncContextFactory to a separate module * Migrate from maven-bundle-plugin to bnd-maven-plugin * Support SHA-256 and SHA-512 as checksums * Upgrade Redisson to 3.15.6 * Change of API and incompatible with maven-resolver < 1.7 maven-resources-plugin: - Update maven-resources-plugin from version 3.1.0 to version 3.2.0. (jsc#SLE-23217) * ISO8859-1 properties files get changed into UTF-8 when filtered * Upgrade plexus-interpolation 1.26 * Add m2e lifecycle Metadata to plugin * make build Reproducible * Upgrade maven-plugins parent to version 32 * Upgrade plexus-utils 3.3.0 * Make Maven 3.1.0 the minimum version * Update to maven-filtering 3.2.0 * Build with java source and target levels 8 maven-shared-incremental: - Build with source and target levels 8 (jsc#SLE-23217) maven-shared-io: - Build with source and target levels 8 (jsc#SLE-23217) maven-shared-utils: - Update maven-shared-utils from version 3.2.1 to 3.3.3. (jsc#SLE-23217) * Commandline class shell injection vulnerabilities (bsc#1198833, CVE-2022-29599) * Build with source and target levels 8 * make build Reproducible * Upgrade maven-shared-parent to 32 * Upgrade parent to 31 maven-source-plugin: - Build with source and target levels 8 (jsc#SLE-23217) maven-surefire: - Build with source and target levels 8 (jsc#SLE-23217) - Update generate-tarball.sh to use https URL (bsc#1182708) maven-verifier: - Build with source and target levels 8 (jsc#SLE-23217) maven-wagon: - Provide maven-wagon 3.2.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. minlog: - Provide minlog 1.3.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. modello-maven-plugin: - Update modello-maven-plugin from version 1.10.0 to version 2.0.0. (jsc#SLE-23217) * Add Modello 2.0.0 model XSD * Build with java source and target levels 8 * Bump actions/cache to 2.1.6 * Bump actions/checkout to 2.3.4 * Bump actions/setup-java to 2.3.1 * Bump checkstyle to 9.3 * Bump jackson-bom to 2.13.1 * Bump jaxb-api to 2.3.1 * Bump jsoup to 1.14.3 * Bump junit to 4.13.1 * Bump maven-assembly-plugin to 3.3.0 * Bump maven-checkstyle-plugin to 3.1.1 * Bump maven-clean-plugin to 3.1.0 * Bump maven-compiler-plugin to 3.9.0 * Bump maven-dependency-plugin to 3.2.0 * Bump maven-enforcer-plugin to 3.0.0-M3 * Bump maven-gpg-plugin to 3.0.1 * Bump maven-jar-plugin to 3.2.2 * Bump maven-javadoc-plugin to 3.3.2 * Bump maven-jxr-plugin to 3.1.1 * Bump maven-pmd-plugin to 3.15.0 * Bump maven-project-info-reports-plugin to 3.1.2 * Bump maven-release-plugin to 3.0.0-M5 * Bump maven-resources-plugin to 3.2.0 * Bump maven-scm-publish-plugin to 3.1.0 * Bump maven-shared-resources to 4 * Bump maven-site-plugin to 3.10.0 * Bump maven-surefire-plugin to 2.22.2 * Bump maven-surefire-report-plugin to 2.22.2 * Bump maven-verifier-plugin to 1.1 * Bump mavenPluginTools to 3.6.4 * Bump org.eclipse.sisu.plexus to 0.3.5 * Bump persistence-api to 1.0.2 * Bump plexus-compiler-api to 2.9.0 * Bump plexus-compiler-javac to 2.9.0 * Bump plexus-utils to 3.4.1 * Bump plexus-velocity to 1.3 * Bump release-drafter/release-drafter to 5.18.0 * Bump snakeyaml to 1.30 * Bump stax2-api to 4.2.1 * Bump taglist-maven-plugin to 3.0.0 * Bump woodstox-core to 6.2.8 * Bump xercesImpl to 2.12.1 * Bump xercesImpl to 2.12.2 in /modello-plugins/modello-plugin-jsonschema * Bump xercesImpl to 2.12.2 in /modello-plugins/modello-plugin-xsd * Bump xml-apis to 2.0.2 * Bump xmlunit to 1.6 * Bump xmlunit-core to 2.9.0 * Depend on the jackson and jsonschema plugins too * Manage xdoc anchor name conflicts (2 classes with same anchor) * Migrate from codehaus:wstx to com.fasterxml.woodstox:woodstox-core 6.2.4 * Require Maven 3.1.1 * Security upgrade org.jsoup:jsoup to 1.14.2 modello: - Update modello from version 1.10.0 to version 2.0.0. (jsc#SLE-23217) * New features and improvements + Add Modello 2.0.0 model XSD + Manage xdoc anchor name conflicts (2 classes with same anchor) + Drop unnecessary check for identical branches + Require Maven 3.1.1 + Use a caching writer to avoid overwriting identical files + Migrate from codehaus:wstx to com.fasterxml.woodstox:woodstox-core 6.2.4 + Make location handling more memory efficient + Xpp3 extended writer + Refactor some old java APIs usage + Add a new field fileComment * Bug Fixes + Fix javaSource default value + Fix modello-plugin-snakeyaml * Dependency updates + Bump actions/cache to 2.1.6 + Bump actions/checkout from 2 to 2.3.4 + Bump actions/setup-java to 2.3.1 + Bump checkstyle to 9.3 + Bump jackson-bom to 2.13.1 + Bump jaxb-api from 2.1 to 2.3.1 + Bump jsoup from 1.14.2 to 1.14.3 + Bump junit from 4.12 to 4.13.1 + Bump junit from 4.12 to 4.13.1 in /modello-maven-plugin/src/it/maven-model + Bump maven-assembly-plugin from 3.2.0 to 3.3.0 + Bump maven-checkstyle-plugin from 2.15 to 3.1.1 + Bump maven-clean-plugin from 3.0.0 to 3.1.0 + Bump maven-compiler-plugin to 3.9.0 + Bump maven-dependency-plugin to 3.2.0 + Bump maven-enforcer-plugin from to 3.0.0-M3 + Bump maven-gpg-plugin from 1.6 to 3.0.1 + Bump maven-jar-plugin from 3.2.0 to 3.2.2 + Bump maven-javadoc-plugin to 3.3.2 + Bump maven-jxr-plugin from to 3.1.1 + Bump maven-pmd-plugin to 3.15.0 + Bump maven-project-info-reports-plugin from 3.1.1 to 3.1.2 + Bump maven-release-plugin from 3.0.0-M4 to 3.0.0-M5 + Bump maven-resources-plugin from 3.0.1 to 3.2.0 + Bump maven-scm-publish-plugin from 3.0.0 to 3.1.0 + Bump maven-shared-resources from 3 to 4 + Bump maven-site-plugin to 3.10.0 + Bump maven-surefire-plugin to 2.22.2 + Bump maven-surefire-report-plugin to 2.22.2 + Bump maven-verifier-plugin from 1.0 to 1.1 + Bump mavenPluginTools to 3.6.4 + Bump org.eclipse.sisu.plexus from 0.3.4 to 0.3.5 + Bump persistence-api from 1.0 to 1.0.2 + Bump plexus-compiler-api to 2.9.0 + Bump plexus-compiler-javac to 2.9.0 + Bump plexus-utils from 3.2.0 to 3.4.1 + Bump plexus-velocity from 1.2 to 1.3 + Bump release-drafter/release-drafter to 5.18.0 + Bump snakeyaml to 1.30 + Bump stax2-api from 4.2 to 4.2.1 + Bump taglist-maven-plugin to 3.0.0 + Bump woodstox-core to 6.2.8 + Bump xercesImpl from 2.12.1 to 2.12.2 in /modello-plugins/modello-plugin-jsonschema + Bump xercesImpl from 2.12.1 to 2.12.2 in /modello-plugins/modello-plugin-xsd + Bump xml-apis from 1.3.04 to 2.0.2 + Bump xmlunit from 1.2 to 1.6 + Bump xmlunit-core to 2.9.0 + Security upgrade org.jsoup:jsoup from 1.13.1 to 1.14.2 - Build with java source and target levels 8 - Build the jackson and jsonschema plugins too mojo-parent: - Update mojo-parent from version 40 to version 60. (jsc#SLE-23217) msv: - Build with source and target levels 8 (jsc#SLE-23217) multiverse: - Build with source and target levels 8 (jsc#SLE-23217) mx4j: - Build against the standalone JavaEE modules unconditionally (jsc#SLE-23217) - Depend on glassfish-activation-api instead of on gnu-jaf (jsc#SLE-23217) - Do not build against the log4j12 packages, use the new reload4j (jsc#SLE-23217) - Require for build gnu-jaf instead of a virtual jaf provider in order to avoid build cycles (jsc#SLE-23217) - On supported platforms, avoid building with OpenJ9, in order to prevent build cycles (jsc#SLE-23217) mybatis-parent: - Provide mybatis-parent version 31 (jsc#SLE-23217) mybatis: - Provide mybatis version 3.5.6 (jsc#SLE-23217) * CVE-2020-26945: remote code execution due to mishandles deserialization of object streams (bsc#1177568) mysql-connector-java: - Update mysql-connector-java from version 5.1.47 to version 8.0.29. (jsc#SLE-23217) * CVE-2021-2471: mysql-connector-java: unauthorized access (bsc#1195557) * CVE-2020-2875, CVE-2020-2933, CVE-2020-2934: Vulnerability in the MySQL Connectors product of Oracle MySQL (bsc#1173600) * Historically, MySQL has used utf8 as an alias for utf8mb3. Since release 8.0.29, utf8mb3 has become a recognized (though deprecated) character set on its own for MySQL Server. Therefore, Connector/J has added utf8mb3 to its character set mapping, and users are encouraged to update to Connector/J 8.0.29 to avoid potential issues when working with MySQL Server 8.0.29 or later. * A new connection property socksProxyRemoteDns has been added, which, when set to true, makes the SocksProxySocketFactory execute its own connect() implementation that passes the unresolved InetSocketAddress of a MySQL Server host to the created proxy socket, instead of having the address resolved locally. * The code for prepared statements has been refactored to make the code simpler and the logic for binding more consistent between ServerPreparedStatement and ClientPreparedStatement. * Connector/J now supports Fast Identity Online (FIDO) Authentication. See Connecting Using Fast Identity Online (FIDO) Authentication for details. * Do not build against the log4j12 packages, use the new reload4j * This update provide several fixes and enhancements. Please, check the chenges for a full overview. nailgun: - Build with source and target levels 8 (jsc#SLE-23217) native-platform: - Build with source and target levels 8 (jsc#SLE-23217) nekohtml: - Update nekohtml from version 1.9.22 to version 1.9.22.noko2. (jsc#SLE-23217) * CVE-2022-28366: Uncontrolled Resource Consumption in nekohtml. (bsc#1198404) * CVE-2022-24839: Denial of service via crafted Processing Instruction (PI) input. (bsc#1198739) * Use the security patched fork at https://github.com/sparklemotion/nekohtml * Build with source and target levels 8 netty3: - Remove dependency on javax.activation. (jsc#SLE-23217) - Build again against mvn(log4j:log4j). (jsc#SLE-23217) - Use the standalone JavaEE modules unconditionally - Remove the compat versions, since the io.netty:netty artifact coordinates exist only in version 3.x. (jsc#SLE-23217) netty-tcnative: - Update netty-tcnative to version 2.0.36. (jsc#SLE-23217) * Upgrade to OpenSSL 1.1.1i * Update to latest openssl version for static build * Update to LibreSSL 3.1.4 * Update to latest stable libressl release * Cleanup BoringSSL TLSv1.3 support and consistent handle empty ciphers. * Support TLSv1.3 with compiling against boringssl * Return 0 for SSL_OP_NO_TLSv1_3 when TLSv1.3 is not supported. * Allow to load a private key from the OpenSSL engine. * Support KeyManagerFactory if compiled against OpenSSL < 1.0.2 but using OpenSSL >= 1.0.2 at runtime. * Build with java source and target levels 1.8 objectweb-asm: - Update objectweb-asm from version 7.2 to version 9.3. (jsc#SLE-23217) * new Opcodes.V19 constant for Java 19 * new size() method in ByteVector * checkDataFlow option in CheckClassAdapter can now be used without valid maxStack and maxLocals values * New Maven BOM * Build asm as modular jar files to be used as such by java >= 9 * Leave asm-all.jar as a non-modular jar * JDK 18 support * Replace -debug flag in Printer with -nodebug (-debug continues to work) * New V15 constant * Experimental support for PermittedSubtypes and RecordComponent * This update provide several fixes and enhancements. Please, check the chenges for a full overview. objenesis: - Fix build with javadoc 17 (jsc#SLE-23217) opentest4j: - Update opentest4j from version 1.0.0 to version 1.2.0. (jsc#SLE-23217) * Build with java source and target levels 8 * Remove unused dependency on commons-codec * Rename serialized output file for clarity * Create an OSGi compatible MANIFEST.MF oro: - Build with source and target levels 8 (jsc#SLE-23217) osgi-annotation: - Update osgi-annotation from version 6.0.0 to version 7.0.0. (jsc#SLE-23217) * Build with source and target levels 8 osgi-compendium: - Update osgi-compendium from version 6.0.0 to version 7.0.0. (jsc#SLE-23217) * Build with source and target levels 8 osgi-core: - Update osgi-core from version 6.0.0 to version 7.0.0. (jsc#SLE-23217) * Build with source and target levels 8 os-maven-plugin: - Update os-maven-plugin from version 1.2.3 to version 1.7.0. (jsc#SLE-23217) * Build with java source and target levels 8 * Changes: + Added a new property os.detected.arch.bitness + Added detection of RISC-V architecture, riscv + Added an abstraction layer for System property and file system access + Added thread safety information to Maven plugin metadata so that Maven doesn't warn about thread safety anymore + Added detection of z/OS operating system + Added m2e life cycle mapping metadata so os-maven-plugin works better with Eclipse m2e + Added support for MIPS and MIPSEL 32/64-bit architecture mips_32 - if the value is one of: mips, mips32 mips_64 - if the value is mips64 mipsel_32 - if the value is one of: mipsel, mips32el mipsel_64 - if the value is mips64el + Added support for PPCLE 32-bit architecture ppcle_32 - if the value is one of: ppcle, ppc32le + Added support for IA64N and IA64W architecture itanium_32 - if the value is ia64n itanium_64 - if the value is one of: ia64, ia64w (new), itanium64 + Fixed classpath conflicts due to outdated Guava version in transitive dependencies + Fixed incorrect prerequisite paradise: - Build with source and target levels 8 (jsc#SLE-23217) paranamer: - Build with source and target levels 8 (jsc#SLE-23217) parboiled: - Build with source and target levels 1.8 (jsc#SLE-23217) pegdown: - Build with source and target levels 8 (jsc#SLE-23217) picocli: - Update picocli from version 4.0.4 to version 4.6.2. (jsc#SLE-23217) * Full changes from previous versions are in https://github.com/remkop/picocli/blob/v4.6.2/RELEASE-NOTES.md plexus-ant-factory: - Build with source and target levels 8 (jsc#SLE-23217) plexus-archiver: - Do not compile the test build against the legacy guava20 any more. (jsc#SLE-23217) plexus-bsh-factory: - Build with source and target levels 8 (jsc#SLE-23217) plexus-build-api: - Build with source and target levels 8 (jsc#SLE-23217) - Fix an error of tag in javadoc plexus-cipher: - Update plexus-cipher from version 1.7 to version 2.0. (jsc#SLE-23217) * Switch from Sonatype to Plexus * Switch to the Eclipse sisu-maven-plugin * Bump junit from 4.12 to 4.13.1 * Bump plexus from 6.5 to 8 * Fix surefire warnings * This version is needed by maven 3.8.4 and plexus-sec-dispatcher 2.0 plexus-classworlds: - Update plexus-classworlds from version 2.5.2 to version 2.6.0. (jsc#SLE-23217) * Modular java JPMS support plexus-cli: - Do not compile/run tests against the legacy guava20 package. (jsc#SLE-23217) - Build with java source and target levels 8. (jsc#SLE-23217) - Replace raw java.util.List with typed java.util.List interface - The GnuParser and OptionBuilder classes are deprecated in commons-cli since version 1.3 plexus-compiler: - Update plexus-compiler from version 2.8.2 to version 2.11.1. (jsc#SLE-23217) * Plexus testing is a dependency with scope test * Removed: jikes compiler * New features and improvements + add paremeter to configure javac feature --enable-preview + make java 11 as project base but keep javac release 8, we will be able to upgrade ecj and errorprone + Bump plexus-components from 6.5 to 6.6 and upgrade to junit5 + add adopt-openj9 build + Fix AspectJ basics + fix methods of lint and warning + Add new showLint compiler configuration + add jdk distribution to the matrix + Added primitive support for --processor-module-path + Refactor and add unit tests for support for multiple --add-exports custom compiler arguments + Add Maven Compiler Plugin compiler it tests + Close StandardJavaFileManager + Use latest ecj from official Eclipse release * Bug fixes: + [eclipse-compiler] Resort sources to have module-info.java first + Issue #106: Retain error messages from annotation processors + Issue #147: Support module-path for ECJ + Issue #166: Fix maven dependencies + eclipse compiler: set generated source dir even if no annotation processor is configured + CSharp compiler: fix role + Eclipse compiler: close the StandardJavaFileManager + Use plexus annotations rather than doclet to fix javadoc with java11 + fix Java15 build + Update Error prone 2.4 + Rename method, now that EA of JDK 16 is available + Eclipse Compiler Support release specifier instead of source/target + Issue #73: Use configured file encoding for JSR-199 Eclipse compiler * Dependency updates + Bump actions/cache to 2.1.6 + Bump animal-sniffer-maven-plugin to 1.21 + Bump aspectj.version from 1.9.2 to 1.9.6 + Bump assertj-core from 3.21.0 to 3.22.0 + Bump ecj to 3.28.0 + Bump error_prone_core to 2.10.0 + Bump junit to 4.13.2 + Bump junit-jupiter-api from 5.8.1 to 5.8.2 + Bump maven-artifact from 2.0 to 2.2.1 + Bump maven-enforcer-plugin from 3.0.0-M3 to 3.0.0 + Bump maven-invoker-plugin from 3.2.1 to 3.2.2 + Bump maven-settings from 2.0 to 2.2.1 + Bump plexus-component-annotations to 2.1.1 + Bump plexus-components to 6.6 and upgrade to junit5 + Bump release-drafter/release-drafter to 5.18.1 * needed by the latest maven-compiler-plugin * Rewrite the plexus metadata generation in the ant build files plexus-component-api: - Build with source and target levels 8 (jsc#SLE-23217) plexus-component-metadata: - Update plexus-component-metadata from version 2.1.0 to version 2.1.1. (jsc#SLE-23217) * Build using asm >= 7 * Build with java source and target levels 8 plexus-containers: - Update plexus-containers from version 2.1.0 to version 2.1.1. (jsc#SLE-23217) * This is the last version before deprecation * Security upgrade org.jdom:jdom2 from 2.0.6 to 2.0.6.1 * Build with java source and target levels 8 * Upgrade ASM to 9.2 * Requires Java 7 and Maven 3.2.5+ plexus-i18n: - Build with java source and target levels 8 (jsc#SLE-23217) - Do not compile/run tests against the legacy guava20 package (jsc#SLE-23217) plexus-interactivity: - Build with source and target levels 8 (jsc#SLE-23217) plexus-interpolation: - Build with java source and target levels 1.8 plexus-io: - Do not build/run tests against the legacy guava20 package (jsc#SLE-23217) plexus-languages: - Update plexus-languages from version 1.0.3 to version 1.1.1. (jsc#SLE-23217) * Build using java >= 9 * Build as multirelease modular jar * Fix builds with a mix of modular and classic jar files * generate-tarball.sh: use safe temporary directory, avoid accidental deletion of *.jar, *.class in the current working directory. plexus-metadata-generator: - Update plexus-metadata-generator from version 2.1.0 to version 2.1.1 (jsc#SLE-23217) * Build using asm >= 7 * Build with java source and target levels 8 * Do not use the deprecated plexus-cli functions, but port the generator to the recommended replacement plexus-resources: - Build with source and target levels 8 (jsc#SLE-23217) plexus-sec-dispatcher: - Update plexus-sec-dispatcher from version 1.4 to version 2.0. (jsc#SLE-23217) * Fix build with modello-2.0.0 * Changes: + Bump plexus-utils to 3.4.1 + Bump plexus from 6.5 to 8 + Switch from Sonatype to Plexus + Update pom to use modello source 1.4 * needed for maven 3.8.4 and plexus-cipher 2.0 plexus-utils: - Update plexus-utils from version 3.3.0 to version 3.3.1. (jsc#SLE-23217) * Build with source and target levels 8 (jsc#SLE-23217) * Don't ignore valid SCM files * This is the latest version still supporting Java 8 plexus-velocity: - Do not compiler/run the test build against legacy guava20 anymore. (jsc#SLE-23217) - Build with java source and target levels 8. (jsc#SLE-23217) - Simplify the build file and remove tests which depend onapache-commons-lang. (jsc#SLE-23217) qdox: - Update qdox from version 2.0.M9 to version 2.0.1. (jsc#SLE-23217) * Don't use deprecated inputstreamctor option * Add Automatic-Module-Name to the manifest * Generate ant build file from maven pom and build using ant * Update jflex-maven-plugin to 1.8.2 * Changes: * Support Lambda Expression * Add SEALED / NON_SEALED tokens * CodeBlock for Annotation with FieldReference should prefix field with canonical name * Add UnqualifiedClassInstanceCreationExpression * Add reference to grammar documentation and hints to transform it * Support Text Blocks * Support Sealed Classes * Support records * Get interface via javaProjectBuilder.getClassByName reflectasm: - Build with source and target levels 8 (jsc#SLE-23217) regexp: - Build with source and target levels 8 (jsc#SLE-23217) relaxngcc: - Provide relaxngcc version 1.12 (jsc#SLE-23217) relaxngDatatype: - Build with source and target levels 8 (jsc#SLE-23217) reload4j: - Update from version 1.2.19 to version 1.2.20. (jsc#SLE-23217) * Build with source/target levels 8 * For enabled logging statements, the performance of iterating on appenders attached to a logger has been significantly improved. replacer: - Build with source and target levels 8 (jsc#SLE-23217) rhino: - Update rhino from version 1.7R3 to version 1.7.14. (jsc#SLE-23217) sat4j: - Build with source and target levels 8 (jsc#SLE-23217) saxon9: - Build with source and target levels 8 (jsc#SLE-23217) sbt-launcher: - Build with source/target levels 8 (jsc#SLE-23217) - Fix build against ivy 2.5.0 sbt: - Do not depend on hawtjni-runtime and jansi-native anymore (jsc#SLE-23217) - Fix build against maven 3.8.5 - Fix build against apache-ivy 2.5.0 - Override javax.inject:javax:inject artifact coordinates in order to be able to build against newer atinject versions if needed - Fix build with maven-resolver 1.7.3 - Build package as noarch, since it does not have archfull binaries - Build with java 8 scala-pickling: - Build with source and target levels 8 (jsc#SLE-23217) scala: - No longer package /usr/share/mime-info (bsc#1062631) * Drop scala.keys and scala.mime source files. (jsc#SLE-23217) - Fix the scala build to find correctly the jansi.jar file - Make the package that links the jansi.jar file archfull - Bootstrap the build with our own built jar instead of downloading prebuilt binaries from www.scala-lang.org servletapi4: - Provide servletapi4 4.0.4 and solve installation issues. (jsc#SLE-23217) - There are no source changes. signpost-core: - Build with source and target levels 8 (jsc#SLE-23217) sisu: - Update siu from version 0.3.3 to version 0.3.5 (jsc#SLE-23217) * Remove dependency on glassfish-servlet-api * Relax bytecode check in scanner so it can scan up to and including Java14 * Support reproducible builds by sorting generated javax.inject.Named index * Build with java source and target levels 8 * Change to generate maven meta-data using the %%add_maven_depmap so that it can be built before the xmvn-tools slf4j: - Update slf4j from version 1.7.30 to version 1.7.36. (jsc#SLE-23217) * Don't use %%mvn_artifact, but %%add_maven_depmap * In the jcl-over-slf4j module avoid Object to String conversion. * In the log4j-over-slf4j module added empty constructors for ConsoleAppender. * In the slf4j-simple module, SimpleLogger now caters for concurrent access. * Fix build against reload4j * Fix dependencies of the module slf4j-log4j12 * Depend for build on reload4j * Do not use a separate spec file for sources. * slf4j-log4j12 artifact automatically instructs Maven to use the slf4j-reload4j artifact instead. * slf4j releases are now reproducible. * Build with source/target levels 8 * Add symlink to reload4j -> log4j12 for applications that expect that name. snakeyaml: - Update snakeyaml from version 1.31 to version 1.33. (jsc#SLE-23217) * Output error grow the rhn_web_ui.log rapidly (bsc#1204173) * CVE-2022-38752: Uncaught exception in java.base/java.util.ArrayList.hashCode (bsc#1203154) spec-version-maven-plugin: - Update spec-version-maven-plugin from 1.2 version to version 2.1 (jsc#SLE-23217) * Support both the jakarta.* and the javax.* apis * Build with java source and target levels 8 stax2-api: - Build with source and target levels 8 (jsc#SLE-23217) stax-ex: - Provide stax-ex version 1.8 (jsc#SLE-23217) stringtemplate4: - Build with source and target levels 8 (jsc#SLE-23217) string-template-maven-plugin: - Build with source and target levels 8 (jsc#SLE-23217) stringtemplate: tagsoup: - Build with source and target levels 8 (jsc#SLE-23217) template-resolver: - Build with source and target levels 8 (jsc#SLE-23217) tesla-polyglot: - Update tesla-polyglot from version 0.2.1 to version 0.4.5. (jsc#SLE-23217) * Build with source and target levels 8 * Remove upper bound for JDK version to allow Java 11 and newer * polyglot-kotlin - revert automatic source folder setting to koltin * Update xstream version in test resources to avoid security alerts * Avoid assumption about replacement pom file being readable * Upgrade scala-maven-plugin, clojure-maven-plugin and Clojure * polyglot-kotlin: Set source folders to kotlin * Upgrade to kotlin 1.3.60 * Provide a mechanism to override properties of a polyglot build * TeslaModelProcessor.locatePom(File) ignores files ending in.xml * Use platform encoding in ModelReaderSupport * Invoker plugin update * takari parent update * plexus-component-metadata update to 2.1.0 * maven-enforcer-plugin update to 3.0.0-M3 * polyglot-kotlin: Avoid IllegalStateException * polyglot-kotlin: improved support for IntelliJ Idea usage * polyglot-kotlin: kotlin update and numerous improvements to more idiomatic kotlin * polyglot-common: + Execute tasks are now installed with inheritable set to false + The ExecuteContext interface now has default implementations + The ExecuteContext now includes getMavenSession() + the ExecuteContext now includes getLog() to comport with Java bean conventions. The log() operation has been deprecated. + the ExecuteContext now includes getBasedir() to comport with Java bean conventions. The basedir() operation has been deprecated. * polyglot-kotlin: + Updates Kotlin to 1.3.21 + Includes support for Maven's ClassRealm + Includes full support for the entire Maven model + Includes support for execute tasks via as inline lambdas or as external scripts. + Resolves ClassLoader issues that affected integration with IntelliJ IDEA * polyglot-java: fixed depMgt conversion * polyglot-ruby: java9+ support improvement * added polyglot-kotlin * polyglot-scala: + Convenience methods for Dependency (classifier, intransitive, % (scope)) + Support reporting-section in pom + Added default value for pom property modelversion (4.0.0) + Updated used Scala Version (2.11.12) + Made output dir to pom.scala files compilation configurable via system property polyglot.scala.outputdir + Improved support and docs for configuration elements of plugins * Upgrade to latest takari-pom parent * polyglot-yaml: Support for xml attributes * polyglot-yaml: exclude pomFile property from serialization * polyglot-java: Linux support and test fixes * polyglot-java: Moved examples into polyglot-maven-examples * Updated Scala version * Scala warning fixes * polyglot-scala: Scala syntax friendly include preprocessor * Added link to user of yml version * polyglot-scala: Use Zinc server for Scala module * polyglot-scala: Support more valid XML element name chars in dynamic Config * Experimental addition of Java as polyglot language. test-interface: - Build with source and target levels 8 (jsc#SLE-23217) testng: - Update testng from version 6.14.3 to version 7.4.0. (jsc#SLE-23217) * CVE-2020-11022: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (bsc#1190663) * CVE-2020-11023: jquery: Untrusted code execution while passing HTML containing