From sle-container-updates at lists.suse.com Fri Mar 1 08:02:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Mar 2024 09:02:57 +0100 (CET) Subject: SUSE-CU-2024:756-1: Recommended update of suse/sle15 Message-ID: <20240301080257.63548F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:756-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.411 Container Release : 9.5.411 Severity : moderate Type : recommended References : 1212475 1219123 1219189 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:734-1 Released: Thu Feb 29 13:16:38 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.7 (released 2024-02-06) includes fixes to the compiler, the go command, the runtime, and the crypto/x509 package. (bsc#1212475 go1.21 release tracking) * go#63209 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21 * go#63768 runtime: pinner.Pin doesn't panic when it says it will * go#64497 cmd/go: flag modcacherw does not take effect in the target package * go#64761 staticlockranking builders failing on release branches on LUCI * go#64935 runtime: 'traceback: unexpected SPWRITE function runtime.systemstack' * go#65023 x/tools/go/analysis/unitchecker,slices: TestVetStdlib failing due to vet errors in panic tests * go#65053 cmd/compile: //go:build file version ignored when calling generic fn which has related type params * go#65323 crypto: rollback BoringCrypto fips-20220613 update * go#65351 cmd/go: go generate fails silently when run on a package in a nested workspace module * go#65380 crypto/x509: TestIssue51759 consistently failing on gotip-darwin-amd64_10.15 LUCI builder * go#65449 runtime/trace: frame pointer unwinding crash on arm64 during async preemption The following package changes have been done: - container-suseconnect-2.4.0-150000.4.50.2 updated - suse-build-key-12.0-150000.8.43.1 updated From sle-container-updates at lists.suse.com Fri Mar 1 08:03:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Mar 2024 09:03:03 +0100 (CET) Subject: SUSE-CU-2024:757-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240301080303.266C5F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:757-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.13 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.13 Container Release : 4.13 Severity : moderate Type : recommended References : 1212475 1219123 1219189 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:734-1 Released: Thu Feb 29 13:16:38 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.7 (released 2024-02-06) includes fixes to the compiler, the go command, the runtime, and the crypto/x509 package. (bsc#1212475 go1.21 release tracking) * go#63209 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21 * go#63768 runtime: pinner.Pin doesn't panic when it says it will * go#64497 cmd/go: flag modcacherw does not take effect in the target package * go#64761 staticlockranking builders failing on release branches on LUCI * go#64935 runtime: 'traceback: unexpected SPWRITE function runtime.systemstack' * go#65023 x/tools/go/analysis/unitchecker,slices: TestVetStdlib failing due to vet errors in panic tests * go#65053 cmd/compile: //go:build file version ignored when calling generic fn which has related type params * go#65323 crypto: rollback BoringCrypto fips-20220613 update * go#65351 cmd/go: go generate fails silently when run on a package in a nested workspace module * go#65380 crypto/x509: TestIssue51759 consistently failing on gotip-darwin-amd64_10.15 LUCI builder * go#65449 runtime/trace: frame pointer unwinding crash on arm64 during async preemption The following package changes have been done: - container-suseconnect-2.4.0-150000.4.50.2 updated - suse-build-key-12.0-150000.8.43.1 updated From sle-container-updates at lists.suse.com Fri Mar 1 08:03:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Mar 2024 09:03:10 +0100 (CET) Subject: SUSE-CU-2024:758-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240301080310.2929EF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:758-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.6 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.6 Container Release : 3.6 Severity : moderate Type : recommended References : 1212475 1219123 1219189 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:734-1 Released: Thu Feb 29 13:16:38 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.7 (released 2024-02-06) includes fixes to the compiler, the go command, the runtime, and the crypto/x509 package. (bsc#1212475 go1.21 release tracking) * go#63209 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21 * go#63768 runtime: pinner.Pin doesn't panic when it says it will * go#64497 cmd/go: flag modcacherw does not take effect in the target package * go#64761 staticlockranking builders failing on release branches on LUCI * go#64935 runtime: 'traceback: unexpected SPWRITE function runtime.systemstack' * go#65023 x/tools/go/analysis/unitchecker,slices: TestVetStdlib failing due to vet errors in panic tests * go#65053 cmd/compile: //go:build file version ignored when calling generic fn which has related type params * go#65323 crypto: rollback BoringCrypto fips-20220613 update * go#65351 cmd/go: go generate fails silently when run on a package in a nested workspace module * go#65380 crypto/x509: TestIssue51759 consistently failing on gotip-darwin-amd64_10.15 LUCI builder * go#65449 runtime/trace: frame pointer unwinding crash on arm64 during async preemption The following package changes have been done: - container-suseconnect-2.4.0-150000.4.50.2 updated - suse-build-key-12.0-150000.8.43.1 updated From sle-container-updates at lists.suse.com Fri Mar 1 08:05:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Mar 2024 09:05:45 +0100 (CET) Subject: SUSE-CU-2024:767-1: Recommended update of bci/golang Message-ID: <20240301080545.AEE40F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:767-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.2.14 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.2.14 Container Release : 2.14 Severity : important Type : recommended References : 1214934 1216752 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:641-1 Released: Wed Feb 28 09:13:19 2024 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1214934 This update for gcc7 fixes the following issues: - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. The following package changes have been done: - rpm-ndb-4.14.3-150400.59.7.1 updated - libasan4-7.5.0+r278197-150000.4.41.1 updated - libcilkrts5-7.5.0+r278197-150000.4.41.1 updated - libubsan0-7.5.0+r278197-150000.4.41.1 updated - cpp7-7.5.0+r278197-150000.4.41.1 updated - gcc7-7.5.0+r278197-150000.4.41.1 updated - container:sles15-image-15.0.0-36.11.8 updated From sle-container-updates at lists.suse.com Fri Mar 1 08:06:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Mar 2024 09:06:31 +0100 (CET) Subject: SUSE-CU-2024:769-1: Security update of bci/openjdk-devel Message-ID: <20240301080631.F3193F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:769-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.35 Container Release : 14.35 Severity : important Type : security References : 1220068 1220070 CVE-2024-25710 CVE-2024-26308 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:726-1 Released: Thu Feb 29 12:12:44 2024 Summary: Security update for Java Type: security Severity: important References: 1220068,1220070,CVE-2024-25710,CVE-2024-26308 This update for Java fixes the following issues: apache-commons-codec was updated to version 1.16.1: - Changes in version 1.16.1: * New features: + Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: + Correct error in Base64 Javadoc + Added minimum Java version in changes.xml + Documentation update for the org.apache.commons.codec.digest.* package + Precompile regular expression in UnixCrypt.crypt(byte[], String) + Fixed possible IndexOutOfBoundException in PhoneticEngine.encode method + Fixed possible ArrayIndexOutOfBoundsException in QuotedPrintableCodec.encodeQuotedPrintable() method + Fixed possible StringIndexOutOfBoundException in MatchRatingApproachEncoder.encode() method + Fixed possible ArrayIndexOutOfBoundException in RefinedSoundex.getMappingCode() + Fixed possible IndexOutOfBoundsException in PercentCodec.insertAlwaysEncodeChars() method + Deprecated UnixCrypt 0-argument constructor + Deprecated Md5Crypt 0-argument constructor + Deprecated Crypt 0-argument constructor + Deprecated StringUtils 0-argument constructor + Deprecated Resources 0-argument constructor + Deprecated Charsets 0-argument constructor + Deprecated CharEncoding 0-argument constructor - Changes in version 1.16.0: * Remove duplicated words from Javadocs * Use Standard Charset object * Use String.contains() functions * Avoid use toString() or substring() in favor of a simplified expression * Fixed byte-skipping in Base16 decoding * Fixed several typos, improve writing in some javadocs * BaseNCodecOutputStream.eof() should not throw IOException. * Javadoc improvements and cleanups. * Deprecated BaseNCodec.isWhiteSpace(byte) and use Character.isWhitespace(int). * Added support for Blake3 family of hashes * Added github/codeql-action * Bump actions/cache from v2 to v3.0.10 * Bump actions/setup-java from v1.4.1 to 3.5.1 * Bump actions/checkout from 2.3.2 to 3.1.0 * Bump commons-parent from 52 to 58 * Bump junit from 4.13.1 to 5.9.1 * Bump Java 7 to 8. * Bump japicmp-maven-plugin from 0.14.3 to 0.17.1. * Bump jacoco-maven-plugin from 0.8.5 to 0.8.8 (Fixes Java 15 builds). * Bump maven-surefire-plugin from 2.22.2 to 3.0.0-M7 * Bump maven-javadoc-plugin from 3.2.0 to 3.4.1. * Bump animal-sniffer-maven-plugin from 1.19 to 1.22. * Bump maven-pmd-plugin from 3.13.0 to 3.19.0 * Bump pmd from 6.47.0 to 6.52.0. * Bump maven-checkstyle-plugin from 2.17 to 3.2.0 * Bump checkstyle from 8.45.1 to 9.3 * Bump taglist-maven-plugin from 2.4 to 3.0.0 * Bump jacoco-maven-plugin from 0.8.7 to 0.8.8. apache-commons-compress was updated to version 1.26: - Changes in version 1.26: * Security issues fixed: + CVE-2024-26308: Fixed allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress (bsc#1220068) + CVE-2024-25710: Fixed loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress (bsc#1220070) * New Features: + Added and use ZipFile.builder(), ZipFile.Builder, and deprecate constructors + Added and use SevenZFile.builder(), SevenZFile.Builder, and deprecate constructors + Added and use ArchiveInputStream.getCharset() + Added and use ArchiveEntry.resolveIn(Path) + Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: + Check for invalid PAX values in TarArchiveEntry + Fixed zero size headers in ArjInputStream + Fixes and tests for ArInputStream + Fixes for dump file parsing + Improved CPIO exception detection and handling + Deprecated SkipShieldingInputStream without replacement (nolonger used) + Reuse commons-codec, don't duplicate class PureJavaCrc32C (removed package-private class) + Reuse commons-codec, don't duplicate class XXHash32 (deprecated class) + Reuse commons-io, don't duplicate class Charsets (deprecated class) + Reuse commons-io, don't duplicate class IOUtils (deprecated methods) + Reuse commons-io, don't duplicate class BoundedInputStream (deprecated class) + Reuse commons-io, don't duplicate class FileTimes (deprecated TimeUtils methods) + Reuse Arrays.equals(byte[], byte[]) and deprecate ArchiveUtils.isEqual(byte[], byte[]) + Added a null-check for the class loader of OsgiUtils + Added a null-check in Pack200.newInstance(String, String) + Deprecated ChecksumCalculatingInputStream in favor of java.util.zip.CheckedInputStream + Deprecated CRC32VerifyingInputStream.CRC32VerifyingInputStream(InputStream, long, int) + FramedSnappyCompressorOutputStream produces incorrect output when writing a large buffer + Fixed TAR directory entries being misinterpreted as files + Deprecated unused method FileNameUtils.getBaseName(String) + Deprecated unused method FileNameUtils.getExtension(String) + ArchiveInputStream.BoundedInputStream.read() incorrectly adds 1 for EOF to the bytes read count + Deprecated IOUtils.read(File, byte[]) + Deprecated IOUtils.copyRange(InputStream, long, OutputStream, int) + ZipArchiveOutputStream multi archive updates metadata in incorrect file + Deprecated ByteUtils.InputStreamByteSupplier + Deprecated ByteUtils.fromLittleEndian(InputStream, int) + Deprecated ByteUtils.toLittleEndian(DataOutput, long, int) + Reduce duplication by having ArchiveInputStream extend FilterInputStream + Support preamble garbage in ZipArchiveInputStream + Fixed formatting the lowest expressable DOS time + Dropped reflection from ExtraFieldUtils static initialization + Preserve exception causation in ExtraFieldUtils.register(Class) - Changes in version 1.25: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.25.0 - Changes in version 1.24: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.24.0 - Changes in version 1.23: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.23.0 - Changes in version 1.22: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.22 apache-commons-io was updated to version 2.15.1: - Changes in version 2.15.1: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.1 - Changes in version 2.15.0: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.0 - Changes in version 2.14.0: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.14.0 javapackages-meta: - Syncing the version with javapackages-tools 6.2.0 - Remove unnecessary dependencies maven was updated to version 3.9.6: - Changes in version 3.9.6: * Bugs fixed: + Error message when modelVersion is 4.0 is confusing * Improvements: + Colorize transfer messages + Support ${project.basedir} in file profile activation + Allow to exclude plugins from validation * Tasks: + Maven Resolver Provider classes ctor change + Undeprecate wrongly deprecated repository metadata + Deprecated `org.apache.maven.repository.internal.MavenResolverModule` + maven-resolver-provider: introduce NAME constants. * Dependency upgrade: + Updated to Resolver 1.9.16 + Upgraded Sisu version to 0.9.0.M2 + Upgraded Resolver version to 1.9.18 + Upgraded to parent POM 41 + Upgraded default plugin bindings maven-assembly-plugin: - Explicitely require commons-io:commons-io and commons-codec:common-codes artifacts that are optional in apache-commons-compress maven-doxia was updated to version 1.12.0: * Changes in version 1.12.0: + Upgraded to FOP 2.2 + Fixed rendering links and paragraphs inside tables + Rewrite .md and .markdown links to .html + Upgraded HttpComponents: httpclient to 4.5.8 and httpcore to 4.4.11 + Escape links to xml based figureGraphics image elements + SECURITY: Use HTTPS to resolve dependencies in Maven Build + Removed old Maven 1 and 2 info + Updated commons-lang to 3.8.1 + Dropped dependency to outdated Log4j + Fixed Java 7 compatibility that was broken + Import tests from maven-site-plugin + Fixed crosslinks starting with a dot in markdown files + Replace deprecated class from commons-lang + Fill in some generic types maven-doxia-sitetools was updated to version 1.11.1: - Changes in version 1.11.1: * Bugs fixed: + CLIRR can't find previous version * Improvements: + Removed all   in default-site-macros.vm and replace by a space + Improved documentation on site.xml inheritance vs interpolation * Tasks: + Deprecated Doxia Sitetools Doc Renderer * Dependency upgrade: + Fixed javadoc issues with JDK 8 when generating documentation + Wrong coordinates for jai_core: hyphen should be underscore + Use latest JUnit version 4.13.2 + Upgraded Plexus Utils to 3.3.0 + Upgraded Plexus Interpolation to 1.26 + Upgraded Maven Doxia to 1.10 + Upgraded Maven Doxia to 1.11.1 maven-jar-plugin was updated to version 3.3.0: - Changes in version 3.3.0: * Bugs fixed: + outputTimestamp not applied to module-info; breaks reproducible builds * Task: + Updated plugin (requires Maven 3.2.5+) + Java 8 as minimum * Dependency upgrade: + Upgraded Plexus Utils to 3.3.1 + Removed override for Plexus Archiver to fix order of META-INF/ and META-INF/MANIFEST.MF entries + Upgraded Parent to 36 + Updated Plexus Utils to 3.4.2 + Upgraded Parent to 37 maven-jar-plugin was updated to version 3.6.0: - Changes from version 3.6.0: * Bugs fixed: + Setting maven.javadoc.isoffline seems to have no effect + javadoc site is broken for projects that contain modules + Alternative doclet page points to an SEO spammy page + [REGRESSION] Transitive dependencies of docletArtifact missing + Unresolvable link in javadoc tag with value ResourcesBundleMojo#getAttachmentClassifier() found in ResourcesBundleMojo + IOException --> NullPointerException in JavadocUtil.copyResource + JavadocReportTest.testExceptions is broken + javadoc creates invalid --patch-module statements + javadoc plugin can not deal with transitive filename based modules * Improvements: + Clean up deprecated and unpreferred methods in JavadocUtil + Cleanup dependency declarations as best possible + Allow building javadoc 'the old fashioned way' after Java 8 * Tasks: + Dropped use of deprecated localRepository mojo parameter + Make build pass with Java 20 + Refresh download page * Dependency upgrade: + Updated to commons-io 2.13.0 + Updated plexus-archiver from 4.7.1 to 4.8.0 + Upgraded Parent to 40 - Changes from version 3.5.0: * Bugs fixed: + Invalid anchors in Javadoc and plugin mojo + Plugin duplicates classes in Java 8 all-classes lists + javadoc site creation ignores configuration parameters * Improvements: + Deprecated parameter 'stylesheet' + Parse stderr output and suppress informational lines + Link to Javadoc references from JDK 17 + Migrate components to JSR 330, get rid of maven-artifact-transfer, update to parent 37 * Tasks: + Removed remains of org.codehaus.doxia.sink.Sink * Dependency upgrades: + Upgraded plugins in ITs + Upgraded to Maven 3.2.5 + Updated Maven Archiver to 3.6.0 + Upgraded Maven Reporting API to 3.1.1/Complete with Maven Reporting Impl 3.2.0 + Upgraded commons-text to 1.10.0 + Upgraded Parent to 39 + Upgraded plugins and components maven-reporting-api was updated to version 3.1.1: - Restore binary compat for MavenReport maven-reporting-impl was updated to version 3.2.0: - Changes in version 3.2.0: * Improvement: + Render with a skin when report is run in standalone mode * Dependency upgrades: + Upgraded Maven Reporting API to 3.1.1 + Upgraded plugins and components in project and ITs maven-resolver was updated to version 1.9.18: - Changes in version 1.9.18: * Bugs fixed: + Sporadic AccessDeniedEx on Windows + Undo FileUtils changes that altered non-Windows execution path * Improvements: + Native transport should retry on HTTP 429 (Retry-After) * Task: + Deprecated Guice modules + Get rid of component name string literals, make them constants and reusable + Expose configuration for inhibiting Expect-Continue handshake in 1.x + Refresh download page + Resolver should not override given HTTP transport default use of expect-continue handshake maven-resources-plugin was updated to version 3.3.1: - Changes in version 3.3.1: * Bugs fixed: + Resource plugin's handling of symbolic links changed in 3.0.x, broke existing behavior + Resource copying not using specified encoding + java.nio.charset.MalformedInputException: Input length = 1 + Filtering of Maven properties with long names is not working after transition from 2.6 to 3.2.0 + Valid location for directory parameter is always required + Symlinks cause copying resources to fail + FileUtils.copyFile() fails with source file having `lastModified = 0` * New Features: + Added ability to flatten folder structure into target directory when copying resources * Improvements: + Make tests jar reproducible + Describe from and to in 'Copying xresources' info message * Task: + Dropped plexus legacy + Updated to parent POM 39, reformat sources + Updated plugin (requires Maven 3.2.5+) + Require Java 8 * Dependency upgrade: + Upgraded maven-plugin parent to 36 + Upgraded Maven Filtering to 3.3.0 + Upgraded plexus-utils to 3.5.1 + Upgraded to maven-filtering 3.3.1 sbt: - Fixed RPM package build with maven 3.9.6 and maven-resolver 1.9.18 xmvn: - Modify the xmvn-install script to work with new apache-commons-compress - Recompiling RPM package to resolve package building issues with maven-lib The following package changes have been done: - apache-commons-codec-1.16.1-150200.3.9.1 updated - apache-commons-io-2.15.1-150200.3.12.1 updated - maven-resolver-api-1.9.18-150200.3.17.2 updated - maven-resolver-util-1.9.18-150200.3.17.2 updated - maven-resolver-spi-1.9.18-150200.3.17.2 updated - maven-resolver-named-locks-1.9.18-150200.3.17.2 updated - maven-resolver-transport-file-1.9.18-150200.3.17.2 updated - maven-resolver-connector-basic-1.9.18-150200.3.17.2 updated - maven-resolver-transport-wagon-1.9.18-150200.3.17.2 updated - maven-resolver-impl-1.9.18-150200.3.17.2 updated - maven-resolver-transport-http-1.9.18-150200.3.17.2 updated - maven-lib-3.9.6-150200.4.21.2 updated - maven-3.9.6-150200.4.21.2 updated - container:bci-openjdk-11-15.5.11-15.16 updated From sle-container-updates at lists.suse.com Fri Mar 1 08:07:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Mar 2024 09:07:42 +0100 (CET) Subject: SUSE-CU-2024:772-1: Recommended update of suse/pcp Message-ID: <20240301080742.6DD90F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:772-1 Container Tags : suse/pcp:5 , suse/pcp:5-22.22 , suse/pcp:5.2 , suse/pcp:5.2-22.22 , suse/pcp:5.2.5 , suse/pcp:5.2.5-22.22 , suse/pcp:latest Container Release : 22.22 Severity : moderate Type : recommended References : 1214934 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:641-1 Released: Wed Feb 28 09:13:19 2024 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1214934 This update for gcc7 fixes the following issues: - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. The following package changes have been done: - cpp7-7.5.0+r278197-150000.4.41.1 updated - container:bci-bci-init-15.5-15.5-14.12 updated From sle-container-updates at lists.suse.com Sun Mar 3 08:04:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 3 Mar 2024 09:04:38 +0100 (CET) Subject: SUSE-CU-2024:791-1: Security update of bci/openjdk-devel Message-ID: <20240303080438.043DBFBA5@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:791-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-16.40 , bci/openjdk-devel:latest Container Release : 16.40 Severity : important Type : security References : 1220068 1220070 CVE-2024-25710 CVE-2024-26308 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:726-1 Released: Thu Feb 29 12:12:44 2024 Summary: Security update for Java Type: security Severity: important References: 1220068,1220070,CVE-2024-25710,CVE-2024-26308 This update for Java fixes the following issues: apache-commons-codec was updated to version 1.16.1: - Changes in version 1.16.1: * New features: + Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: + Correct error in Base64 Javadoc + Added minimum Java version in changes.xml + Documentation update for the org.apache.commons.codec.digest.* package + Precompile regular expression in UnixCrypt.crypt(byte[], String) + Fixed possible IndexOutOfBoundException in PhoneticEngine.encode method + Fixed possible ArrayIndexOutOfBoundsException in QuotedPrintableCodec.encodeQuotedPrintable() method + Fixed possible StringIndexOutOfBoundException in MatchRatingApproachEncoder.encode() method + Fixed possible ArrayIndexOutOfBoundException in RefinedSoundex.getMappingCode() + Fixed possible IndexOutOfBoundsException in PercentCodec.insertAlwaysEncodeChars() method + Deprecated UnixCrypt 0-argument constructor + Deprecated Md5Crypt 0-argument constructor + Deprecated Crypt 0-argument constructor + Deprecated StringUtils 0-argument constructor + Deprecated Resources 0-argument constructor + Deprecated Charsets 0-argument constructor + Deprecated CharEncoding 0-argument constructor - Changes in version 1.16.0: * Remove duplicated words from Javadocs * Use Standard Charset object * Use String.contains() functions * Avoid use toString() or substring() in favor of a simplified expression * Fixed byte-skipping in Base16 decoding * Fixed several typos, improve writing in some javadocs * BaseNCodecOutputStream.eof() should not throw IOException. * Javadoc improvements and cleanups. * Deprecated BaseNCodec.isWhiteSpace(byte) and use Character.isWhitespace(int). * Added support for Blake3 family of hashes * Added github/codeql-action * Bump actions/cache from v2 to v3.0.10 * Bump actions/setup-java from v1.4.1 to 3.5.1 * Bump actions/checkout from 2.3.2 to 3.1.0 * Bump commons-parent from 52 to 58 * Bump junit from 4.13.1 to 5.9.1 * Bump Java 7 to 8. * Bump japicmp-maven-plugin from 0.14.3 to 0.17.1. * Bump jacoco-maven-plugin from 0.8.5 to 0.8.8 (Fixes Java 15 builds). * Bump maven-surefire-plugin from 2.22.2 to 3.0.0-M7 * Bump maven-javadoc-plugin from 3.2.0 to 3.4.1. * Bump animal-sniffer-maven-plugin from 1.19 to 1.22. * Bump maven-pmd-plugin from 3.13.0 to 3.19.0 * Bump pmd from 6.47.0 to 6.52.0. * Bump maven-checkstyle-plugin from 2.17 to 3.2.0 * Bump checkstyle from 8.45.1 to 9.3 * Bump taglist-maven-plugin from 2.4 to 3.0.0 * Bump jacoco-maven-plugin from 0.8.7 to 0.8.8. apache-commons-compress was updated to version 1.26: - Changes in version 1.26: * Security issues fixed: + CVE-2024-26308: Fixed allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress (bsc#1220068) + CVE-2024-25710: Fixed loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress (bsc#1220070) * New Features: + Added and use ZipFile.builder(), ZipFile.Builder, and deprecate constructors + Added and use SevenZFile.builder(), SevenZFile.Builder, and deprecate constructors + Added and use ArchiveInputStream.getCharset() + Added and use ArchiveEntry.resolveIn(Path) + Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: + Check for invalid PAX values in TarArchiveEntry + Fixed zero size headers in ArjInputStream + Fixes and tests for ArInputStream + Fixes for dump file parsing + Improved CPIO exception detection and handling + Deprecated SkipShieldingInputStream without replacement (nolonger used) + Reuse commons-codec, don't duplicate class PureJavaCrc32C (removed package-private class) + Reuse commons-codec, don't duplicate class XXHash32 (deprecated class) + Reuse commons-io, don't duplicate class Charsets (deprecated class) + Reuse commons-io, don't duplicate class IOUtils (deprecated methods) + Reuse commons-io, don't duplicate class BoundedInputStream (deprecated class) + Reuse commons-io, don't duplicate class FileTimes (deprecated TimeUtils methods) + Reuse Arrays.equals(byte[], byte[]) and deprecate ArchiveUtils.isEqual(byte[], byte[]) + Added a null-check for the class loader of OsgiUtils + Added a null-check in Pack200.newInstance(String, String) + Deprecated ChecksumCalculatingInputStream in favor of java.util.zip.CheckedInputStream + Deprecated CRC32VerifyingInputStream.CRC32VerifyingInputStream(InputStream, long, int) + FramedSnappyCompressorOutputStream produces incorrect output when writing a large buffer + Fixed TAR directory entries being misinterpreted as files + Deprecated unused method FileNameUtils.getBaseName(String) + Deprecated unused method FileNameUtils.getExtension(String) + ArchiveInputStream.BoundedInputStream.read() incorrectly adds 1 for EOF to the bytes read count + Deprecated IOUtils.read(File, byte[]) + Deprecated IOUtils.copyRange(InputStream, long, OutputStream, int) + ZipArchiveOutputStream multi archive updates metadata in incorrect file + Deprecated ByteUtils.InputStreamByteSupplier + Deprecated ByteUtils.fromLittleEndian(InputStream, int) + Deprecated ByteUtils.toLittleEndian(DataOutput, long, int) + Reduce duplication by having ArchiveInputStream extend FilterInputStream + Support preamble garbage in ZipArchiveInputStream + Fixed formatting the lowest expressable DOS time + Dropped reflection from ExtraFieldUtils static initialization + Preserve exception causation in ExtraFieldUtils.register(Class) - Changes in version 1.25: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.25.0 - Changes in version 1.24: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.24.0 - Changes in version 1.23: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.23.0 - Changes in version 1.22: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.22 apache-commons-io was updated to version 2.15.1: - Changes in version 2.15.1: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.1 - Changes in version 2.15.0: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.0 - Changes in version 2.14.0: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.14.0 javapackages-meta: - Syncing the version with javapackages-tools 6.2.0 - Remove unnecessary dependencies maven was updated to version 3.9.6: - Changes in version 3.9.6: * Bugs fixed: + Error message when modelVersion is 4.0 is confusing * Improvements: + Colorize transfer messages + Support ${project.basedir} in file profile activation + Allow to exclude plugins from validation * Tasks: + Maven Resolver Provider classes ctor change + Undeprecate wrongly deprecated repository metadata + Deprecated `org.apache.maven.repository.internal.MavenResolverModule` + maven-resolver-provider: introduce NAME constants. * Dependency upgrade: + Updated to Resolver 1.9.16 + Upgraded Sisu version to 0.9.0.M2 + Upgraded Resolver version to 1.9.18 + Upgraded to parent POM 41 + Upgraded default plugin bindings maven-assembly-plugin: - Explicitely require commons-io:commons-io and commons-codec:common-codes artifacts that are optional in apache-commons-compress maven-doxia was updated to version 1.12.0: * Changes in version 1.12.0: + Upgraded to FOP 2.2 + Fixed rendering links and paragraphs inside tables + Rewrite .md and .markdown links to .html + Upgraded HttpComponents: httpclient to 4.5.8 and httpcore to 4.4.11 + Escape links to xml based figureGraphics image elements + SECURITY: Use HTTPS to resolve dependencies in Maven Build + Removed old Maven 1 and 2 info + Updated commons-lang to 3.8.1 + Dropped dependency to outdated Log4j + Fixed Java 7 compatibility that was broken + Import tests from maven-site-plugin + Fixed crosslinks starting with a dot in markdown files + Replace deprecated class from commons-lang + Fill in some generic types maven-doxia-sitetools was updated to version 1.11.1: - Changes in version 1.11.1: * Bugs fixed: + CLIRR can't find previous version * Improvements: + Removed all   in default-site-macros.vm and replace by a space + Improved documentation on site.xml inheritance vs interpolation * Tasks: + Deprecated Doxia Sitetools Doc Renderer * Dependency upgrade: + Fixed javadoc issues with JDK 8 when generating documentation + Wrong coordinates for jai_core: hyphen should be underscore + Use latest JUnit version 4.13.2 + Upgraded Plexus Utils to 3.3.0 + Upgraded Plexus Interpolation to 1.26 + Upgraded Maven Doxia to 1.10 + Upgraded Maven Doxia to 1.11.1 maven-jar-plugin was updated to version 3.3.0: - Changes in version 3.3.0: * Bugs fixed: + outputTimestamp not applied to module-info; breaks reproducible builds * Task: + Updated plugin (requires Maven 3.2.5+) + Java 8 as minimum * Dependency upgrade: + Upgraded Plexus Utils to 3.3.1 + Removed override for Plexus Archiver to fix order of META-INF/ and META-INF/MANIFEST.MF entries + Upgraded Parent to 36 + Updated Plexus Utils to 3.4.2 + Upgraded Parent to 37 maven-jar-plugin was updated to version 3.6.0: - Changes from version 3.6.0: * Bugs fixed: + Setting maven.javadoc.isoffline seems to have no effect + javadoc site is broken for projects that contain modules + Alternative doclet page points to an SEO spammy page + [REGRESSION] Transitive dependencies of docletArtifact missing + Unresolvable link in javadoc tag with value ResourcesBundleMojo#getAttachmentClassifier() found in ResourcesBundleMojo + IOException --> NullPointerException in JavadocUtil.copyResource + JavadocReportTest.testExceptions is broken + javadoc creates invalid --patch-module statements + javadoc plugin can not deal with transitive filename based modules * Improvements: + Clean up deprecated and unpreferred methods in JavadocUtil + Cleanup dependency declarations as best possible + Allow building javadoc 'the old fashioned way' after Java 8 * Tasks: + Dropped use of deprecated localRepository mojo parameter + Make build pass with Java 20 + Refresh download page * Dependency upgrade: + Updated to commons-io 2.13.0 + Updated plexus-archiver from 4.7.1 to 4.8.0 + Upgraded Parent to 40 - Changes from version 3.5.0: * Bugs fixed: + Invalid anchors in Javadoc and plugin mojo + Plugin duplicates classes in Java 8 all-classes lists + javadoc site creation ignores configuration parameters * Improvements: + Deprecated parameter 'stylesheet' + Parse stderr output and suppress informational lines + Link to Javadoc references from JDK 17 + Migrate components to JSR 330, get rid of maven-artifact-transfer, update to parent 37 * Tasks: + Removed remains of org.codehaus.doxia.sink.Sink * Dependency upgrades: + Upgraded plugins in ITs + Upgraded to Maven 3.2.5 + Updated Maven Archiver to 3.6.0 + Upgraded Maven Reporting API to 3.1.1/Complete with Maven Reporting Impl 3.2.0 + Upgraded commons-text to 1.10.0 + Upgraded Parent to 39 + Upgraded plugins and components maven-reporting-api was updated to version 3.1.1: - Restore binary compat for MavenReport maven-reporting-impl was updated to version 3.2.0: - Changes in version 3.2.0: * Improvement: + Render with a skin when report is run in standalone mode * Dependency upgrades: + Upgraded Maven Reporting API to 3.1.1 + Upgraded plugins and components in project and ITs maven-resolver was updated to version 1.9.18: - Changes in version 1.9.18: * Bugs fixed: + Sporadic AccessDeniedEx on Windows + Undo FileUtils changes that altered non-Windows execution path * Improvements: + Native transport should retry on HTTP 429 (Retry-After) * Task: + Deprecated Guice modules + Get rid of component name string literals, make them constants and reusable + Expose configuration for inhibiting Expect-Continue handshake in 1.x + Refresh download page + Resolver should not override given HTTP transport default use of expect-continue handshake maven-resources-plugin was updated to version 3.3.1: - Changes in version 3.3.1: * Bugs fixed: + Resource plugin's handling of symbolic links changed in 3.0.x, broke existing behavior + Resource copying not using specified encoding + java.nio.charset.MalformedInputException: Input length = 1 + Filtering of Maven properties with long names is not working after transition from 2.6 to 3.2.0 + Valid location for directory parameter is always required + Symlinks cause copying resources to fail + FileUtils.copyFile() fails with source file having `lastModified = 0` * New Features: + Added ability to flatten folder structure into target directory when copying resources * Improvements: + Make tests jar reproducible + Describe from and to in 'Copying xresources' info message * Task: + Dropped plexus legacy + Updated to parent POM 39, reformat sources + Updated plugin (requires Maven 3.2.5+) + Require Java 8 * Dependency upgrade: + Upgraded maven-plugin parent to 36 + Upgraded Maven Filtering to 3.3.0 + Upgraded plexus-utils to 3.5.1 + Upgraded to maven-filtering 3.3.1 sbt: - Fixed RPM package build with maven 3.9.6 and maven-resolver 1.9.18 xmvn: - Modify the xmvn-install script to work with new apache-commons-compress - Recompiling RPM package to resolve package building issues with maven-lib The following package changes have been done: - apache-commons-codec-1.16.1-150200.3.9.1 updated - apache-commons-io-2.15.1-150200.3.12.1 updated - maven-resolver-api-1.9.18-150200.3.17.2 updated - maven-resolver-util-1.9.18-150200.3.17.2 updated - maven-resolver-spi-1.9.18-150200.3.17.2 updated - maven-resolver-named-locks-1.9.18-150200.3.17.2 updated - maven-resolver-transport-file-1.9.18-150200.3.17.2 updated - maven-resolver-connector-basic-1.9.18-150200.3.17.2 updated - maven-resolver-transport-wagon-1.9.18-150200.3.17.2 updated - maven-resolver-impl-1.9.18-150200.3.17.2 updated - maven-resolver-transport-http-1.9.18-150200.3.17.2 updated - maven-lib-3.9.6-150200.4.21.2 updated - maven-3.9.6-150200.4.21.2 updated - container:bci-openjdk-17-15.5.17-16.18 updated From sle-container-updates at lists.suse.com Tue Mar 5 08:03:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Mar 2024 09:03:25 +0100 (CET) Subject: SUSE-CU-2024:796-1: Security update of bci/nodejs Message-ID: <20240305080325.F39B8F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:796-1 Container Tags : bci/node:18 , bci/node:18-16.19 , bci/nodejs:18 , bci/nodejs:18-16.19 Container Release : 16.19 Severity : important Type : security References : 1219724 1219992 1219993 1219997 1220014 1220017 CVE-2023-46809 CVE-2024-21892 CVE-2024-22019 CVE-2024-22025 CVE-2024-24758 CVE-2024-24806 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:730-1 Released: Thu Feb 29 13:00:43 2024 Summary: Security update for nodejs18 Type: security Severity: important References: 1219724,1219992,1219993,1219997,1220014,1220017,CVE-2023-46809,CVE-2024-21892,CVE-2024-22019,CVE-2024-22025,CVE-2024-24758,CVE-2024-24806 This update for nodejs18 fixes the following issues: Update to 18.19.1: (security updates) * CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (bsc#1219992). * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993). * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997). * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014). * CVE-2024-24758: undici version 5.28.3 (bsc#1220017). * CVE-2024-24806: libuv version 1.48.0 (bsc#1219724). Update to LTS version 18.19.0 * deps: npm updates to 10.x * esm: + Leverage loaders when resolving subsequent loaders + import.meta.resolve unflagged + --experimental-default-type flag to flip module defaults The following package changes have been done: - nodejs18-18.19.1-150400.9.18.2 updated - npm18-18.19.1-150400.9.18.2 updated - container:sles15-image-15.0.0-36.11.8 updated From sle-container-updates at lists.suse.com Tue Mar 5 08:04:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Mar 2024 09:04:48 +0100 (CET) Subject: SUSE-CU-2024:802-1: Security update of suse/manager/5.0/x86_64/proxy-squid Message-ID: <20240305080448.51266F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:802-1 Container Tags : suse/manager/5.0/x86_64/proxy-squid:5.0.0-beta1 , suse/manager/5.0/x86_64/proxy-squid:5.0.0-beta1.2.80 , suse/manager/5.0/x86_64/proxy-squid:latest Container Release : 2.80 Severity : moderate Type : security References : 1107342 1215434 1217000 1218475 1218571 1218571 1219238 1219576 CVE-2023-7207 CVE-2023-7207 CVE-2024-22365 CVE-2024-25062 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:238-1 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Thu Feb 1 17:33:38 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:555-1 Released: Tue Feb 20 17:22:17 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.88 updated - crypto-policies-20230920.570ea89-150600.1.8 added - libldap-data-2.4.46-150600.23.4 updated - libsemanage-conf-3.5-150600.1.47 updated - libssh-config-0.9.8-150600.8.1 updated - glibc-2.38-150600.5.2 updated - libuuid1-2.39.3-150600.1.14 updated - libsmartcols1-2.39.3-150600.1.14 updated - libsepol2-3.5-150600.1.47 updated - libsasl2-3-2.1.28-150600.5.1 updated - libpcre2-8-0-10.42-150600.1.24 updated - libnghttp2-14-1.40.0-150600.22.1 updated - liblzma5-5.4.6-150600.1.15 updated - libcom_err2-1.47.0-150600.2.24 updated - libblkid1-2.39.3-150600.1.14 updated - libselinux1-3.5-150600.1.44 updated - libgcrypt20-1.10.3-150600.1.7 updated - libfdisk1-2.39.3-150600.1.14 updated - libmount1-2.39.3-150600.1.14 updated - libxml2-2-2.10.3-150500.5.14.1 updated - libopenssl3-3.1.4-150600.1.11 added - libsystemd0-254.9-150600.2.4 updated - libsemanage2-3.5-150600.1.47 updated - login_defs-4.8.1-150600.15.43 updated - libcrack2-2.9.11-150600.1.88 updated - cracklib-2.9.11-150600.1.88 updated - libopenssl-3-fips-provider-3.1.4-150600.1.11 added - libldap-2_4-2-2.4.46-150600.23.4 updated - krb5-1.20.1-150600.8.3 updated - patterns-base-fips-20200124-150600.29.1 updated - libssh4-0.9.8-150600.8.1 updated - cpio-2.13-150400.3.6.1 updated - libcurl4-8.0.1-150600.10.1 updated - sles-release-15.6-150600.26.1 updated - pam-1.3.0-150000.6.66.1 updated - shadow-4.8.1-150600.15.43 updated - util-linux-2.39.3-150600.1.14 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 updated - container:sles15-image-15.0.0-44.47 updated - libjitterentropy3-3.4.0-150000.1.9.1 removed - libopenssl1_1-1.1.1l-150500.17.22.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 removed From sle-container-updates at lists.suse.com Tue Mar 5 08:04:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Mar 2024 09:04:49 +0100 (CET) Subject: SUSE-CU-2024:803-1: Security update of suse/manager/5.0/x86_64/proxy-ssh Message-ID: <20240305080449.2991FF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:803-1 Container Tags : suse/manager/5.0/x86_64/proxy-ssh:5.0.0-beta1 , suse/manager/5.0/x86_64/proxy-ssh:5.0.0-beta1.2.91 , suse/manager/5.0/x86_64/proxy-ssh:latest Container Release : 2.91 Severity : moderate Type : security References : 1107342 1210638 1215434 1217000 1218475 1218571 1218571 1219238 1219576 CVE-2023-27043 CVE-2023-7207 CVE-2023-7207 CVE-2024-22365 CVE-2024-25062 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:238-1 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Thu Feb 1 17:33:38 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:555-1 Released: Tue Feb 20 17:22:17 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:581-1 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Type: security Severity: moderate References: 1210638,CVE-2023-27043 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.88 updated - crypto-policies-20230920.570ea89-150600.1.8 added - libldap-data-2.4.46-150600.23.4 updated - libsemanage-conf-3.5-150600.1.47 updated - libssh-config-0.9.8-150600.8.1 updated - glibc-2.38-150600.5.2 updated - libuuid1-2.39.3-150600.1.14 updated - libsmartcols1-2.39.3-150600.1.14 updated - libsepol2-3.5-150600.1.47 updated - libsasl2-3-2.1.28-150600.5.1 updated - libpcre2-8-0-10.42-150600.1.24 updated - libnghttp2-14-1.40.0-150600.22.1 updated - liblzma5-5.4.6-150600.1.15 updated - libcom_err2-1.47.0-150600.2.24 updated - libblkid1-2.39.3-150600.1.14 updated - libselinux1-3.5-150600.1.44 updated - libgcrypt20-1.10.3-150600.1.7 updated - libfdisk1-2.39.3-150600.1.14 updated - libmount1-2.39.3-150600.1.14 updated - libxml2-2-2.10.3-150500.5.14.1 updated - libopenssl3-3.1.4-150600.1.11 added - libudev1-254.9-150600.2.4 updated - libsystemd0-254.9-150600.2.4 updated - libsemanage2-3.5-150600.1.47 updated - login_defs-4.8.1-150600.15.43 updated - libcrack2-2.9.11-150600.1.88 updated - cracklib-2.9.11-150600.1.88 updated - libopenssl-3-fips-provider-3.1.4-150600.1.11 added - libldap-2_4-2-2.4.46-150600.23.4 updated - krb5-1.20.1-150600.8.3 updated - patterns-base-fips-20200124-150600.29.1 updated - libssh4-0.9.8-150600.8.1 updated - cpio-2.13-150400.3.6.1 updated - libcurl4-8.0.1-150600.10.1 updated - sles-release-15.6-150600.26.1 updated - pam-1.3.0-150000.6.66.1 updated - shadow-4.8.1-150600.15.43 updated - util-linux-2.39.3-150600.1.14 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 updated - libcbor0_10-0.10.1-150500.1.1 added - openssh-common-9.3p2-150600.1.1 updated - libfido2-1-1.13.0-150600.10.1 updated - libopenssl1_1-1.1.1w-150600.1.7 updated - openssh-fips-9.3p2-150600.1.1 updated - openssh-server-9.3p2-150600.1.1 updated - openssh-clients-9.3p2-150600.1.1 updated - libpython3_6m1_0-3.6.15-150300.10.54.1 updated - python3-base-3.6.15-150300.10.54.1 updated - python3-3.6.15-150300.10.54.1 updated - openssh-9.3p2-150600.1.1 updated - container:sles15-image-15.0.0-44.47 updated - libcbor0-0.5.0-150100.4.6.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 removed From sle-container-updates at lists.suse.com Tue Mar 5 08:04:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Mar 2024 09:04:49 +0100 (CET) Subject: SUSE-CU-2024:804-1: Security update of suse/manager/5.0/x86_64/proxy-tftpd Message-ID: <20240305080449.D0CE7F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:804-1 Container Tags : suse/manager/5.0/x86_64/proxy-tftpd:5.0.0-beta1 , suse/manager/5.0/x86_64/proxy-tftpd:5.0.0-beta1.2.90 , suse/manager/5.0/x86_64/proxy-tftpd:latest Container Release : 2.90 Severity : moderate Type : security References : 1107342 1210638 1215434 1217000 1218475 1218571 1218571 1218765 1219238 1219576 CVE-2023-27043 CVE-2023-7207 CVE-2023-7207 CVE-2024-22365 CVE-2024-25062 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:187-1 Released: Tue Jan 23 13:38:00 2024 Summary: Recommended update for python-chardet Type: recommended Severity: moderate References: 1218765 This update for python-chardet fixes the following issues: - Fix update-alternative in %postun (bsc#1218765) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:238-1 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Thu Feb 1 17:33:38 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:555-1 Released: Tue Feb 20 17:22:17 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:581-1 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Type: security Severity: moderate References: 1210638,CVE-2023-27043 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.88 updated - crypto-policies-20230920.570ea89-150600.1.8 updated - libldap-data-2.4.46-150600.23.4 updated - libsemanage-conf-3.5-150600.1.47 updated - libssh-config-0.9.8-150600.8.1 updated - glibc-2.38-150600.5.2 updated - libuuid1-2.39.3-150600.1.14 updated - libsmartcols1-2.39.3-150600.1.14 updated - libsepol2-3.5-150600.1.47 updated - libsasl2-3-2.1.28-150600.5.1 updated - libpcre2-8-0-10.42-150600.1.24 updated - libnghttp2-14-1.40.0-150600.22.1 updated - liblzma5-5.4.6-150600.1.15 updated - libcom_err2-1.47.0-150600.2.24 updated - libblkid1-2.39.3-150600.1.14 updated - libselinux1-3.5-150600.1.44 updated - libgcrypt20-1.10.3-150600.1.7 updated - libfdisk1-2.39.3-150600.1.14 updated - libmount1-2.39.3-150600.1.14 updated - libxml2-2-2.10.3-150500.5.14.1 updated - libopenssl3-3.1.4-150600.1.11 added - libsystemd0-254.9-150600.2.4 updated - libsemanage2-3.5-150600.1.47 updated - login_defs-4.8.1-150600.15.43 updated - libcrack2-2.9.11-150600.1.88 updated - cracklib-2.9.11-150600.1.88 updated - libopenssl-3-fips-provider-3.1.4-150600.1.11 added - libldap-2_4-2-2.4.46-150600.23.4 updated - krb5-1.20.1-150600.8.3 updated - patterns-base-fips-20200124-150600.29.1 updated - libssh4-0.9.8-150600.8.1 updated - cpio-2.13-150400.3.6.1 updated - libcurl4-8.0.1-150600.10.1 updated - sles-release-15.6-150600.26.1 updated - pam-1.3.0-150000.6.66.1 updated - shadow-4.8.1-150600.15.43 updated - util-linux-2.39.3-150600.1.14 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 updated - openssl-3.1.4-150600.1.17 added - openssl-3-3.1.4-150600.1.11 added - libopenssl1_1-1.1.1w-150600.1.7 updated - libpython3_6m1_0-3.6.15-150300.10.54.1 updated - python3-base-3.6.15-150300.10.54.1 updated - python3-3.6.15-150300.10.54.1 updated - python3-chardet-3.0.4-150000.5.3.1 updated - container:sles15-image-15.0.0-44.47 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 removed - openssl-1_1-1.1.1l-150500.17.22.1 removed From sle-container-updates at lists.suse.com Tue Mar 5 16:49:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Mar 2024 17:49:06 +0100 (CET) Subject: SUSE-CU-2024:811-1: Recommended update of suse/sle15 Message-ID: <20240305164906.829A6F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:811-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.8 , suse/sle15:15.5 , suse/sle15:15.5.36.11.8 Container Release : 36.11.8 Severity : moderate Type : recommended References : 1212475 1219123 1219189 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:734-1 Released: Thu Feb 29 13:16:38 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.7 (released 2024-02-06) includes fixes to the compiler, the go command, the runtime, and the crypto/x509 package. (bsc#1212475 go1.21 release tracking) * go#63209 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21 * go#63768 runtime: pinner.Pin doesn't panic when it says it will * go#64497 cmd/go: flag modcacherw does not take effect in the target package * go#64761 staticlockranking builders failing on release branches on LUCI * go#64935 runtime: 'traceback: unexpected SPWRITE function runtime.systemstack' * go#65023 x/tools/go/analysis/unitchecker,slices: TestVetStdlib failing due to vet errors in panic tests * go#65053 cmd/compile: //go:build file version ignored when calling generic fn which has related type params * go#65323 crypto: rollback BoringCrypto fips-20220613 update * go#65351 cmd/go: go generate fails silently when run on a package in a nested workspace module * go#65380 crypto/x509: TestIssue51759 consistently failing on gotip-darwin-amd64_10.15 LUCI builder * go#65449 runtime/trace: frame pointer unwinding crash on arm64 during async preemption The following package changes have been done: - container-suseconnect-2.4.0-150000.4.50.2 updated - suse-build-key-12.0-150000.8.43.1 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:04:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:04:13 +0100 (CET) Subject: SUSE-CU-2024:814-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240306080413.A7DC5F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:814-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.7 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.7 Container Release : 3.7 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:04:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:04:36 +0100 (CET) Subject: SUSE-CU-2024:815-1: Recommended update of suse/389-ds Message-ID: <20240306080436.27CE6F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:815-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-20.25 , suse/389-ds:latest Container Release : 20.25 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:04:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:04:59 +0100 (CET) Subject: SUSE-CU-2024:816-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240306080459.9D055F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:816-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-24.13 , bci/dotnet-aspnet:6.0.27 , bci/dotnet-aspnet:6.0.27-24.13 Container Release : 24.13 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:05:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:05:24 +0100 (CET) Subject: SUSE-CU-2024:817-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240306080524.264E7F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:817-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-24.13 , bci/dotnet-aspnet:7.0.16 , bci/dotnet-aspnet:7.0.16-24.13 Container Release : 24.13 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:05:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:05:28 +0100 (CET) Subject: SUSE-CU-2024:818-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240306080528.0BE2DF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:818-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-6.13 , bci/dotnet-aspnet:8.0.2 , bci/dotnet-aspnet:8.0.2-6.13 , bci/dotnet-aspnet:latest Container Release : 6.13 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:05:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:05:58 +0100 (CET) Subject: SUSE-CU-2024:819-1: Recommended update of bci/dotnet-sdk Message-ID: <20240306080558.0AB93F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:819-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-25.13 , bci/dotnet-sdk:7.0.16 , bci/dotnet-sdk:7.0.16-25.13 Container Release : 25.13 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:06:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:06:03 +0100 (CET) Subject: SUSE-CU-2024:820-1: Recommended update of bci/dotnet-sdk Message-ID: <20240306080603.F0682F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:820-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-6.13 , bci/dotnet-sdk:8.0.2 , bci/dotnet-sdk:8.0.2-6.13 , bci/dotnet-sdk:latest Container Release : 6.13 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:06:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:06:25 +0100 (CET) Subject: SUSE-CU-2024:821-1: Recommended update of bci/dotnet-runtime Message-ID: <20240306080625.7155DF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:821-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-23.13 , bci/dotnet-runtime:6.0.27 , bci/dotnet-runtime:6.0.27-23.13 Container Release : 23.13 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:06:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:06:29 +0100 (CET) Subject: SUSE-CU-2024:822-1: Recommended update of bci/dotnet-runtime Message-ID: <20240306080629.3010BF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:822-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-6.13 , bci/dotnet-runtime:8.0.2 , bci/dotnet-runtime:8.0.2-6.13 , bci/dotnet-runtime:latest Container Release : 6.13 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:06:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:06:36 +0100 (CET) Subject: SUSE-CU-2024:823-1: Recommended update of suse/git Message-ID: <20240306080636.EDE78F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:823-1 Container Tags : suse/git:2.35 , suse/git:2.35-9.2 , suse/git:latest Container Release : 9.2 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:06:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:06:50 +0100 (CET) Subject: SUSE-CU-2024:824-1: Recommended update of bci/golang Message-ID: <20240306080650.A2E64F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:824-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-12.21 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-12.21 Container Release : 12.21 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:07:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:07:11 +0100 (CET) Subject: SUSE-CU-2024:825-1: Recommended update of bci/bci-init Message-ID: <20240306080711.AA154F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:825-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.14.21 , bci/bci-init:latest Container Release : 14.21 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:07:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:07:40 +0100 (CET) Subject: SUSE-CU-2024:826-1: Recommended update of bci/openjdk-devel Message-ID: <20240306080740.A0CCEF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:826-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.47 Container Release : 14.47 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:bci-openjdk-11-15.5.11-15.22 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:08:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:08:06 +0100 (CET) Subject: SUSE-CU-2024:827-1: Recommended update of bci/openjdk-devel Message-ID: <20240306080806.1D472F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:827-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-16.46 , bci/openjdk-devel:latest Container Release : 16.46 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:bci-openjdk-17-15.5.17-16.21 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:08:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:08:25 +0100 (CET) Subject: SUSE-CU-2024:828-1: Recommended update of bci/openjdk Message-ID: <20240306080825.744B9F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:828-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-16.21 , bci/openjdk:latest Container Release : 16.21 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:08:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:08:53 +0100 (CET) Subject: SUSE-CU-2024:829-1: Recommended update of suse/pcp Message-ID: <20240306080853.DDF56F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:829-1 Container Tags : suse/pcp:5 , suse/pcp:5-22.38 , suse/pcp:5.2 , suse/pcp:5.2-22.38 , suse/pcp:5.2.5 , suse/pcp:5.2.5-22.38 , suse/pcp:latest Container Release : 22.38 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:bci-bci-init-15.5-15.5-14.21 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:09:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:09:13 +0100 (CET) Subject: SUSE-CU-2024:830-1: Recommended update of bci/php-apache Message-ID: <20240306080913.F27DFF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:830-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-12.22 Container Release : 12.22 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:09:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:09:35 +0100 (CET) Subject: SUSE-CU-2024:831-1: Recommended update of bci/php-fpm Message-ID: <20240306080935.B247CF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:831-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-12.22 Container Release : 12.22 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:09:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:09:56 +0100 (CET) Subject: SUSE-CU-2024:832-1: Recommended update of suse/postgres Message-ID: <20240306080956.095F3F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:832-1 Container Tags : suse/postgres:15 , suse/postgres:15-17.21 , suse/postgres:15.6 , suse/postgres:15.6-17.21 Container Release : 17.21 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:10:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:10:03 +0100 (CET) Subject: SUSE-CU-2024:833-1: Recommended update of suse/postgres Message-ID: <20240306081003.A5DC0F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:833-1 Container Tags : suse/postgres:16 , suse/postgres:16-6.22 , suse/postgres:16.2 , suse/postgres:16.2-6.22 , suse/postgres:latest Container Release : 6.22 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Wed Mar 6 08:10:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 6 Mar 2024 09:10:07 +0100 (CET) Subject: SUSE-CU-2024:834-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20240306081007.C2F34F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:834-1 Container Tags : suse/mariadb-client:10.6 , suse/mariadb-client:10.6-15.19 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.6 , suse/rmt-mariadb-client:10.6-15.19 , suse/rmt-mariadb-client:latest Container Release : 15.19 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:01:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:01:30 +0100 (CET) Subject: SUSE-CU-2024:835-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240307080130.16ABBF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:835-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.170 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.170 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:02:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:02:23 +0100 (CET) Subject: SUSE-CU-2024:836-1: Recommended update of bci/dotnet-sdk Message-ID: <20240307080223.A1412F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:836-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-23.13 , bci/dotnet-sdk:6.0.27 , bci/dotnet-sdk:6.0.27-23.13 Container Release : 23.13 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:02:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:02:41 +0100 (CET) Subject: SUSE-CU-2024:837-1: Recommended update of bci/golang Message-ID: <20240307080241.2FE84F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:837-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.2.20 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.2.20 Container Release : 2.20 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:02:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:02:52 +0100 (CET) Subject: SUSE-CU-2024:838-1: Recommended update of bci/golang Message-ID: <20240307080252.A826CF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:838-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-12.21 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-12.21 Container Release : 12.21 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:03:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:03:13 +0100 (CET) Subject: SUSE-CU-2024:839-1: Recommended update of bci/nodejs Message-ID: <20240307080313.A1125F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:839-1 Container Tags : bci/node:18 , bci/node:18-16.22 , bci/nodejs:18 , bci/nodejs:18-16.22 Container Release : 16.22 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:03:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:03:34 +0100 (CET) Subject: SUSE-CU-2024:840-1: Recommended update of bci/openjdk Message-ID: <20240307080334.40DCAF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:840-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-15.22 Container Release : 15.22 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:03:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:03:52 +0100 (CET) Subject: SUSE-CU-2024:841-1: Recommended update of bci/php Message-ID: <20240307080352.22C76F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:841-1 Container Tags : bci/php:8 , bci/php:8-12.23 Container Release : 12.23 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:04:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:04:11 +0100 (CET) Subject: SUSE-CU-2024:842-1: Recommended update of bci/python Message-ID: <20240307080411.D013FF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:842-1 Container Tags : bci/python:3 , bci/python:3-17.21 , bci/python:3.11 , bci/python:3.11-17.21 , bci/python:latest Container Release : 17.21 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:04:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:04:15 +0100 (CET) Subject: SUSE-CU-2024:834-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20240307080415.88673F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:834-1 Container Tags : suse/mariadb-client:10.6 , suse/mariadb-client:10.6-15.19 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.6 , suse/rmt-mariadb-client:10.6-15.19 , suse/rmt-mariadb-client:latest Container Release : 15.19 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:04:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:04:20 +0100 (CET) Subject: SUSE-CU-2024:843-1: Recommended update of suse/rmt-mariadb Message-ID: <20240307080420.88BB8F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:843-1 Container Tags : suse/mariadb:10.6 , suse/mariadb:10.6-19.4 , suse/mariadb:latest , suse/rmt-mariadb:10.6 , suse/rmt-mariadb:10.6-19.4 , suse/rmt-mariadb:latest Container Release : 19.4 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:04:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:04:31 +0100 (CET) Subject: SUSE-CU-2024:844-1: Recommended update of suse/rmt-server Message-ID: <20240307080431.115CCF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:844-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-15.20 , suse/rmt-server:latest Container Release : 15.20 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:04:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:04:48 +0100 (CET) Subject: SUSE-CU-2024:845-1: Recommended update of bci/ruby Message-ID: <20240307080448.72200F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:845-1 Container Tags : bci/ruby:2 , bci/ruby:2-16.19 , bci/ruby:2.5 , bci/ruby:2.5-16.19 , bci/ruby:latest Container Release : 16.19 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:05:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:05:07 +0100 (CET) Subject: SUSE-CU-2024:846-1: Recommended update of bci/rust Message-ID: <20240307080507.6BF3EF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:846-1 Container Tags : bci/rust:1.75 , bci/rust:1.75-2.2.10 , bci/rust:oldstable , bci/rust:oldstable-2.2.10 Container Release : 2.10 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:05:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:05:26 +0100 (CET) Subject: SUSE-CU-2024:847-1: Recommended update of bci/rust Message-ID: <20240307080526.9A9A4F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:847-1 Container Tags : bci/rust:1.76 , bci/rust:1.76-1.2.10 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.10 Container Release : 2.10 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:05:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:05:32 +0100 (CET) Subject: SUSE-CU-2024:848-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240307080532.31A61F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:848-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.6.21 , bci/bci-sle15-kernel-module-devel:latest Container Release : 6.21 Severity : important Type : recommended References : 1219198 1220385 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:739-1 Released: Fri Mar 1 12:26:56 2024 Summary: Recommended update for pesign Type: recommended Severity: moderate References: 1219198 This update for pesign fixes the following issue: - Fix errors when installing pesign alone (bsc#1219198) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - pesign-0.112-150000.4.21.1 updated - container:sles15-image-15.0.0-36.11.9 updated From sle-container-updates at lists.suse.com Thu Mar 7 08:05:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 Mar 2024 09:05:47 +0100 (CET) Subject: SUSE-CU-2024:849-1: Recommended update of suse/sle15 Message-ID: <20240307080547.8B6EEF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:849-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.9 , suse/sle15:15.5 , suse/sle15:15.5.36.11.9 Container Release : 36.11.9 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated From sle-container-updates at lists.suse.com Fri Mar 8 12:49:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Mar 2024 13:49:28 +0100 (CET) Subject: SUSE-CU-2024:874-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240308124928.4A1D8F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:874-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.212 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.212 Severity : important Type : security References : 1219026 1220389 CVE-2023-42465 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:795-1 Released: Thu Mar 7 10:33:50 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). The following package changes have been done: - sudo-1.9.9-150400.4.33.1 updated From sle-container-updates at lists.suse.com Fri Mar 8 12:48:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 Mar 2024 13:48:50 +0100 (CET) Subject: SUSE-CU-2024:873-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240308124850.C76D8F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:873-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.314 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.314 Severity : important Type : security References : 1219026 1220389 CVE-2023-42465 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:795-1 Released: Thu Mar 7 10:33:50 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). The following package changes have been done: - sudo-1.9.9-150400.4.33.1 updated From sle-container-updates at lists.suse.com Tue Mar 5 08:04:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Mar 2024 09:04:46 +0100 (CET) Subject: SUSE-CU-2024:800-1: Security update of suse/manager/5.0/x86_64/proxy-httpd Message-ID: <20240305080446.3FD26F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:800-1 Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.0-beta1 , suse/manager/5.0/x86_64/proxy-httpd:5.0.0-beta1.2.94 , suse/manager/5.0/x86_64/proxy-httpd:latest Container Release : 2.94 Severity : important Type : security References : 1107342 1133277 1182659 1203378 1208794 1210638 1212180 1212182 1214148 1215334 1215434 1215698 1216752 1217000 1218475 1218571 1218571 1218765 1218782 1218831 1219238 1219442 1219576 CVE-2023-27043 CVE-2023-32731 CVE-2023-32732 CVE-2023-33953 CVE-2023-44487 CVE-2023-4785 CVE-2023-7207 CVE-2023-7207 CVE-2024-22365 CVE-2024-25062 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:187-1 Released: Tue Jan 23 13:38:00 2024 Summary: Recommended update for python-chardet Type: recommended Severity: moderate References: 1218765 This update for python-chardet fixes the following issues: - Fix update-alternative in %postun (bsc#1218765) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:238-1 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Thu Feb 1 17:33:38 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:480-1 Released: Thu Feb 15 12:35:51 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:555-1 Released: Tue Feb 20 17:22:17 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:573-1 Released: Wed Feb 21 09:36:59 2024 Summary: Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 Type: security Severity: moderate References: 1133277,1182659,1203378,1208794,1212180,1212182,1214148,1215334,CVE-2023-32731,CVE-2023-32732,CVE-2023-33953,CVE-2023-44487,CVE-2023-4785 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: * Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target. Update to 20230125.3 Details can be found on: https://github.com/abseil/abseil-cpp/releases/tag/20230125.3 Update to 20230125.2 What's New: The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI. Breaking Changes: Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future. Known Issues The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released. Update to version 20220623.0 What's New: * Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional. Breaking Changes: * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency. Other: * This will be the last release to support C++11. Future releases will require at least C++14. grpc was updated to 1.60: Update to release 1.60 * Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var. * Support for setting proxy for addresses. * Add v1 reflection. update to 1.59.3: * Security - Revocation: Crl backport to 1.59. (#34926) Update to release 1.59.2 * Fixes for CVE-2023-44487 Update to version 1.59.1: * C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552). Update to version 1.59.0: * xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435). * c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185). * Deps: Adding upb as a submodule (gh#grpc/grpc#34199). * EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167). * csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137). * Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198). Update to release 1.58.1 * Reintroduced c-ares 1.14 or later support Update to release 1.58 * ruby extension: remove unnecessary background thread startup wait logic that interferes with forking Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * EventEngine: Change GetDNSResolver to return absl::StatusOr>. * Improve server handling of file descriptor exhaustion. * Add a channel argument to set DSCP on streams. Update to release 1.56.2 * Improve server handling of file descriptor exhaustion Update to release 1.56.0 (CVE-2023-32731, bsc#1212180) * core: Add support for vsock transport. * EventEngine: Change TXT lookup result type to std::vector. * C++/Authz: support customizable audit functionality for authorization policy. Update to release 1.54.1 * Bring declarations and definitions to be in sync Update to release 1.54 (CVE-2023-32732, bsc#1212182) * XDS: enable XDS federation by default * TlsCreds: Support revocation of intermediate in chain Update to release 1.51.1 * Only a macOS/aarch64-related change Update to release 1.51 * c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. * Remove support for pthread TLS Update to release 1.50.0 * Core - Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert 'Revert '[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)' (#30991)'. (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623) * C++ - OpenCensus Plugin: Add measure and views for started RPCs. (#31034) * C# - Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410) Update to release 1.49.1 * All - Update protobuf to v21.6 on 1.49.x. (#31028) * Ruby - Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053) Update to release 1.49.0 * Core - Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220) * Python - Add type stub generation support to grpcio-tools. (#30498) Update to release 1.48.1 * Backport EventEngine Forkables Update to release 1.48.0 * C++14 is now required * xDS: Workaround to get gRPC clients working with istio Update to release 1.46.3 * backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727 Update to release 1.46 * Added HTTP/1.1 support in httpcli * HTTP2: Add graceful goaway Update to release 1.45.2 * Various fixes related to XDS * HTTP2: Should not run cancelling logic on servers when receiving GOAWAY Update to release 1.45.1 * Switched to epoll1 as a default polling engine for Linux Update to version 1.45.0: * Core: - Backport 'Include ADS stream error in XDS error updates (#29014)' to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568]. * C++ - Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407]. Update to release 1.44.0 * Add a trace to list which filters are contained in a channel stack. * Remove grpc_httpcli_context. * xDS: Add support for RBAC HTTP filter. * API to cancel grpc_resolve_address. Update to version 1.43.2: * Fix google-c2p-experimental issue (gh#grpc/grpc#28692). Changes from version 1.43.0: * Core: - Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906). * C++: - OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948). * [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887). - Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number. Update to release 1.41.0 * xDS: Remove environmental variable guard for security. * xDS Security: Use new way to fetch certificate provider plugin instance config. * xDS server serving status: Use a struct to allow more fields to be added in the future. Update to release 1.39.1 * Fix C# protoc plugin argument parsing on 1.39.x Update to version 1.39.0: * Core - Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331). * C++ - New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728). * PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156). * Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268). Update to release 1.38.0 * Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. * Fix use-after-unref bug in fault_injection_filter * New gRPC EventEngine Interface * Allow the AWS_DEFAULT_REGION environment variable * s/OnServingStatusChange/OnServingStatusUpdate/ Update to release 1.37.1 * Use URI form of address for channelz listen node * Implementation CSDS (xDS Config Dump) * xDS status notifier * Remove CAS loops in global subchannel pool and simplify subchannel refcounting Update to release 1.36.4 * A fix for DNS SRV lookups on Windows Update to 1.36.1: * Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver * C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API * PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings * Python: * Implement Python Client and Server xDS Creds Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). * Backport 'do not use true on non-windows' to 1.34.x (gh#grpc/grpc#24995). Update to version 1.34.0: * Core: - Protect xds security code with the environment variable 'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT' (gh#grpc/grpc#24782). - Add support for 'unix-abstract:' URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert 'Revert 'Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS'' (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381). * C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362). Update to release 1.33.2 * Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS. * Expose Cronet error message to the application layer. * Remove grpc_channel_ping from surface API. * Do not send BDP pings if there is no receive side activity. Update to version 1.33.1 * Core - Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997). * C++ - Makefile: only support building deps from submodule (gh#grpc/grpc#23957). - Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb. Update to version 1.32.0: * Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in 'target uri is not valid' error messages (gh#grpc/grpc#23782). - Fix 'cannot send compressed message large than 1024B' in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281). * C++ - Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557). opencensus-proto was updated to 0.3.0+git.20200721: - Update to version 0.3.0+git.20200721: * Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216) - Update to version 0.2.1+git.20190826: * Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209) - Update to version 0.2.1: * Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert 'Start 0.3.0 development cycle (#167)' (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60) - Initial version 20180523 protobuf was updated to 25.1: update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split('/') returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 update to 23.3: C++: * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp: * [C#] Replace regex that validates descriptor names update to 22.5: C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) update to 22.4: C++: * Fix libprotoc: export useful symbols from .so Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 update to v22.3 UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest update to 22.2: Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files update to 22.1: * Add visibility of plugin.proto to python directory * Strip 'src' from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 update to v21.12: * Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. update to 21.11: * Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) update to 21.10:: * Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private 'parsing constructor' to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. update to 21.6: C++: * Reduce memory consumption of MessageSet parsing update to 21.5: PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python: * Fixed comparison of maps in Python. - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061) Update to 21.2: - C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java: - Update protobuf_version.bzl to separate protoc and per-language java ??? (#9900) - Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Update to 3.20.1: - PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0 - Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert 'Standardize on Array copyOf' (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)??? - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add 'ensure_ascii' parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568) - update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. - Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10 - Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on 'new' buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557) Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461) Update to 3.15.7: C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) update to 3.15.6: Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have 'has' methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include '|null'. (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have 'has' methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) - Updated URL to https://github.com/protocolbuffers/protobuf Update to v3.14.0 Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support '\u' escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for '==' to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked 'explicit' (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named 'async' or 'await'. * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span` type internally * Add `ParseFrom(ReadOnlySequence)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter` or to a `Span` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the 'optional' field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an 'optional' label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call 'Class#new' over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations - Install LICENSE - Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka 'cpp api v2') that replaces the old ('cpp api v1') one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it python-abseil was udpated: version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object. version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`. Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward. - Release notes for 0.15.0 * (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+. - Release notes for 0.14.1 * Top-level LICENSE file is now exported in bazel. - Release notes for 0.14.0 * #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main. - Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast. - Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument. - Add Provides python-absl-py python-grpcuio was updated: - Update to version 1.60.0: * No python specfic changes. - Update to version 1.59.2: * No python specific changes. - Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186). - Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797). - Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974). - Build with LTO (don't set _lto_cflags to %nil). - No need to pass '-std=c++17' to build CFLAGS. - Update to version 1.56.2: * [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667) - Switch build to pip/wheel. - Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE) - Upstream only supports python >= 3.7, so adjust BuildRequires accordingly. - Add %{?sle15_python_module_pythons} - Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475). - Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319). - Drop Requires: python-six; not required any more. - Switch Suggests to Recommends. - Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497). - Update to version 1.51.1: * No Linux specific changes. - Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113). - Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818]. - Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498) - Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795]. - update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes. - Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert 'Fix prefork handler register's default behavior' [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873]. - Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604]. - Build with system re2; add BuildRequires: pkgconfig(re2). - Update to version 1.44.0: * Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103). - Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958). - update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core. - Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090). - Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058). - Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436). - Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package 'xds_protos' (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814). - Update to version 1.37.1: * No user visible changes. - Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394). - Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569). - Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package - Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). - Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356). - Update to version 1.33.2: * [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574). - Update to version 1.33.1: * [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098). Added re2 package in version 2024-02-01. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:581-1 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Type: security Severity: moderate References: 1210638,CVE-2023-27043 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.88 updated - crypto-policies-20230920.570ea89-150600.1.8 added - libldap-data-2.4.46-150600.23.4 updated - libsemanage-conf-3.5-150600.1.47 updated - libssh-config-0.9.8-150600.8.1 updated - glibc-2.38-150600.5.2 updated - libuuid1-2.39.3-150600.1.14 updated - libsmartcols1-2.39.3-150600.1.14 updated - libsepol2-3.5-150600.1.47 updated - libsasl2-3-2.1.28-150600.5.1 updated - libpcre2-8-0-10.42-150600.1.24 updated - libnghttp2-14-1.40.0-150600.22.1 updated - liblzma5-5.4.6-150600.1.15 updated - libfa1-1.14.1-150600.1.1 added - libcom_err2-1.47.0-150600.2.24 updated - libblkid1-2.39.3-150600.1.14 updated - libselinux1-3.5-150600.1.44 updated - libglib-2_0-0-2.78.3-150600.1.5 updated - libgcrypt20-1.10.3-150600.1.7 updated - libfdisk1-2.39.3-150600.1.14 updated - libmount1-2.39.3-150600.1.14 updated - libxml2-2-2.10.3-150500.5.14.1 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 added - libprotobuf-lite25_1_0-25.1-150400.9.3.1 added - libopenssl3-3.1.4-150600.1.11 added - libaugeas0-1.14.1-150600.1.1 updated - libudev1-254.9-150600.2.4 updated - libsystemd0-254.9-150600.2.4 updated - libsemanage2-3.5-150600.1.47 updated - login_defs-4.8.1-150600.15.43 updated - libcrack2-2.9.11-150600.1.88 updated - cracklib-2.9.11-150600.1.88 updated - libzck1-1.1.16-150600.9.1 updated - libopenssl-3-fips-provider-3.1.4-150600.1.11 added - libldap-2_4-2-2.4.46-150600.23.4 updated - krb5-1.20.1-150600.8.3 updated - patterns-base-fips-20200124-150600.29.1 updated - libssh4-0.9.8-150600.8.1 updated - cpio-2.13-150400.3.6.1 updated - libcurl4-8.0.1-150600.10.1 updated - sles-release-15.6-150600.26.1 updated - gpg2-2.4.4-150600.1.2 updated - libgpgme11-1.23.0-150600.1.20 updated - libsolv-tools-0.7.28-150400.3.16.2 updated - pam-1.3.0-150000.6.66.1 updated - libzypp-17.31.31-150600.8.2 updated - shadow-4.8.1-150600.15.43 updated - util-linux-2.39.3-150600.1.14 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 updated - curl-8.0.1-150600.10.1 updated - libapparmor1-3.1.7-150600.2.1 updated - libgmodule-2_0-0-2.78.3-150600.1.5 updated - libgobject-2_0-0-2.78.3-150600.1.5 updated - libkmod2-29-150600.11.2 updated - pam-config-1.1-150600.14.1 updated - release-notes-susemanager-proxy-5.0.0~beta1-150600.11.1 updated - selinux-tools-3.5-150600.1.44 updated - shared-mime-info-2.4-150600.1.1 updated - systemd-presets-common-SUSE-15-150600.25.1 updated - xz-5.4.6-150600.1.15 updated - libapr-util1-1.6.1-150600.25.1 updated - libopenssl1_1-1.1.1w-150600.1.7 updated - hwdata-0.378-150000.3.65.1 updated - apache2-utils-2.4.51-150600.12.2 updated - python3-base-3.6.15-150300.10.54.1 updated - libpython3_6m1_0-3.6.15-150300.10.54.1 updated - policycoreutils-3.5-150600.1.27 updated - systemd-254.9-150600.2.4 updated - libgio-2_0-0-2.78.3-150600.1.5 updated - glib2-tools-2.78.3-150600.1.5 updated - python3-3.6.15-150300.10.54.1 updated - girepository-1_0-1.78.1-150600.2.1 updated - libgirepository-1_0-1-1.78.1-150600.2.1 updated - python3-uyuni-common-libs-5.0.2-150600.1.40.1 updated - python3-rpm-4.14.3-150400.59.7.1 updated - python3-chardet-3.0.4-150000.5.3.1 updated - apache2-2.4.51-150600.12.2 updated - apache2-prefork-2.4.51-150600.12.2 updated - python3-libxml2-2.10.3-150500.5.14.1 updated - python3-rhnlib-5.0.2-150600.3.44.1 updated - spacewalk-backend-5.0.4-150600.3.40.17 updated - python3-spacewalk-client-tools-5.0.3-150600.3.87.17 updated - spacewalk-client-tools-5.0.3-150600.3.87.17 updated - spacewalk-proxy-package-manager-5.0.1-150600.1.2 updated - spacewalk-proxy-common-5.0.1-150600.1.2 updated - spacewalk-proxy-broker-5.0.1-150600.1.2 updated - spacewalk-proxy-redirect-5.0.1-150600.1.2 updated - container:sles15-image-15.0.0-44.47 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 removed - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Tue Mar 5 08:04:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 Mar 2024 09:04:47 +0100 (CET) Subject: SUSE-CU-2024:801-1: Security update of suse/manager/5.0/x86_64/proxy-salt-broker Message-ID: <20240305080447.504FDF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:801-1 Container Tags : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.0-beta1 , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.0-beta1.2.92 , suse/manager/5.0/x86_64/proxy-salt-broker:latest Container Release : 2.92 Severity : important Type : security References : 1107342 1133277 1182659 1203378 1208794 1210638 1212180 1212182 1214148 1215334 1215434 1215698 1217000 1218475 1218571 1218571 1218782 1218831 1219238 1219442 1219576 CVE-2023-27043 CVE-2023-32731 CVE-2023-32732 CVE-2023-33953 CVE-2023-44487 CVE-2023-4785 CVE-2023-7207 CVE-2023-7207 CVE-2024-22365 CVE-2024-25062 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:238-1 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Thu Feb 1 17:33:38 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:480-1 Released: Thu Feb 15 12:35:51 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:555-1 Released: Tue Feb 20 17:22:17 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:573-1 Released: Wed Feb 21 09:36:59 2024 Summary: Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 Type: security Severity: moderate References: 1133277,1182659,1203378,1208794,1212180,1212182,1214148,1215334,CVE-2023-32731,CVE-2023-32732,CVE-2023-33953,CVE-2023-44487,CVE-2023-4785 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: * Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target. Update to 20230125.3 Details can be found on: https://github.com/abseil/abseil-cpp/releases/tag/20230125.3 Update to 20230125.2 What's New: The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI. Breaking Changes: Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future. Known Issues The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released. Update to version 20220623.0 What's New: * Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional. Breaking Changes: * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency. Other: * This will be the last release to support C++11. Future releases will require at least C++14. grpc was updated to 1.60: Update to release 1.60 * Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var. * Support for setting proxy for addresses. * Add v1 reflection. update to 1.59.3: * Security - Revocation: Crl backport to 1.59. (#34926) Update to release 1.59.2 * Fixes for CVE-2023-44487 Update to version 1.59.1: * C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552). Update to version 1.59.0: * xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435). * c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185). * Deps: Adding upb as a submodule (gh#grpc/grpc#34199). * EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167). * csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137). * Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198). Update to release 1.58.1 * Reintroduced c-ares 1.14 or later support Update to release 1.58 * ruby extension: remove unnecessary background thread startup wait logic that interferes with forking Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * EventEngine: Change GetDNSResolver to return absl::StatusOr>. * Improve server handling of file descriptor exhaustion. * Add a channel argument to set DSCP on streams. Update to release 1.56.2 * Improve server handling of file descriptor exhaustion Update to release 1.56.0 (CVE-2023-32731, bsc#1212180) * core: Add support for vsock transport. * EventEngine: Change TXT lookup result type to std::vector. * C++/Authz: support customizable audit functionality for authorization policy. Update to release 1.54.1 * Bring declarations and definitions to be in sync Update to release 1.54 (CVE-2023-32732, bsc#1212182) * XDS: enable XDS federation by default * TlsCreds: Support revocation of intermediate in chain Update to release 1.51.1 * Only a macOS/aarch64-related change Update to release 1.51 * c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. * Remove support for pthread TLS Update to release 1.50.0 * Core - Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert 'Revert '[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)' (#30991)'. (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623) * C++ - OpenCensus Plugin: Add measure and views for started RPCs. (#31034) * C# - Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410) Update to release 1.49.1 * All - Update protobuf to v21.6 on 1.49.x. (#31028) * Ruby - Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053) Update to release 1.49.0 * Core - Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220) * Python - Add type stub generation support to grpcio-tools. (#30498) Update to release 1.48.1 * Backport EventEngine Forkables Update to release 1.48.0 * C++14 is now required * xDS: Workaround to get gRPC clients working with istio Update to release 1.46.3 * backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727 Update to release 1.46 * Added HTTP/1.1 support in httpcli * HTTP2: Add graceful goaway Update to release 1.45.2 * Various fixes related to XDS * HTTP2: Should not run cancelling logic on servers when receiving GOAWAY Update to release 1.45.1 * Switched to epoll1 as a default polling engine for Linux Update to version 1.45.0: * Core: - Backport 'Include ADS stream error in XDS error updates (#29014)' to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568]. * C++ - Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407]. Update to release 1.44.0 * Add a trace to list which filters are contained in a channel stack. * Remove grpc_httpcli_context. * xDS: Add support for RBAC HTTP filter. * API to cancel grpc_resolve_address. Update to version 1.43.2: * Fix google-c2p-experimental issue (gh#grpc/grpc#28692). Changes from version 1.43.0: * Core: - Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906). * C++: - OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948). * [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887). - Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number. Update to release 1.41.0 * xDS: Remove environmental variable guard for security. * xDS Security: Use new way to fetch certificate provider plugin instance config. * xDS server serving status: Use a struct to allow more fields to be added in the future. Update to release 1.39.1 * Fix C# protoc plugin argument parsing on 1.39.x Update to version 1.39.0: * Core - Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331). * C++ - New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728). * PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156). * Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268). Update to release 1.38.0 * Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. * Fix use-after-unref bug in fault_injection_filter * New gRPC EventEngine Interface * Allow the AWS_DEFAULT_REGION environment variable * s/OnServingStatusChange/OnServingStatusUpdate/ Update to release 1.37.1 * Use URI form of address for channelz listen node * Implementation CSDS (xDS Config Dump) * xDS status notifier * Remove CAS loops in global subchannel pool and simplify subchannel refcounting Update to release 1.36.4 * A fix for DNS SRV lookups on Windows Update to 1.36.1: * Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver * C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API * PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings * Python: * Implement Python Client and Server xDS Creds Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). * Backport 'do not use true on non-windows' to 1.34.x (gh#grpc/grpc#24995). Update to version 1.34.0: * Core: - Protect xds security code with the environment variable 'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT' (gh#grpc/grpc#24782). - Add support for 'unix-abstract:' URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert 'Revert 'Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS'' (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381). * C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362). Update to release 1.33.2 * Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS. * Expose Cronet error message to the application layer. * Remove grpc_channel_ping from surface API. * Do not send BDP pings if there is no receive side activity. Update to version 1.33.1 * Core - Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997). * C++ - Makefile: only support building deps from submodule (gh#grpc/grpc#23957). - Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb. Update to version 1.32.0: * Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in 'target uri is not valid' error messages (gh#grpc/grpc#23782). - Fix 'cannot send compressed message large than 1024B' in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281). * C++ - Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557). opencensus-proto was updated to 0.3.0+git.20200721: - Update to version 0.3.0+git.20200721: * Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216) - Update to version 0.2.1+git.20190826: * Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209) - Update to version 0.2.1: * Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert 'Start 0.3.0 development cycle (#167)' (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60) - Initial version 20180523 protobuf was updated to 25.1: update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split('/') returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 update to 23.3: C++: * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp: * [C#] Replace regex that validates descriptor names update to 22.5: C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) update to 22.4: C++: * Fix libprotoc: export useful symbols from .so Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 update to v22.3 UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest update to 22.2: Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files update to 22.1: * Add visibility of plugin.proto to python directory * Strip 'src' from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 update to v21.12: * Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. update to 21.11: * Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) update to 21.10:: * Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private 'parsing constructor' to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. update to 21.6: C++: * Reduce memory consumption of MessageSet parsing update to 21.5: PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python: * Fixed comparison of maps in Python. - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061) Update to 21.2: - C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java: - Update protobuf_version.bzl to separate protoc and per-language java ??? (#9900) - Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Update to 3.20.1: - PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0 - Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert 'Standardize on Array copyOf' (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)??? - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add 'ensure_ascii' parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568) - update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. - Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10 - Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on 'new' buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557) Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461) Update to 3.15.7: C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) update to 3.15.6: Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have 'has' methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include '|null'. (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have 'has' methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) - Updated URL to https://github.com/protocolbuffers/protobuf Update to v3.14.0 Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support '\u' escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for '==' to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked 'explicit' (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named 'async' or 'await'. * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span` type internally * Add `ParseFrom(ReadOnlySequence)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter` or to a `Span` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the 'optional' field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an 'optional' label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call 'Class#new' over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations - Install LICENSE - Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka 'cpp api v2') that replaces the old ('cpp api v1') one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it python-abseil was udpated: version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object. version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`. Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward. - Release notes for 0.15.0 * (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+. - Release notes for 0.14.1 * Top-level LICENSE file is now exported in bazel. - Release notes for 0.14.0 * #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main. - Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast. - Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument. - Add Provides python-absl-py python-grpcuio was updated: - Update to version 1.60.0: * No python specfic changes. - Update to version 1.59.2: * No python specific changes. - Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186). - Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797). - Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974). - Build with LTO (don't set _lto_cflags to %nil). - No need to pass '-std=c++17' to build CFLAGS. - Update to version 1.56.2: * [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667) - Switch build to pip/wheel. - Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE) - Upstream only supports python >= 3.7, so adjust BuildRequires accordingly. - Add %{?sle15_python_module_pythons} - Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475). - Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319). - Drop Requires: python-six; not required any more. - Switch Suggests to Recommends. - Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497). - Update to version 1.51.1: * No Linux specific changes. - Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113). - Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818]. - Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498) - Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795]. - update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes. - Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert 'Fix prefork handler register's default behavior' [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873]. - Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604]. - Build with system re2; add BuildRequires: pkgconfig(re2). - Update to version 1.44.0: * Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103). - Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958). - update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core. - Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090). - Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058). - Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436). - Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package 'xds_protos' (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814). - Update to version 1.37.1: * No user visible changes. - Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394). - Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569). - Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package - Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). - Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356). - Update to version 1.33.2: * [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574). - Update to version 1.33.1: * [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098). Added re2 package in version 2024-02-01. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:581-1 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Type: security Severity: moderate References: 1210638,CVE-2023-27043 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.88 updated - crypto-policies-20230920.570ea89-150600.1.8 updated - libldap-data-2.4.46-150600.23.4 updated - libsemanage-conf-3.5-150600.1.47 updated - libssh-config-0.9.8-150600.8.1 updated - glibc-2.38-150600.5.2 updated - libuuid1-2.39.3-150600.1.14 updated - libsmartcols1-2.39.3-150600.1.14 updated - libsepol2-3.5-150600.1.47 updated - libsasl2-3-2.1.28-150600.5.1 updated - libpcre2-8-0-10.42-150600.1.24 updated - libnghttp2-14-1.40.0-150600.22.1 updated - liblzma5-5.4.6-150600.1.15 updated - libfa1-1.14.1-150600.1.1 added - libcom_err2-1.47.0-150600.2.24 updated - libblkid1-2.39.3-150600.1.14 updated - libselinux1-3.5-150600.1.44 updated - libglib-2_0-0-2.78.3-150600.1.5 updated - libgcrypt20-1.10.3-150600.1.7 updated - libfdisk1-2.39.3-150600.1.14 updated - libmount1-2.39.3-150600.1.14 updated - libxml2-2-2.10.3-150500.5.14.1 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 added - libprotobuf-lite25_1_0-25.1-150400.9.3.1 added - libopenssl3-3.1.4-150600.1.11 added - libaugeas0-1.14.1-150600.1.1 updated - libudev1-254.9-150600.2.4 updated - libsystemd0-254.9-150600.2.4 updated - libsemanage2-3.5-150600.1.47 updated - login_defs-4.8.1-150600.15.43 updated - libcrack2-2.9.11-150600.1.88 updated - cracklib-2.9.11-150600.1.88 updated - libzck1-1.1.16-150600.9.1 updated - libopenssl-3-fips-provider-3.1.4-150600.1.11 added - libldap-2_4-2-2.4.46-150600.23.4 updated - krb5-1.20.1-150600.8.3 updated - patterns-base-fips-20200124-150600.29.1 updated - libssh4-0.9.8-150600.8.1 updated - cpio-2.13-150400.3.6.1 updated - libcurl4-8.0.1-150600.10.1 updated - sles-release-15.6-150600.26.1 updated - gpg2-2.4.4-150600.1.2 updated - libgpgme11-1.23.0-150600.1.20 updated - libsolv-tools-0.7.28-150400.3.16.2 updated - pam-1.3.0-150000.6.66.1 updated - libzypp-17.31.31-150600.8.2 updated - shadow-4.8.1-150600.15.43 updated - util-linux-2.39.3-150600.1.14 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 updated - curl-8.0.1-150600.10.1 updated - openssl-3.1.4-150600.1.17 added - openssl-3-3.1.4-150600.1.11 added - libopenssl1_1-1.1.1w-150600.1.7 updated - libpython3_6m1_0-3.6.15-150300.10.54.1 updated - python3-base-3.6.15-150300.10.54.1 updated - python3-3.6.15-150300.10.54.1 updated - container:sles15-image-15.0.0-44.47 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 removed - libprotobuf-lite20-3.9.2-150200.4.21.1 removed - openssl-1_1-1.1.1l-150500.17.22.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 08:01:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 09:01:04 +0100 (CET) Subject: SUSE-IU-2024:271-1: Security update of suse-sles-15-sp5-chost-byos-v20240307-x86_64-gen2 Message-ID: <20240311080104.372A2F7A4@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240307-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:271-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240307-x86_64-gen2:20240307 Image Release : Severity : important Type : security References : 1065729 1108281 1141539 1174649 1181674 1193285 1194869 1209834 1210443 1210638 1211515 1211886 1212091 1214377 1215275 1215698 1215885 1216441 1216559 1216702 1216752 1217102 1217895 1217987 1217988 1217989 1218005 1218215 1218447 1218494 1218527 1218659 1218689 1218713 1218723 1218730 1218752 1218757 1218762 1218763 1218768 1218778 1218779 1218782 1218804 1218831 1218832 1218836 1218862 1218865 1218894 1218916 1218948 1218958 1218968 1218997 1219006 1219012 1219013 1219014 1219026 1219053 1219067 1219120 1219123 1219128 1219136 1219189 1219243 1219267 1219268 1219285 1219349 1219412 1219425 1219429 1219434 1219438 1219442 1219490 1219512 1219568 1219576 1219582 1219608 1219823 1219826 1219851 1219852 1219853 1219854 1220385 1220389 CVE-2021-33631 CVE-2023-27043 CVE-2023-42465 CVE-2023-4408 CVE-2023-46838 CVE-2023-47233 CVE-2023-4921 CVE-2023-50387 CVE-2023-50868 CVE-2023-51042 CVE-2023-51043 CVE-2023-51385 CVE-2023-51780 CVE-2023-51782 CVE-2023-5517 CVE-2023-5679 CVE-2023-6040 CVE-2023-6356 CVE-2023-6516 CVE-2023-6531 CVE-2023-6535 CVE-2023-6536 CVE-2023-6915 CVE-2024-0340 CVE-2024-0553 CVE-2024-0565 CVE-2024-0567 CVE-2024-0641 CVE-2024-0727 CVE-2024-0775 CVE-2024-1085 CVE-2024-1086 CVE-2024-21626 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24860 CVE-2024-25062 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240307-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:456-1 Released: Tue Feb 13 11:03:03 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: This update for grub2 fixes the following issues: - Fix missing grub2 exporters on Leap ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:459-1 Released: Tue Feb 13 15:28:56 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:480-1 Released: Thu Feb 15 12:35:51 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:516-1 Released: Thu Feb 15 16:04:34 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1108281,1141539,1174649,1181674,1193285,1194869,1209834,1210443,1211515,1212091,1214377,1215275,1215885,1216441,1216559,1216702,1217895,1217987,1217988,1217989,1218005,1218447,1218527,1218659,1218689,1218713,1218723,1218730,1218752,1218757,1218768,1218778,1218779,1218804,1218832,1218836,1218916,1218948,1218958,1218968,1218997,1219006,1219012,1219013,1219014,1219053,1219067,1219120,1219128,1219136,1219285,1219349,1219412,1219429,1219434,1219490,1219512,1219568,1219582,1219608,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-4921,CVE-2023-51042,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6531,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0340,CVE-2024-0565,CVE-2024-0641,CVE-2024-0775,CVE-2024-1085,CVE-2024-1086,CVE-2024-24860 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429). - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608). The following non-security bugs were fixed: - Documentation: RAS: Add index and address translation section (jsc#PED-7618). - ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes). - ACPI: LPSS: Fix the fractional clock divider flags (git-fixes). - ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377) - ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (git-fixes). - ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377) - ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes). - ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377) - ACPI: video: check for error while searching for backlight device parent (git-fixes). - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-fixes). - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes). - ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook (git-fixes). - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (git-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes). - ALSA: hda: Refer to correct stream index at loops (git-fixes). - ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-fixes). - ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes). - ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes). - ASoC: Intel: Skylake: mem leak in skl register function (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-fixes). - ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes). - ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136). - ASoC: amd: Add check for acp config flags (bsc#1219136). - ASoC: amd: Add new dmi entries to config entry (bsc#1219136). - ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136). - ASoC: amd: Drop empty platform remove function (bsc#1219136). - ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136). - ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes). - ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (bsc#1219136). - ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller (bsc#1219136). - ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136). - ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136). - ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (bsc#1219136). - ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes). - ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136). - ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver (bsc#1219136). - ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136). - ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136). - ASoC: amd: acp: Initialize list to store acp_stream during pcm_open (bsc#1219136). - ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136). - ASoC: amd: acp: Refactor bit width calculation (bsc#1219136). - ASoC: amd: acp: Refactor dai format implementation (bsc#1219136). - ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136). - ASoC: amd: acp: add a label to make error path more clean (bsc#1219136). - ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform (bsc#1219136). - ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136). - ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136). - ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136). - ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136). - ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136). - ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols (bsc#1219136). - ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136). - ASoC: amd: acp: move pdm macros to common header file (bsc#1219136). - ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136). - ASoC: amd: acp: rembrandt: Drop if blocks with always false condition (bsc#1219136). - ASoC: amd: acp: remove acp poweroff function (bsc#1219136). - ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions (bsc#1219136). - ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136). - ASoC: amd: acp: store platform device reference created in pci probe call (bsc#1219136). - ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136). - ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136). - ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136). - ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136). - ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc() (bsc#1219136). - ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136). - ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136). - ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136). - ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136). - ASoC: amd: add acp6.2 irq handler (bsc#1219136). - ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136). - ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver (bsc#1219136). - ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136). - ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136). - ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136). - ASoC: amd: fix ACP version typo mistake (bsc#1219136). - ASoC: amd: fix spelling mistake: 'i.e' -> 'i.e.' (bsc#1219136). - ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs() (bsc#1219136). - ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136). - ASoC: amd: ps: Update copyright notice (bsc#1219136). - ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136). - ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136). - ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136). - ASoC: amd: ps: move irq handler registration (bsc#1219136). - ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136). - ASoC: amd: ps: refactor platform device creation logic (bsc#1219136). - ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136). - ASoC: amd: ps: remove unused variable (bsc#1219136). - ASoC: amd: ps: update dev index value in irq handler (bsc#1219136). - ASoC: amd: ps: update macros with ps platform naming convention (bsc#1219136). - ASoC: amd: ps: update the acp clock source (bsc#1219136). - ASoC: amd: ps: use acp_lock to protect common registers in pdm driver (bsc#1219136). - ASoC: amd: ps: use static function (bsc#1219136). - ASoC: amd: renoir: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: update pm_runtime enable sequence (bsc#1219136). - ASoC: amd: vangogh: Add check for acp config flags in vangogh platform (bsc#1219136). - ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136). - ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136). - ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136). - ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136). - ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136). - ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136). - ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) (bsc#1219136). - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136). - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136). - ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136). - ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136). - ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1219136). - ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table (bsc#1219136). - ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136). - ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136). - ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136). - ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks (bsc#1219136). - ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes). - ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes). - ASoC: codecs: wcd938x: handle deferred probe (git-fixes). - ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes). - ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes). - ASoC: cs43130: Fix the position of const qualifier (git-fixes). - ASoC: da7219: Support low DC impedance headset (git-fixes). - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (git-fixes). - ASoC: ops: add correct range check for limiting volume (git-fixes). - ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes). - ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes). - ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes). - ASoC: wm8974: Correct boost mixer inputs (git-fixes). - Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136). - Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes). - Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes). - Documentation: Begin a RAS section (jsc#PED-7622). - EDAC/amd64: Add MI300 row retirement support (jsc#PED-7618). - EDAC/amd64: Add context struct (jsc#PED-7615). - EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615). - EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616). - EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615). - EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622). - EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615). - EDAC/amd64: Cache and use GPU node map (jsc#PED-7616). - EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615). - EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616). - EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615). - EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615). - EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615). - EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615). - EDAC/amd64: Remove early_channel_count() (jsc#PED-7615). - EDAC/amd64: Remove module version string (jsc#PED-7615). - EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615). - EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615). - EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615). - EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615). - EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Use new AMD Address Translation Library (jsc#PED-7618). - EDAC/mc: Add new HBM2 memory type (jsc#PED-7616). - EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622). - EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622). - EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes). - HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes). - HID: wacom: Correct behavior when processing some confidence == false touches (git-fixes). - IB/iser: Prevent invalidating wrong MR (git-fixes) - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (git-fixes). - Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes). - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-fixes). - Input: atkbd - use ab83 as id when skipping the getid command (git-fixes). - Input: bcm5974 - check endpoint type before starting traffic (git-fixes). - Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes). - Input: xpad - add Razer Wolverine V2 support (git-fixes). - KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes). - KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1218997). - KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322). - Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281). - PCI/AER: Configure ECRC only if AER is native (bsc#1218778) - PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes). - PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes). - PCI: keystone: Fix race condition when initializing PHYs (git-fixes). - PM: hibernate: Enforce ordering during image compression/decompression (git-fixes). - RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (jsc#PED-7618). - RAS/AMD/ATL: Add MI300 support (jsc#PED-7618). - RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (jsc#PED-7618). - RAS: Introduce AMD Address Translation Library (jsc#PED-7618). - RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes) - RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes) - RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes) - RDMA/irdma: Add wait for suspend on SQD (git-fixes) - RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes) - RDMA/irdma: Do not modify to SQD on error (git-fixes) - RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes) - RDMA/irdma: Refactor error handling in create CQP (git-fixes) - RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes) - RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes) - RDMA/rtrs-clt: Start hb after path_up (git-fixes) - RDMA/rtrs-srv: Check return values while processing info request (git-fixes) - RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes) - RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes) - RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes) - RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes) - USB: xhci: workaround for grace period (git-fixes). - Update config files: enable ASoC AMD PS drivers (bsc#1219136) - Update patch reference for ax88179 fix (bsc#1218948) - acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-fixes). - aio: fix mremap after fork null-deref (git-fixes). - apparmor: avoid crash when parsed profile name is empty (git-fixes). - arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729) - arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps PLACEHOLDER_4 for HAS_ECV. - arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729) - arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes) - arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes) - arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes) - arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes) - arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes) - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes) - arm64: module: move find_section to header (jsc#PED-4729) - arm64: vdso: Fix 'no previous prototype' warning (jsc#PED-4729) - arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729) - arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729) - asix: Add check for usbnet_get_endpoints (git-fixes). - attr: block mode changes of symlinks (git-fixes). - badblocks: add helper routines for badblock ranges handling (bsc#1174649). - badblocks: add more helper structure and routines in badblocks.h (bsc#1174649). - badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649). - badblocks: improve badblocks_check() for multiple ranges handling (bsc#1174649). - badblocks: improve badblocks_clear() for multiple ranges handling (bsc#1174649). - badblocks: improve badblocks_set() for multiple ranges handling (bsc#1174649). - badblocks: switch to the improved badblock handling code (bsc#1174649). - bpf: Limit the number of kprobes when attaching program to multiple kprobes (git-fixes). - bus: mhi: host: Add alignment check for event ring read pointer (git-fixes). - bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-fixes). - bus: mhi: host: Drop chan lock before queuing buffers (git-fixes). - ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568). - clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes). - clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes). - clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes). - clk: samsung: Fix kernel-doc comments (git-fixes). - clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-fixes). - clk: zynqmp: Add a check for NULL pointer (git-fixes). - clk: zynqmp: make bestdiv unsigned (git-fixes). - clocksource: Skip watchdog check for large watchdog intervals (git-fixes). - clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885). - coresight: etm4x: Add ACPI support in platform driver (bsc#1218779) - coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779) - coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779) - coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779) - coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779) - coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779) - coresight: platform: acpi: Ignore the absence of graph (bsc#1218779) - crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes). - crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes). - crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes). - crypto: sahara - do not resize req->src when doing hash operations (git-fixes). - crypto: sahara - fix ahash reqsize (git-fixes). - crypto: sahara - fix ahash selftest failure (git-fixes). - crypto: sahara - fix cbc selftest failure (git-fixes). - crypto: sahara - fix processing hash requests with req->nbytes < sg->length (git-fixes). - crypto: sahara - fix processing requests with cryptlen < sg->length (git-fixes). - crypto: sahara - fix wait_for_completion_timeout() error handling (git-fixes). - crypto: sahara - handle zero-length aes requests (git-fixes). - crypto: sahara - improve error handling in sahara_sha_process() (git-fixes). - crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes). - crypto: scomp - fix req->dst buffer overflow (git-fixes). - dma-debug: fix kernel-doc warnings (git-fixes). - dmaengine: fix NULL pointer in channel unregistration function (git-fixes). - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-fixes). - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes). - dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes). - dmaengine: ti: k3-udma: Report short packet errors (git-fixes). - doc/README.KSYMS: Add to repo. - docs: Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes). - drivers: clk: zynqmp: calculate closest mux rate (git-fixes). - drivers: clk: zynqmp: update divider round rate logic (git-fixes). - drm/amd/display: Fix tiled display misalignment (git-fixes). - drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-fixes). - drm/amd/display: add nv12 bounding box (git-fixes). - drm/amd/display: get dprefclk ss info from integration info table (git-fixes). - drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes). - drm/amd/display: pbn_div need be updated for hotplug event (git-fixes). - drm/amd/display: update dcn315 lpddr pstate latency (git-fixes). - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes). - drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-fixes). - drm/amd/pm: fix a double-free in si_dpm_init (git-fixes). - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (git-fixes). - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes). - drm/amdgpu/pm: Fix the power source flag error (git-fixes). - drm/amdgpu: Add NULL checks for function pointers (git-fixes). - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes). - drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' (git-fixes). - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (git-fixes). - drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes). - drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-fixes). - drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' (git-fixes). - drm/amdgpu: Let KFD sync with VM fences (git-fixes). - drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (git-fixes). - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-fixes). - drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes). - drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (git-fixes). - drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (git-fixes). - drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-fixes). - drm/amdkfd: Fix lock dependency warning (git-fixes). - drm/amdkfd: Fix lock dependency warning with srcu (git-fixes). - drm/amdkfd: Use resource_size() helper function (git-fixes). - drm/amdkfd: fixes for HMM mem allocation (git-fixes). - drm/bridge: Fix typo in post_disable() description (git-fixes). - drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes). - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes). - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes). - drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes). - drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (git-fixes). - drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (git-fixes). - drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-fixes). - drm/bridge: tc358767: Fix return value on error case (git-fixes). - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (git-fixes). - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes). - drm/crtc: fix uninitialized variable use (git-fixes). - drm/drv: propagate errors from drm_modeset_register_all() (git-fixes). - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-fixes). - drm/exynos: fix a potential error pointer dereference (git-fixes). - drm/exynos: fix a wrong error checking (git-fixes). - drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes). - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-fixes). - drm/framebuffer: Fix use of uninitialized variable (git-fixes). - drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-fixes). - drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr() (git-fixes). - drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes). - drm/msm/dpu: Set input_sel bit for INTF (git-fixes). - drm/msm/dpu: fix writeback programming for YUV cases (git-fixes). - drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality (git-fixes). - drm/msm/dsi: Enable runtime PM (git-fixes). - drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-fixes). - drm/msm/mdp4: flush vblank event on disable (git-fixes). - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-fixes). - drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes). - drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes). - drm/panel: nt35510: fix typo (git-fixes). - drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-fixes). - drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-fixes). - drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes). - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-fixes). - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-fixes). - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-fixes). - drm/radeon: check return value of radeon_ring_lock() (git-fixes). - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (git-fixes). - drm/tidss: Check for K2G in in dispc_softreset() (git-fixes). - drm/tidss: Fix atomic_flush check (git-fixes). - drm/tidss: Fix dss reset (git-fixes). - drm/tidss: Move reset to the end of dispc_init() (git-fixes). - drm/tidss: Return error value from from softreset (git-fixes). - drm/tilcdc: Fix irq free on unload (git-fixes). - drm: Do not unref the same fb many times by mistake due to deadlock handling (git-fixes). - drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-fixes). - drm: using mul_u32_u32() requires linux/math64.h (git-fixes). - dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694) - efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes). - eventfd: prevent underflow for eventfd semaphores (git-fixes). - exfat: fix reporting fs error when reading dir beyond EOF (git-fixes). - exfat: support handle zero-size directory (git-fixes). - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes). - fbdev: Only disable sysfb on the primary device (bsc#1216441) - fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an existing patch to fix bsc#1216441. - fbdev: flush deferred IO before closing (git-fixes). - fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes). - fbdev: imxfb: fix left margin setting (git-fixes). - fbdev: mmp: Fix typo and wording in code comment (git-fixes). - firewire: core: correct documentation of fw_csr_string() kernel API (git-fixes). - firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (git-fixes). - firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes). - fjes: fix memleaks in fjes_hw_setup (git-fixes). - fs/mount_setattr: always cleanup mount_kattr (git-fixes). - fs: Fix error checking for d_hash_and_lookup() (git-fixes). - fs: Move notify_change permission checks into may_setattr (git-fixes). - fs: do not audit the capability check in simple_xattr_list() (git-fixes). - fs: drop peer group ids under namespace lock (git-fixes). - fs: indicate request originates from old mount API (git-fixes). - fs: sendfile handles O_NONBLOCK of out_fd (git-fixes). - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659). - gfs2: Always check inode size of inline inodes (git-fixes). - gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes). - gfs2: Disable page faults during lockless buffered reads (git-fixes). - gfs2: Eliminate ip->i_gh (git-fixes). - gfs2: Eliminate vestigial HIF_FIRST (git-fixes). - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes). - gfs2: Introduce flag for glock holder auto-demotion (git-fixes). - gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes). - gfs2: Remove redundant check from gfs2_glock_dq (git-fixes). - gfs2: Switch to wait_event in gfs2_logd (git-fixes). - gfs2: assign rgrp glock before compute_bitstructs (git-fixes). - gfs2: low-memory forced flush fixes (git-fixes). - gfs2: release iopen glock early in evict (git-fixes). - gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes). - gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes). - hv_netvsc: rndis_filter needs to select NLS (git-fixes). - hwmon: (corsair-psu) Fix probe when built-in (git-fixes). - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes). - i2c: rk3x: fix potential spinlock recursion on poll (git-fixes). - i2c: s3c24xx: fix read transfers in polling mode (git-fixes). - i2c: s3c24xx: fix transferring more than one message in polling mode (git-fixes). - iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes). - iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes). - iio: adc: ad9467: do not ignore error codes (git-fixes). - iio: adc: ad9467: fix reset gpio handling (git-fixes). - ipmi: Use regspacings passed as a module parameter (git-fixes). - kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136) - kdb: Fix a potential buffer overflow in kdb_local() (git-fixes). - kernel-doc: handle a void function without producing a warning (git-fixes). - kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-fixes). - leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes). - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes). - libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-fixes). - md: fix bi_status reporting in md_end_clone_io (bsc#1210443). - media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes). - media: dt-bindings: ov8856: decouple lanes and link frequency from driver (git-fixes). - media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (git-fixes). - media: imx355: Enable runtime PM before registering async sub-device (git-fixes). - media: ov9734: Enable runtime PM before registering async sub-device (git-fixes). - media: pvrusb2: fix use after free on context disconnection (git-fixes). - media: rkisp1: Disable runtime PM in probe error path (git-fixes). - media: rkisp1: Fix media device memory leak (git-fixes). - media: rkisp1: Read the ID register at probe time instead of streamon (git-fixes). - media: videobuf2-dma-sg: fix vmap callback (git-fixes). - mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes). - misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes). - mm: fs: initialize fsdata passed to write_begin/write_end interface (git-fixes). - mmc: core: Cancel delayed work before releasing host (git-fixes). - modpost: move __attribute__((format(printf, 2, 3))) to modpost.h (git-fixes). - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes). - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-fixes). - mtd: rawnand: pl353: Fix kernel doc (git-fixes). - mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-fixes). - mtd: rawnand: rockchip: Rename a structure (git-fixes). - net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes). - net: usb: ax88179_178a: Bind only to vendor-specific interface (bsc#1218948). - net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948). - net: usb: ax88179_178a: move priv to driver_priv (git-fixes). - net: usb: ax88179_178a: remove redundant init code (git-fixes). - net: usb: ax88179_178a: restore state on resume (bsc#1218948). - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes). - nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349). - nfsd: fix RELEASE_LOCKOWNER (bsc#1218968). - nouveau/tu102: flush all pdbs on vmm flush (git-fixes). - nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes). - nsfs: add compat ioctl handler (git-fixes). - nvme-loop: always quiesce and cancel commands before destroying admin q (bsc#1211515). - nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes). - nvme-pci: fix sleeping function called from interrupt context (git-fixes). - nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-fixes). - nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515). - nvme: fix max_discard_sectors calculation (git-fixes). - nvme: introduce helper function to get ctrl state (git-fixes). - nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515). - nvme: start keep-alive after admin queue setup (bsc#1211515). - nvme: trace: avoid memcpy overflow warning (git-fixes). - nvmet: re-fix tracing strncpy() warning (git-fixes). - of: Fix double free in of_parse_phandle_with_args_map (git-fixes). - of: unittest: Fix of_count_phandle_with_args() expected value message (git-fixes). - parport: parport_serial: Add Brainboxes BAR details (git-fixes). - parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes). - pci: Drop PCI vmd patches that caused a regression (bsc#1218005) - perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958). - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (bsc#1218958). - perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (bsc#1219512). - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes). - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes). - pinctrl: intel: Revert 'Unexport intel_pinctrl_probe()' (git-fixes). - platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620). - platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620). - platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620). - platform/x86/amd/hsmp: improve the error log (jsc#PED-7620). - platform/x86: ISST: Reduce noise for missing numa information in logs (bsc#1219285). - platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620). - power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes). - power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes). - powerpc/fadump: reset dump area size if fadump memory reserve fails (bsc#1194869). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes). - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869). - powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes). - powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729). - powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1194869). - powerpc/pseries: fix potential memory leak in init_cpu_associativity() (bsc#1194869). - powerpc/xive: Fix endian conversion size (bsc#1194869). - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes). - pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes). - pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes). - pwm: stm32: Fix enable count for clk in .probe() (git-fixes). - pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes). - pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-fixes). - r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes). - r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-fixes). - ring-buffer/Documentation: Add documentation on buffer_percent file (git-fixes). - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (git-fixes). - s390/dasd: fix double module refcount decrement (bsc#1141539). - s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1219006). - s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012). - s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (git-fixes bsc#1219014). - s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (git-fixes bsc#1219013). - s390/vfio-ap: unpin pages on gisc registration failure (git-fixes bsc#1218723). - sched/isolation: add cpu_is_isolated() API (bsc#1217895). - scripts/kernel-doc: restore warning for Excess struct/union (git-fixes). - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes). - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes). - scsi: core: Always send batch on reset or error handling command (git-fixes). - scsi: fnic: Return error if vmalloc() failed (git-fixes). - scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes). - scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes). - scsi: hisi_sas: Fix warnings detected by sparse (git-fixes). - scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes). - scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes). - scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes). - scsi: hisi_sas: Replace with standard error code return value (git-fixes). - scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes). - scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-fixes). - scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (git-fixes). - scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097). - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097). - scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes). - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes). - scsi: lpfc: Change VMID driver load time parameters to read only (bsc#1219582). - scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (bsc#1219582). - scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (bsc#1219582). - scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582). - scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes). - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes). - scsi: mpt3sas: Fix an outdated comment (git-fixes). - scsi: mpt3sas: Fix in error path (git-fixes). - scsi: mpt3sas: Fix loop logic (bsc#1219067). - scsi: mpt3sas: Fix loop logic (git-fixes). - scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes). - scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (git-fixes). - scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes). - selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes). - serial: 8250: omap: Do not skip resource freeing if pm_runtime_resume_and_get() failed (git-fixes). - serial: core: Fix atomicity violation in uart_tiocmget (git-fixes). - serial: imx: Correct clock error message in function probe() (git-fixes). - serial: imx: fix tx statemachine deadlock (git-fixes). - serial: max310x: fail probe if clock crystal is unstable (git-fixes). - serial: max310x: improve crystal stable clock detection (git-fixes). - serial: max310x: set default value when reading clock ready bit (git-fixes). - serial: sc16is7xx: add check for unsupported SPI modes during probe (git-fixes). - serial: sc16is7xx: set safe default SPI clock frequency (git-fixes). - serial: sccnxp: Improve error message if regulator_disable() fails (git-fixes). - series.conf: the patch is not in git and breaks series_insert.py - shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-fixes). - software node: Let args be NULL in software_node_get_reference_args (git-fixes). - spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes). - swiotlb-xen: provide the 'max_mapping_size' method (git-fixes). - swiotlb: fix a braino in the alignment check fix (bsc#1216559). - swiotlb: fix slot alignment checks (bsc#1216559). - trace,smp: Add tracepoints around remotelly called functions (bsc#1217895). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes). - tracing: Add size check when printing trace_marker output (git-fixes). - tracing: Ensure visibility when inserting an element into tracing_map (git-fixes). - tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes). - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (git-fixes). - tracing: Increase trace array ref count on enable and filter files (bsc#1219490). - ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex (git-fixes). - ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted (git-fixes). - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-fixes). - uio: Fix use-after-free in uio_open (git-fixes). - usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-fixes). - usb: cdns3: fix uvc failure work since sg support enabled (git-fixes). - usb: chipidea: wait controller resume finished for wakeup irq (git-fixes). - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes). - usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes). - usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes). - usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes). - usb: otg numberpad exception (bsc#1218527). - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (git-fixes). - usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes). - usb: ucsi: Add missing ppm_lock (git-fixes). - usb: ucsi_acpi: Fix command completion handling (git-fixes). - usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-fixes). - usr/Kconfig: fix typos of 'its' (git-fixes). - vfs: make freeze_super abort when sync_filesystem returns error (git-fixes). - vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes). - virtio-mmio: fix memory leak of vm_dev (git-fixes). - virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes). - vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (git-fixes). - watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes). - watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes). - watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (git-fixes). - watchdog: set cdev owner before adding (git-fixes). - wifi: ath11k: Defer on rproc_get failure (git-fixes). - wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes). - wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes). - wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-fixes). - wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes). - wifi: libertas: stop selecting wext (git-fixes). - wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes). - wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-fixes). - wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes). - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes). - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-fixes). - wifi: rtlwifi: add calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-fixes). - wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes). - x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616). - x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622). - x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623). - x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622). - x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616). - x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615). - x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). - x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes). - x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown() (git-fixes). - x86/mce: Cleanup mce_usable_address() (jsc#PED-7623). - x86/mce: Define amd_mce_usable_address() (jsc#PED-7623). - xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes). - xen/events: fix delayed eoi list handling (git-fixes). - xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes). - xhci: cleanup xhci_hub_control port references (git-fixes). - xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes). - xhci: track port suspend state correctly in unsuccessful resume cases (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:534-1 Released: Tue Feb 20 08:48:52 2024 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1218762,1218763 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.9 (bsc#1218762, bsc#1218763) - Remove duplicate data collection for the plugin itself - Collect archive metering data when available - Query billing flavor status ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:549-1 Released: Tue Feb 20 17:05:52 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:555-1 Released: Tue Feb 20 17:22:17 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:564-1 Released: Wed Feb 21 07:18:18 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219425 This update for suseconnect-ng fixes the following issues: - Allow SUSEConnect on read write transactional systems (bsc#1219425) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:574-1 Released: Wed Feb 21 10:39:55 2024 Summary: Security update for bind Type: security Severity: important References: 1219823,1219826,1219851,1219852,1219853,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-5679,CVE-2023-6516 This update for bind fixes the following issues: Update to release 9.16.48: - CVE-2023-50387: Fixed a denial-of-service caused by DNS messages containing a lot of DNSSEC signatures (bsc#1219823). - CVE-2023-50868: Fixed a denial-of-service caused by NSEC3 closest encloser proof (bsc#1219826). - CVE-2023-4408: Fixed a denial-of-service caused by DNS messages with many different names (bsc#1219851). - CVE-2023-5517: Fixed a possible crash when nxdomain-redirect was enabled (bsc#1219852). - CVE-2023-5679: Fixed a possible crash when bad interaction between DNS64 and serve-stale, when both of these features are enabled (bsc#1219853). - CVE-2023-6516: Fixed excessive memory consumption when continuously trigger the cache database maintenance (bsc#1219854). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:581-1 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Type: security Severity: moderate References: 1210638,CVE-2023-27043 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:586-1 Released: Thu Feb 22 09:54:21 2024 Summary: Security update for docker Type: security Severity: important References: 1219267,1219268,1219438,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438). * CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268). * CVE-2024-23651: Fixed race condition in mount (bsc#1219267). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:588-1 Released: Thu Feb 22 10:06:31 2024 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1218494 This update for kdump fixes the following issues: - dracut: always create fstab, even if empty (bsc#1218494) - fix NOSPLIT option - Honor the KDUMP_VERBOSE setting in kdump-save ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:596-1 Released: Thu Feb 22 20:05:29 2024 Summary: Security update for openssh Type: security Severity: important References: 1218215,CVE-2023-51385 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:609-1 Released: Mon Feb 26 05:31:53 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1217102 This update for grub2 fixes the following issues: - Fix PowerPC grub slow loading time (bsc#1217102) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:638-1 Released: Tue Feb 27 10:36:11 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1218862,1218865,CVE-2024-0553,CVE-2024-0567 This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862). - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:794-1 Released: Thu Mar 7 10:33:17 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). The following package changes have been done: - bind-utils-9.16.48-150500.8.16.1 updated - docker-24.0.7_ce-150000.193.1 updated - grub2-i386-pc-2.06-150500.29.16.1 updated - grub2-x86_64-efi-2.06-150500.29.16.1 updated - grub2-2.06-150500.29.16.1 updated - hwdata-0.378-150000.3.65.1 updated - kdump-1.0.2+git45.g7e4faf4-150500.3.3.1 updated - kernel-default-5.14.21-150500.55.49.1 updated - libgnutls30-3.7.3-150400.4.41.3 updated - libopenssl1_1-1.1.1l-150500.17.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.54.1 updated - libsolv-tools-0.7.28-150400.3.16.2 updated - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - libxml2-2-2.10.3-150500.5.14.1 updated - libzypp-17.31.31-150400.3.52.2 updated - netcfg-11.6-150000.3.6.1 updated - openssh-clients-8.4p1-150300.3.30.1 updated - openssh-common-8.4p1-150300.3.30.1 updated - openssh-server-8.4p1-150300.3.30.1 updated - openssh-8.4p1-150300.3.30.1 updated - openssl-1_1-1.1.1l-150500.17.25.1 updated - python3-base-3.6.15-150300.10.54.1 updated - python3-bind-9.16.48-150500.8.16.1 updated - python3-3.6.15-150300.10.54.1 updated - rpm-ndb-4.14.3-150400.59.7.1 updated - runc-1.1.12-150000.61.2 updated - sudo-1.9.12p1-150500.7.7.1 updated - supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 updated - suse-build-key-12.0-150000.8.43.1 updated - suseconnect-ng-1.7.0~git0.5338270-150500.3.15.1 updated - timezone-2024a-150000.75.28.1 updated From sle-container-updates at lists.suse.com Mon Mar 11 08:01:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 09:01:08 +0100 (CET) Subject: SUSE-IU-2024:272-1: Security update of suse-sles-15-sp5-chost-byos-v20240307-hvm-ssd-x86_64 Message-ID: <20240311080108.14596F7A4@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240307-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:272-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240307-hvm-ssd-x86_64:20240307 Image Release : Severity : important Type : security References : 1065729 1108281 1141539 1174649 1181674 1193285 1194869 1209834 1210443 1210638 1211515 1211886 1212091 1214377 1215275 1215698 1215885 1216441 1216559 1216702 1216752 1217102 1217895 1217987 1217988 1217989 1218005 1218215 1218447 1218494 1218527 1218659 1218689 1218713 1218723 1218730 1218752 1218757 1218762 1218763 1218768 1218778 1218779 1218782 1218804 1218831 1218832 1218836 1218862 1218865 1218894 1218916 1218948 1218958 1218968 1218997 1219006 1219012 1219013 1219014 1219026 1219053 1219067 1219120 1219123 1219128 1219136 1219189 1219243 1219267 1219268 1219285 1219349 1219412 1219425 1219429 1219434 1219438 1219442 1219490 1219512 1219568 1219576 1219582 1219608 1219823 1219826 1219851 1219852 1219853 1219854 1220385 1220389 CVE-2021-33631 CVE-2023-27043 CVE-2023-42465 CVE-2023-4408 CVE-2023-46838 CVE-2023-47233 CVE-2023-4921 CVE-2023-50387 CVE-2023-50868 CVE-2023-51042 CVE-2023-51043 CVE-2023-51385 CVE-2023-51780 CVE-2023-51782 CVE-2023-5517 CVE-2023-5679 CVE-2023-6040 CVE-2023-6356 CVE-2023-6516 CVE-2023-6531 CVE-2023-6535 CVE-2023-6536 CVE-2023-6915 CVE-2024-0340 CVE-2024-0553 CVE-2024-0565 CVE-2024-0567 CVE-2024-0641 CVE-2024-0727 CVE-2024-0775 CVE-2024-1085 CVE-2024-1086 CVE-2024-21626 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24860 CVE-2024-25062 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240307-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:456-1 Released: Tue Feb 13 11:03:03 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: This update for grub2 fixes the following issues: - Fix missing grub2 exporters on Leap ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:459-1 Released: Tue Feb 13 15:28:56 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:480-1 Released: Thu Feb 15 12:35:51 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:516-1 Released: Thu Feb 15 16:04:34 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1108281,1141539,1174649,1181674,1193285,1194869,1209834,1210443,1211515,1212091,1214377,1215275,1215885,1216441,1216559,1216702,1217895,1217987,1217988,1217989,1218005,1218447,1218527,1218659,1218689,1218713,1218723,1218730,1218752,1218757,1218768,1218778,1218779,1218804,1218832,1218836,1218916,1218948,1218958,1218968,1218997,1219006,1219012,1219013,1219014,1219053,1219067,1219120,1219128,1219136,1219285,1219349,1219412,1219429,1219434,1219490,1219512,1219568,1219582,1219608,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-4921,CVE-2023-51042,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6531,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0340,CVE-2024-0565,CVE-2024-0641,CVE-2024-0775,CVE-2024-1085,CVE-2024-1086,CVE-2024-24860 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429). - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608). The following non-security bugs were fixed: - Documentation: RAS: Add index and address translation section (jsc#PED-7618). - ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes). - ACPI: LPSS: Fix the fractional clock divider flags (git-fixes). - ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377) - ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (git-fixes). - ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377) - ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes). - ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377) - ACPI: video: check for error while searching for backlight device parent (git-fixes). - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-fixes). - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes). - ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook (git-fixes). - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (git-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes). - ALSA: hda: Refer to correct stream index at loops (git-fixes). - ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-fixes). - ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes). - ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes). - ASoC: Intel: Skylake: mem leak in skl register function (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-fixes). - ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes). - ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136). - ASoC: amd: Add check for acp config flags (bsc#1219136). - ASoC: amd: Add new dmi entries to config entry (bsc#1219136). - ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136). - ASoC: amd: Drop empty platform remove function (bsc#1219136). - ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136). - ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes). - ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (bsc#1219136). - ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller (bsc#1219136). - ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136). - ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136). - ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (bsc#1219136). - ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes). - ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136). - ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver (bsc#1219136). - ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136). - ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136). - ASoC: amd: acp: Initialize list to store acp_stream during pcm_open (bsc#1219136). - ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136). - ASoC: amd: acp: Refactor bit width calculation (bsc#1219136). - ASoC: amd: acp: Refactor dai format implementation (bsc#1219136). - ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136). - ASoC: amd: acp: add a label to make error path more clean (bsc#1219136). - ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform (bsc#1219136). - ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136). - ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136). - ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136). - ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136). - ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136). - ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols (bsc#1219136). - ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136). - ASoC: amd: acp: move pdm macros to common header file (bsc#1219136). - ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136). - ASoC: amd: acp: rembrandt: Drop if blocks with always false condition (bsc#1219136). - ASoC: amd: acp: remove acp poweroff function (bsc#1219136). - ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions (bsc#1219136). - ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136). - ASoC: amd: acp: store platform device reference created in pci probe call (bsc#1219136). - ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136). - ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136). - ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136). - ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136). - ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc() (bsc#1219136). - ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136). - ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136). - ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136). - ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136). - ASoC: amd: add acp6.2 irq handler (bsc#1219136). - ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136). - ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver (bsc#1219136). - ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136). - ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136). - ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136). - ASoC: amd: fix ACP version typo mistake (bsc#1219136). - ASoC: amd: fix spelling mistake: 'i.e' -> 'i.e.' (bsc#1219136). - ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs() (bsc#1219136). - ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136). - ASoC: amd: ps: Update copyright notice (bsc#1219136). - ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136). - ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136). - ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136). - ASoC: amd: ps: move irq handler registration (bsc#1219136). - ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136). - ASoC: amd: ps: refactor platform device creation logic (bsc#1219136). - ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136). - ASoC: amd: ps: remove unused variable (bsc#1219136). - ASoC: amd: ps: update dev index value in irq handler (bsc#1219136). - ASoC: amd: ps: update macros with ps platform naming convention (bsc#1219136). - ASoC: amd: ps: update the acp clock source (bsc#1219136). - ASoC: amd: ps: use acp_lock to protect common registers in pdm driver (bsc#1219136). - ASoC: amd: ps: use static function (bsc#1219136). - ASoC: amd: renoir: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: update pm_runtime enable sequence (bsc#1219136). - ASoC: amd: vangogh: Add check for acp config flags in vangogh platform (bsc#1219136). - ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136). - ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136). - ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136). - ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136). - ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136). - ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136). - ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) (bsc#1219136). - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136). - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136). - ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136). - ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136). - ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1219136). - ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table (bsc#1219136). - ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136). - ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136). - ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136). - ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks (bsc#1219136). - ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes). - ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes). - ASoC: codecs: wcd938x: handle deferred probe (git-fixes). - ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes). - ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes). - ASoC: cs43130: Fix the position of const qualifier (git-fixes). - ASoC: da7219: Support low DC impedance headset (git-fixes). - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (git-fixes). - ASoC: ops: add correct range check for limiting volume (git-fixes). - ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes). - ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes). - ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes). - ASoC: wm8974: Correct boost mixer inputs (git-fixes). - Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136). - Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes). - Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes). - Documentation: Begin a RAS section (jsc#PED-7622). - EDAC/amd64: Add MI300 row retirement support (jsc#PED-7618). - EDAC/amd64: Add context struct (jsc#PED-7615). - EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615). - EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616). - EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615). - EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622). - EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615). - EDAC/amd64: Cache and use GPU node map (jsc#PED-7616). - EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615). - EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616). - EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615). - EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615). - EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615). - EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615). - EDAC/amd64: Remove early_channel_count() (jsc#PED-7615). - EDAC/amd64: Remove module version string (jsc#PED-7615). - EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615). - EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615). - EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615). - EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615). - EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Use new AMD Address Translation Library (jsc#PED-7618). - EDAC/mc: Add new HBM2 memory type (jsc#PED-7616). - EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622). - EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622). - EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes). - HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes). - HID: wacom: Correct behavior when processing some confidence == false touches (git-fixes). - IB/iser: Prevent invalidating wrong MR (git-fixes) - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (git-fixes). - Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes). - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-fixes). - Input: atkbd - use ab83 as id when skipping the getid command (git-fixes). - Input: bcm5974 - check endpoint type before starting traffic (git-fixes). - Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes). - Input: xpad - add Razer Wolverine V2 support (git-fixes). - KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes). - KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1218997). - KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322). - Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281). - PCI/AER: Configure ECRC only if AER is native (bsc#1218778) - PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes). - PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes). - PCI: keystone: Fix race condition when initializing PHYs (git-fixes). - PM: hibernate: Enforce ordering during image compression/decompression (git-fixes). - RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (jsc#PED-7618). - RAS/AMD/ATL: Add MI300 support (jsc#PED-7618). - RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (jsc#PED-7618). - RAS: Introduce AMD Address Translation Library (jsc#PED-7618). - RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes) - RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes) - RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes) - RDMA/irdma: Add wait for suspend on SQD (git-fixes) - RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes) - RDMA/irdma: Do not modify to SQD on error (git-fixes) - RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes) - RDMA/irdma: Refactor error handling in create CQP (git-fixes) - RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes) - RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes) - RDMA/rtrs-clt: Start hb after path_up (git-fixes) - RDMA/rtrs-srv: Check return values while processing info request (git-fixes) - RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes) - RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes) - RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes) - RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes) - USB: xhci: workaround for grace period (git-fixes). - Update config files: enable ASoC AMD PS drivers (bsc#1219136) - Update patch reference for ax88179 fix (bsc#1218948) - acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-fixes). - aio: fix mremap after fork null-deref (git-fixes). - apparmor: avoid crash when parsed profile name is empty (git-fixes). - arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729) - arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps PLACEHOLDER_4 for HAS_ECV. - arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729) - arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes) - arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes) - arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes) - arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes) - arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes) - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes) - arm64: module: move find_section to header (jsc#PED-4729) - arm64: vdso: Fix 'no previous prototype' warning (jsc#PED-4729) - arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729) - arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729) - asix: Add check for usbnet_get_endpoints (git-fixes). - attr: block mode changes of symlinks (git-fixes). - badblocks: add helper routines for badblock ranges handling (bsc#1174649). - badblocks: add more helper structure and routines in badblocks.h (bsc#1174649). - badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649). - badblocks: improve badblocks_check() for multiple ranges handling (bsc#1174649). - badblocks: improve badblocks_clear() for multiple ranges handling (bsc#1174649). - badblocks: improve badblocks_set() for multiple ranges handling (bsc#1174649). - badblocks: switch to the improved badblock handling code (bsc#1174649). - bpf: Limit the number of kprobes when attaching program to multiple kprobes (git-fixes). - bus: mhi: host: Add alignment check for event ring read pointer (git-fixes). - bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-fixes). - bus: mhi: host: Drop chan lock before queuing buffers (git-fixes). - ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568). - clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes). - clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes). - clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes). - clk: samsung: Fix kernel-doc comments (git-fixes). - clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-fixes). - clk: zynqmp: Add a check for NULL pointer (git-fixes). - clk: zynqmp: make bestdiv unsigned (git-fixes). - clocksource: Skip watchdog check for large watchdog intervals (git-fixes). - clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885). - coresight: etm4x: Add ACPI support in platform driver (bsc#1218779) - coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779) - coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779) - coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779) - coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779) - coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779) - coresight: platform: acpi: Ignore the absence of graph (bsc#1218779) - crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes). - crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes). - crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes). - crypto: sahara - do not resize req->src when doing hash operations (git-fixes). - crypto: sahara - fix ahash reqsize (git-fixes). - crypto: sahara - fix ahash selftest failure (git-fixes). - crypto: sahara - fix cbc selftest failure (git-fixes). - crypto: sahara - fix processing hash requests with req->nbytes < sg->length (git-fixes). - crypto: sahara - fix processing requests with cryptlen < sg->length (git-fixes). - crypto: sahara - fix wait_for_completion_timeout() error handling (git-fixes). - crypto: sahara - handle zero-length aes requests (git-fixes). - crypto: sahara - improve error handling in sahara_sha_process() (git-fixes). - crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes). - crypto: scomp - fix req->dst buffer overflow (git-fixes). - dma-debug: fix kernel-doc warnings (git-fixes). - dmaengine: fix NULL pointer in channel unregistration function (git-fixes). - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-fixes). - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes). - dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes). - dmaengine: ti: k3-udma: Report short packet errors (git-fixes). - doc/README.KSYMS: Add to repo. - docs: Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes). - drivers: clk: zynqmp: calculate closest mux rate (git-fixes). - drivers: clk: zynqmp: update divider round rate logic (git-fixes). - drm/amd/display: Fix tiled display misalignment (git-fixes). - drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-fixes). - drm/amd/display: add nv12 bounding box (git-fixes). - drm/amd/display: get dprefclk ss info from integration info table (git-fixes). - drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes). - drm/amd/display: pbn_div need be updated for hotplug event (git-fixes). - drm/amd/display: update dcn315 lpddr pstate latency (git-fixes). - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes). - drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-fixes). - drm/amd/pm: fix a double-free in si_dpm_init (git-fixes). - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (git-fixes). - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes). - drm/amdgpu/pm: Fix the power source flag error (git-fixes). - drm/amdgpu: Add NULL checks for function pointers (git-fixes). - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes). - drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' (git-fixes). - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (git-fixes). - drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes). - drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-fixes). - drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' (git-fixes). - drm/amdgpu: Let KFD sync with VM fences (git-fixes). - drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (git-fixes). - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-fixes). - drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes). - drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (git-fixes). - drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (git-fixes). - drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-fixes). - drm/amdkfd: Fix lock dependency warning (git-fixes). - drm/amdkfd: Fix lock dependency warning with srcu (git-fixes). - drm/amdkfd: Use resource_size() helper function (git-fixes). - drm/amdkfd: fixes for HMM mem allocation (git-fixes). - drm/bridge: Fix typo in post_disable() description (git-fixes). - drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes). - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes). - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes). - drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes). - drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (git-fixes). - drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (git-fixes). - drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-fixes). - drm/bridge: tc358767: Fix return value on error case (git-fixes). - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (git-fixes). - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes). - drm/crtc: fix uninitialized variable use (git-fixes). - drm/drv: propagate errors from drm_modeset_register_all() (git-fixes). - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-fixes). - drm/exynos: fix a potential error pointer dereference (git-fixes). - drm/exynos: fix a wrong error checking (git-fixes). - drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes). - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-fixes). - drm/framebuffer: Fix use of uninitialized variable (git-fixes). - drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-fixes). - drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr() (git-fixes). - drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes). - drm/msm/dpu: Set input_sel bit for INTF (git-fixes). - drm/msm/dpu: fix writeback programming for YUV cases (git-fixes). - drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality (git-fixes). - drm/msm/dsi: Enable runtime PM (git-fixes). - drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-fixes). - drm/msm/mdp4: flush vblank event on disable (git-fixes). - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-fixes). - drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes). - drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes). - drm/panel: nt35510: fix typo (git-fixes). - drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-fixes). - drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-fixes). - drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes). - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-fixes). - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-fixes). - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-fixes). - drm/radeon: check return value of radeon_ring_lock() (git-fixes). - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (git-fixes). - drm/tidss: Check for K2G in in dispc_softreset() (git-fixes). - drm/tidss: Fix atomic_flush check (git-fixes). - drm/tidss: Fix dss reset (git-fixes). - drm/tidss: Move reset to the end of dispc_init() (git-fixes). - drm/tidss: Return error value from from softreset (git-fixes). - drm/tilcdc: Fix irq free on unload (git-fixes). - drm: Do not unref the same fb many times by mistake due to deadlock handling (git-fixes). - drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-fixes). - drm: using mul_u32_u32() requires linux/math64.h (git-fixes). - dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694) - efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes). - eventfd: prevent underflow for eventfd semaphores (git-fixes). - exfat: fix reporting fs error when reading dir beyond EOF (git-fixes). - exfat: support handle zero-size directory (git-fixes). - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes). - fbdev: Only disable sysfb on the primary device (bsc#1216441) - fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an existing patch to fix bsc#1216441. - fbdev: flush deferred IO before closing (git-fixes). - fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes). - fbdev: imxfb: fix left margin setting (git-fixes). - fbdev: mmp: Fix typo and wording in code comment (git-fixes). - firewire: core: correct documentation of fw_csr_string() kernel API (git-fixes). - firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (git-fixes). - firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes). - fjes: fix memleaks in fjes_hw_setup (git-fixes). - fs/mount_setattr: always cleanup mount_kattr (git-fixes). - fs: Fix error checking for d_hash_and_lookup() (git-fixes). - fs: Move notify_change permission checks into may_setattr (git-fixes). - fs: do not audit the capability check in simple_xattr_list() (git-fixes). - fs: drop peer group ids under namespace lock (git-fixes). - fs: indicate request originates from old mount API (git-fixes). - fs: sendfile handles O_NONBLOCK of out_fd (git-fixes). - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659). - gfs2: Always check inode size of inline inodes (git-fixes). - gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes). - gfs2: Disable page faults during lockless buffered reads (git-fixes). - gfs2: Eliminate ip->i_gh (git-fixes). - gfs2: Eliminate vestigial HIF_FIRST (git-fixes). - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes). - gfs2: Introduce flag for glock holder auto-demotion (git-fixes). - gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes). - gfs2: Remove redundant check from gfs2_glock_dq (git-fixes). - gfs2: Switch to wait_event in gfs2_logd (git-fixes). - gfs2: assign rgrp glock before compute_bitstructs (git-fixes). - gfs2: low-memory forced flush fixes (git-fixes). - gfs2: release iopen glock early in evict (git-fixes). - gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes). - gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes). - hv_netvsc: rndis_filter needs to select NLS (git-fixes). - hwmon: (corsair-psu) Fix probe when built-in (git-fixes). - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes). - i2c: rk3x: fix potential spinlock recursion on poll (git-fixes). - i2c: s3c24xx: fix read transfers in polling mode (git-fixes). - i2c: s3c24xx: fix transferring more than one message in polling mode (git-fixes). - iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes). - iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes). - iio: adc: ad9467: do not ignore error codes (git-fixes). - iio: adc: ad9467: fix reset gpio handling (git-fixes). - ipmi: Use regspacings passed as a module parameter (git-fixes). - kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136) - kdb: Fix a potential buffer overflow in kdb_local() (git-fixes). - kernel-doc: handle a void function without producing a warning (git-fixes). - kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-fixes). - leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes). - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes). - libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-fixes). - md: fix bi_status reporting in md_end_clone_io (bsc#1210443). - media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes). - media: dt-bindings: ov8856: decouple lanes and link frequency from driver (git-fixes). - media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (git-fixes). - media: imx355: Enable runtime PM before registering async sub-device (git-fixes). - media: ov9734: Enable runtime PM before registering async sub-device (git-fixes). - media: pvrusb2: fix use after free on context disconnection (git-fixes). - media: rkisp1: Disable runtime PM in probe error path (git-fixes). - media: rkisp1: Fix media device memory leak (git-fixes). - media: rkisp1: Read the ID register at probe time instead of streamon (git-fixes). - media: videobuf2-dma-sg: fix vmap callback (git-fixes). - mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes). - misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes). - mm: fs: initialize fsdata passed to write_begin/write_end interface (git-fixes). - mmc: core: Cancel delayed work before releasing host (git-fixes). - modpost: move __attribute__((format(printf, 2, 3))) to modpost.h (git-fixes). - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes). - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-fixes). - mtd: rawnand: pl353: Fix kernel doc (git-fixes). - mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-fixes). - mtd: rawnand: rockchip: Rename a structure (git-fixes). - net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes). - net: usb: ax88179_178a: Bind only to vendor-specific interface (bsc#1218948). - net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948). - net: usb: ax88179_178a: move priv to driver_priv (git-fixes). - net: usb: ax88179_178a: remove redundant init code (git-fixes). - net: usb: ax88179_178a: restore state on resume (bsc#1218948). - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes). - nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349). - nfsd: fix RELEASE_LOCKOWNER (bsc#1218968). - nouveau/tu102: flush all pdbs on vmm flush (git-fixes). - nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes). - nsfs: add compat ioctl handler (git-fixes). - nvme-loop: always quiesce and cancel commands before destroying admin q (bsc#1211515). - nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes). - nvme-pci: fix sleeping function called from interrupt context (git-fixes). - nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-fixes). - nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515). - nvme: fix max_discard_sectors calculation (git-fixes). - nvme: introduce helper function to get ctrl state (git-fixes). - nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515). - nvme: start keep-alive after admin queue setup (bsc#1211515). - nvme: trace: avoid memcpy overflow warning (git-fixes). - nvmet: re-fix tracing strncpy() warning (git-fixes). - of: Fix double free in of_parse_phandle_with_args_map (git-fixes). - of: unittest: Fix of_count_phandle_with_args() expected value message (git-fixes). - parport: parport_serial: Add Brainboxes BAR details (git-fixes). - parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes). - pci: Drop PCI vmd patches that caused a regression (bsc#1218005) - perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958). - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (bsc#1218958). - perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (bsc#1219512). - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes). - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes). - pinctrl: intel: Revert 'Unexport intel_pinctrl_probe()' (git-fixes). - platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620). - platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620). - platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620). - platform/x86/amd/hsmp: improve the error log (jsc#PED-7620). - platform/x86: ISST: Reduce noise for missing numa information in logs (bsc#1219285). - platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620). - power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes). - power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes). - powerpc/fadump: reset dump area size if fadump memory reserve fails (bsc#1194869). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes). - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869). - powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes). - powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729). - powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1194869). - powerpc/pseries: fix potential memory leak in init_cpu_associativity() (bsc#1194869). - powerpc/xive: Fix endian conversion size (bsc#1194869). - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes). - pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes). - pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes). - pwm: stm32: Fix enable count for clk in .probe() (git-fixes). - pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes). - pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-fixes). - r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes). - r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-fixes). - ring-buffer/Documentation: Add documentation on buffer_percent file (git-fixes). - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (git-fixes). - s390/dasd: fix double module refcount decrement (bsc#1141539). - s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1219006). - s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012). - s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (git-fixes bsc#1219014). - s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (git-fixes bsc#1219013). - s390/vfio-ap: unpin pages on gisc registration failure (git-fixes bsc#1218723). - sched/isolation: add cpu_is_isolated() API (bsc#1217895). - scripts/kernel-doc: restore warning for Excess struct/union (git-fixes). - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes). - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes). - scsi: core: Always send batch on reset or error handling command (git-fixes). - scsi: fnic: Return error if vmalloc() failed (git-fixes). - scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes). - scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes). - scsi: hisi_sas: Fix warnings detected by sparse (git-fixes). - scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes). - scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes). - scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes). - scsi: hisi_sas: Replace with standard error code return value (git-fixes). - scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes). - scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-fixes). - scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (git-fixes). - scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097). - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097). - scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes). - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes). - scsi: lpfc: Change VMID driver load time parameters to read only (bsc#1219582). - scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (bsc#1219582). - scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (bsc#1219582). - scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582). - scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes). - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes). - scsi: mpt3sas: Fix an outdated comment (git-fixes). - scsi: mpt3sas: Fix in error path (git-fixes). - scsi: mpt3sas: Fix loop logic (bsc#1219067). - scsi: mpt3sas: Fix loop logic (git-fixes). - scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes). - scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (git-fixes). - scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes). - selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes). - serial: 8250: omap: Do not skip resource freeing if pm_runtime_resume_and_get() failed (git-fixes). - serial: core: Fix atomicity violation in uart_tiocmget (git-fixes). - serial: imx: Correct clock error message in function probe() (git-fixes). - serial: imx: fix tx statemachine deadlock (git-fixes). - serial: max310x: fail probe if clock crystal is unstable (git-fixes). - serial: max310x: improve crystal stable clock detection (git-fixes). - serial: max310x: set default value when reading clock ready bit (git-fixes). - serial: sc16is7xx: add check for unsupported SPI modes during probe (git-fixes). - serial: sc16is7xx: set safe default SPI clock frequency (git-fixes). - serial: sccnxp: Improve error message if regulator_disable() fails (git-fixes). - series.conf: the patch is not in git and breaks series_insert.py - shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-fixes). - software node: Let args be NULL in software_node_get_reference_args (git-fixes). - spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes). - swiotlb-xen: provide the 'max_mapping_size' method (git-fixes). - swiotlb: fix a braino in the alignment check fix (bsc#1216559). - swiotlb: fix slot alignment checks (bsc#1216559). - trace,smp: Add tracepoints around remotelly called functions (bsc#1217895). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes). - tracing: Add size check when printing trace_marker output (git-fixes). - tracing: Ensure visibility when inserting an element into tracing_map (git-fixes). - tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes). - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (git-fixes). - tracing: Increase trace array ref count on enable and filter files (bsc#1219490). - ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex (git-fixes). - ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted (git-fixes). - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-fixes). - uio: Fix use-after-free in uio_open (git-fixes). - usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-fixes). - usb: cdns3: fix uvc failure work since sg support enabled (git-fixes). - usb: chipidea: wait controller resume finished for wakeup irq (git-fixes). - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes). - usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes). - usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes). - usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes). - usb: otg numberpad exception (bsc#1218527). - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (git-fixes). - usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes). - usb: ucsi: Add missing ppm_lock (git-fixes). - usb: ucsi_acpi: Fix command completion handling (git-fixes). - usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-fixes). - usr/Kconfig: fix typos of 'its' (git-fixes). - vfs: make freeze_super abort when sync_filesystem returns error (git-fixes). - vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes). - virtio-mmio: fix memory leak of vm_dev (git-fixes). - virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes). - vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (git-fixes). - watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes). - watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes). - watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (git-fixes). - watchdog: set cdev owner before adding (git-fixes). - wifi: ath11k: Defer on rproc_get failure (git-fixes). - wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes). - wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes). - wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-fixes). - wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes). - wifi: libertas: stop selecting wext (git-fixes). - wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes). - wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-fixes). - wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes). - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes). - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-fixes). - wifi: rtlwifi: add calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-fixes). - wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes). - x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616). - x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622). - x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623). - x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622). - x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616). - x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615). - x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). - x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes). - x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown() (git-fixes). - x86/mce: Cleanup mce_usable_address() (jsc#PED-7623). - x86/mce: Define amd_mce_usable_address() (jsc#PED-7623). - xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes). - xen/events: fix delayed eoi list handling (git-fixes). - xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes). - xhci: cleanup xhci_hub_control port references (git-fixes). - xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes). - xhci: track port suspend state correctly in unsuccessful resume cases (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:534-1 Released: Tue Feb 20 08:48:52 2024 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1218762,1218763 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.9 (bsc#1218762, bsc#1218763) - Remove duplicate data collection for the plugin itself - Collect archive metering data when available - Query billing flavor status ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:549-1 Released: Tue Feb 20 17:05:52 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:555-1 Released: Tue Feb 20 17:22:17 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:564-1 Released: Wed Feb 21 07:18:18 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219425 This update for suseconnect-ng fixes the following issues: - Allow SUSEConnect on read write transactional systems (bsc#1219425) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:574-1 Released: Wed Feb 21 10:39:55 2024 Summary: Security update for bind Type: security Severity: important References: 1219823,1219826,1219851,1219852,1219853,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-5679,CVE-2023-6516 This update for bind fixes the following issues: Update to release 9.16.48: - CVE-2023-50387: Fixed a denial-of-service caused by DNS messages containing a lot of DNSSEC signatures (bsc#1219823). - CVE-2023-50868: Fixed a denial-of-service caused by NSEC3 closest encloser proof (bsc#1219826). - CVE-2023-4408: Fixed a denial-of-service caused by DNS messages with many different names (bsc#1219851). - CVE-2023-5517: Fixed a possible crash when nxdomain-redirect was enabled (bsc#1219852). - CVE-2023-5679: Fixed a possible crash when bad interaction between DNS64 and serve-stale, when both of these features are enabled (bsc#1219853). - CVE-2023-6516: Fixed excessive memory consumption when continuously trigger the cache database maintenance (bsc#1219854). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:581-1 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Type: security Severity: moderate References: 1210638,CVE-2023-27043 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:586-1 Released: Thu Feb 22 09:54:21 2024 Summary: Security update for docker Type: security Severity: important References: 1219267,1219268,1219438,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438). * CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268). * CVE-2024-23651: Fixed race condition in mount (bsc#1219267). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:588-1 Released: Thu Feb 22 10:06:31 2024 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1218494 This update for kdump fixes the following issues: - dracut: always create fstab, even if empty (bsc#1218494) - fix NOSPLIT option - Honor the KDUMP_VERBOSE setting in kdump-save ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:596-1 Released: Thu Feb 22 20:05:29 2024 Summary: Security update for openssh Type: security Severity: important References: 1218215,CVE-2023-51385 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:609-1 Released: Mon Feb 26 05:31:53 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1217102 This update for grub2 fixes the following issues: - Fix PowerPC grub slow loading time (bsc#1217102) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:638-1 Released: Tue Feb 27 10:36:11 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1218862,1218865,CVE-2024-0553,CVE-2024-0567 This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862). - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:794-1 Released: Thu Mar 7 10:33:17 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). The following package changes have been done: - bind-utils-9.16.48-150500.8.16.1 updated - docker-24.0.7_ce-150000.193.1 updated - grub2-i386-pc-2.06-150500.29.16.1 updated - grub2-x86_64-efi-2.06-150500.29.16.1 updated - grub2-x86_64-xen-2.06-150500.29.16.1 updated - grub2-2.06-150500.29.16.1 updated - hwdata-0.378-150000.3.65.1 updated - kdump-1.0.2+git45.g7e4faf4-150500.3.3.1 updated - kernel-default-5.14.21-150500.55.49.1 updated - libgnutls30-3.7.3-150400.4.41.3 updated - libopenssl1_1-1.1.1l-150500.17.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.54.1 updated - libsolv-tools-0.7.28-150400.3.16.2 updated - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - libxml2-2-2.10.3-150500.5.14.1 updated - libzypp-17.31.31-150400.3.52.2 updated - netcfg-11.6-150000.3.6.1 updated - openssh-clients-8.4p1-150300.3.30.1 updated - openssh-common-8.4p1-150300.3.30.1 updated - openssh-server-8.4p1-150300.3.30.1 updated - openssh-8.4p1-150300.3.30.1 updated - openssl-1_1-1.1.1l-150500.17.25.1 updated - python3-base-3.6.15-150300.10.54.1 updated - python3-bind-9.16.48-150500.8.16.1 updated - python3-3.6.15-150300.10.54.1 updated - rpm-ndb-4.14.3-150400.59.7.1 updated - runc-1.1.12-150000.61.2 updated - sudo-1.9.12p1-150500.7.7.1 updated - supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 updated - suse-build-key-12.0-150000.8.43.1 updated - suseconnect-ng-1.7.0~git0.5338270-150500.3.15.1 updated - timezone-2024a-150000.75.28.1 updated From sle-container-updates at lists.suse.com Mon Mar 11 08:01:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 09:01:14 +0100 (CET) Subject: SUSE-IU-2024:273-1: Security update of sles-15-sp5-chost-byos-v20240307-arm64 Message-ID: <20240311080114.C8A43F7A4@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20240307-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:273-1 Image Tags : sles-15-sp5-chost-byos-v20240307-arm64:20240307 Image Release : Severity : critical Type : security References : 1065729 1108281 1141539 1174649 1181674 1193285 1194869 1209834 1210443 1210638 1211515 1211886 1212091 1214377 1215275 1215698 1215885 1216441 1216559 1216702 1216752 1217102 1217895 1217987 1217988 1217989 1218005 1218215 1218447 1218494 1218527 1218659 1218689 1218713 1218723 1218730 1218752 1218757 1218762 1218763 1218768 1218778 1218779 1218782 1218804 1218831 1218832 1218836 1218862 1218865 1218894 1218916 1218948 1218958 1218968 1218997 1219006 1219012 1219013 1219014 1219026 1219053 1219067 1219120 1219123 1219128 1219136 1219189 1219243 1219267 1219268 1219285 1219349 1219412 1219425 1219429 1219434 1219438 1219442 1219490 1219512 1219568 1219576 1219582 1219608 1219642 1219823 1219826 1219851 1219852 1219853 1219854 1220385 1220389 CVE-2021-33631 CVE-2023-27043 CVE-2023-42465 CVE-2023-4408 CVE-2023-46838 CVE-2023-47233 CVE-2023-4921 CVE-2023-50387 CVE-2023-50868 CVE-2023-51042 CVE-2023-51043 CVE-2023-51385 CVE-2023-51780 CVE-2023-51782 CVE-2023-5517 CVE-2023-5679 CVE-2023-6040 CVE-2023-6356 CVE-2023-6516 CVE-2023-6531 CVE-2023-6535 CVE-2023-6536 CVE-2023-6915 CVE-2024-0340 CVE-2024-0553 CVE-2024-0565 CVE-2024-0567 CVE-2024-0641 CVE-2024-0727 CVE-2024-0775 CVE-2024-1085 CVE-2024-1086 CVE-2024-21626 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24860 CVE-2024-25062 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20240307-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:456-1 Released: Tue Feb 13 11:03:03 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: This update for grub2 fixes the following issues: - Fix missing grub2 exporters on Leap ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:459-1 Released: Tue Feb 13 15:28:56 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:467-1 Released: Wed Feb 14 12:21:14 2024 Summary: Recommended update for google-guest-agent, google-guest-oslogin Type: recommended Severity: critical References: 1219642 This update for google-guest-agent, google-guest-oslogin contains the following fix: - Add explicit versioned dependency on google-guest-oslogin (bsc#1219642) - Add explicit versioned dependency on google-guest-agent (bsc#1219642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:480-1 Released: Thu Feb 15 12:35:51 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:516-1 Released: Thu Feb 15 16:04:34 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1108281,1141539,1174649,1181674,1193285,1194869,1209834,1210443,1211515,1212091,1214377,1215275,1215885,1216441,1216559,1216702,1217895,1217987,1217988,1217989,1218005,1218447,1218527,1218659,1218689,1218713,1218723,1218730,1218752,1218757,1218768,1218778,1218779,1218804,1218832,1218836,1218916,1218948,1218958,1218968,1218997,1219006,1219012,1219013,1219014,1219053,1219067,1219120,1219128,1219136,1219285,1219349,1219412,1219429,1219434,1219490,1219512,1219568,1219582,1219608,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-4921,CVE-2023-51042,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6531,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0340,CVE-2024-0565,CVE-2024-0641,CVE-2024-0775,CVE-2024-1085,CVE-2024-1086,CVE-2024-24860 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429). - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608). The following non-security bugs were fixed: - Documentation: RAS: Add index and address translation section (jsc#PED-7618). - ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes). - ACPI: LPSS: Fix the fractional clock divider flags (git-fixes). - ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377) - ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (git-fixes). - ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377) - ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes). - ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377) - ACPI: video: check for error while searching for backlight device parent (git-fixes). - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-fixes). - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes). - ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook (git-fixes). - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (git-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes). - ALSA: hda: Refer to correct stream index at loops (git-fixes). - ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-fixes). - ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes). - ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes). - ASoC: Intel: Skylake: mem leak in skl register function (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-fixes). - ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes). - ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136). - ASoC: amd: Add check for acp config flags (bsc#1219136). - ASoC: amd: Add new dmi entries to config entry (bsc#1219136). - ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136). - ASoC: amd: Drop empty platform remove function (bsc#1219136). - ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136). - ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes). - ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (bsc#1219136). - ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller (bsc#1219136). - ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136). - ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136). - ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (bsc#1219136). - ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes). - ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136). - ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver (bsc#1219136). - ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136). - ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136). - ASoC: amd: acp: Initialize list to store acp_stream during pcm_open (bsc#1219136). - ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136). - ASoC: amd: acp: Refactor bit width calculation (bsc#1219136). - ASoC: amd: acp: Refactor dai format implementation (bsc#1219136). - ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136). - ASoC: amd: acp: add a label to make error path more clean (bsc#1219136). - ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform (bsc#1219136). - ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136). - ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136). - ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136). - ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136). - ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136). - ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols (bsc#1219136). - ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136). - ASoC: amd: acp: move pdm macros to common header file (bsc#1219136). - ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136). - ASoC: amd: acp: rembrandt: Drop if blocks with always false condition (bsc#1219136). - ASoC: amd: acp: remove acp poweroff function (bsc#1219136). - ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions (bsc#1219136). - ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136). - ASoC: amd: acp: store platform device reference created in pci probe call (bsc#1219136). - ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136). - ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136). - ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136). - ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136). - ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc() (bsc#1219136). - ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136). - ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136). - ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136). - ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136). - ASoC: amd: add acp6.2 irq handler (bsc#1219136). - ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136). - ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver (bsc#1219136). - ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136). - ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136). - ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136). - ASoC: amd: fix ACP version typo mistake (bsc#1219136). - ASoC: amd: fix spelling mistake: 'i.e' -> 'i.e.' (bsc#1219136). - ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs() (bsc#1219136). - ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136). - ASoC: amd: ps: Update copyright notice (bsc#1219136). - ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136). - ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136). - ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136). - ASoC: amd: ps: move irq handler registration (bsc#1219136). - ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136). - ASoC: amd: ps: refactor platform device creation logic (bsc#1219136). - ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136). - ASoC: amd: ps: remove unused variable (bsc#1219136). - ASoC: amd: ps: update dev index value in irq handler (bsc#1219136). - ASoC: amd: ps: update macros with ps platform naming convention (bsc#1219136). - ASoC: amd: ps: update the acp clock source (bsc#1219136). - ASoC: amd: ps: use acp_lock to protect common registers in pdm driver (bsc#1219136). - ASoC: amd: ps: use static function (bsc#1219136). - ASoC: amd: renoir: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: update pm_runtime enable sequence (bsc#1219136). - ASoC: amd: vangogh: Add check for acp config flags in vangogh platform (bsc#1219136). - ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136). - ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136). - ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136). - ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136). - ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136). - ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136). - ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) (bsc#1219136). - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136). - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136). - ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136). - ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136). - ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1219136). - ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table (bsc#1219136). - ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136). - ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136). - ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136). - ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks (bsc#1219136). - ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes). - ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes). - ASoC: codecs: wcd938x: handle deferred probe (git-fixes). - ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes). - ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes). - ASoC: cs43130: Fix the position of const qualifier (git-fixes). - ASoC: da7219: Support low DC impedance headset (git-fixes). - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (git-fixes). - ASoC: ops: add correct range check for limiting volume (git-fixes). - ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes). - ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes). - ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes). - ASoC: wm8974: Correct boost mixer inputs (git-fixes). - Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136). - Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes). - Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes). - Documentation: Begin a RAS section (jsc#PED-7622). - EDAC/amd64: Add MI300 row retirement support (jsc#PED-7618). - EDAC/amd64: Add context struct (jsc#PED-7615). - EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615). - EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616). - EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615). - EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622). - EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615). - EDAC/amd64: Cache and use GPU node map (jsc#PED-7616). - EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615). - EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616). - EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615). - EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615). - EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615). - EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615). - EDAC/amd64: Remove early_channel_count() (jsc#PED-7615). - EDAC/amd64: Remove module version string (jsc#PED-7615). - EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615). - EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615). - EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615). - EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615). - EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Use new AMD Address Translation Library (jsc#PED-7618). - EDAC/mc: Add new HBM2 memory type (jsc#PED-7616). - EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622). - EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622). - EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes). - HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes). - HID: wacom: Correct behavior when processing some confidence == false touches (git-fixes). - IB/iser: Prevent invalidating wrong MR (git-fixes) - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (git-fixes). - Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes). - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-fixes). - Input: atkbd - use ab83 as id when skipping the getid command (git-fixes). - Input: bcm5974 - check endpoint type before starting traffic (git-fixes). - Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes). - Input: xpad - add Razer Wolverine V2 support (git-fixes). - KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes). - KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1218997). - KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322). - Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281). - PCI/AER: Configure ECRC only if AER is native (bsc#1218778) - PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes). - PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes). - PCI: keystone: Fix race condition when initializing PHYs (git-fixes). - PM: hibernate: Enforce ordering during image compression/decompression (git-fixes). - RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (jsc#PED-7618). - RAS/AMD/ATL: Add MI300 support (jsc#PED-7618). - RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (jsc#PED-7618). - RAS: Introduce AMD Address Translation Library (jsc#PED-7618). - RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes) - RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes) - RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes) - RDMA/irdma: Add wait for suspend on SQD (git-fixes) - RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes) - RDMA/irdma: Do not modify to SQD on error (git-fixes) - RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes) - RDMA/irdma: Refactor error handling in create CQP (git-fixes) - RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes) - RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes) - RDMA/rtrs-clt: Start hb after path_up (git-fixes) - RDMA/rtrs-srv: Check return values while processing info request (git-fixes) - RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes) - RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes) - RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes) - RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes) - USB: xhci: workaround for grace period (git-fixes). - Update config files: enable ASoC AMD PS drivers (bsc#1219136) - Update patch reference for ax88179 fix (bsc#1218948) - acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-fixes). - aio: fix mremap after fork null-deref (git-fixes). - apparmor: avoid crash when parsed profile name is empty (git-fixes). - arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729) - arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps PLACEHOLDER_4 for HAS_ECV. - arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729) - arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes) - arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes) - arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes) - arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes) - arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes) - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes) - arm64: module: move find_section to header (jsc#PED-4729) - arm64: vdso: Fix 'no previous prototype' warning (jsc#PED-4729) - arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729) - arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729) - asix: Add check for usbnet_get_endpoints (git-fixes). - attr: block mode changes of symlinks (git-fixes). - badblocks: add helper routines for badblock ranges handling (bsc#1174649). - badblocks: add more helper structure and routines in badblocks.h (bsc#1174649). - badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649). - badblocks: improve badblocks_check() for multiple ranges handling (bsc#1174649). - badblocks: improve badblocks_clear() for multiple ranges handling (bsc#1174649). - badblocks: improve badblocks_set() for multiple ranges handling (bsc#1174649). - badblocks: switch to the improved badblock handling code (bsc#1174649). - bpf: Limit the number of kprobes when attaching program to multiple kprobes (git-fixes). - bus: mhi: host: Add alignment check for event ring read pointer (git-fixes). - bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-fixes). - bus: mhi: host: Drop chan lock before queuing buffers (git-fixes). - ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568). - clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes). - clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes). - clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes). - clk: samsung: Fix kernel-doc comments (git-fixes). - clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-fixes). - clk: zynqmp: Add a check for NULL pointer (git-fixes). - clk: zynqmp: make bestdiv unsigned (git-fixes). - clocksource: Skip watchdog check for large watchdog intervals (git-fixes). - clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885). - coresight: etm4x: Add ACPI support in platform driver (bsc#1218779) - coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779) - coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779) - coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779) - coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779) - coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779) - coresight: platform: acpi: Ignore the absence of graph (bsc#1218779) - crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes). - crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes). - crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes). - crypto: sahara - do not resize req->src when doing hash operations (git-fixes). - crypto: sahara - fix ahash reqsize (git-fixes). - crypto: sahara - fix ahash selftest failure (git-fixes). - crypto: sahara - fix cbc selftest failure (git-fixes). - crypto: sahara - fix processing hash requests with req->nbytes < sg->length (git-fixes). - crypto: sahara - fix processing requests with cryptlen < sg->length (git-fixes). - crypto: sahara - fix wait_for_completion_timeout() error handling (git-fixes). - crypto: sahara - handle zero-length aes requests (git-fixes). - crypto: sahara - improve error handling in sahara_sha_process() (git-fixes). - crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes). - crypto: scomp - fix req->dst buffer overflow (git-fixes). - dma-debug: fix kernel-doc warnings (git-fixes). - dmaengine: fix NULL pointer in channel unregistration function (git-fixes). - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-fixes). - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes). - dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes). - dmaengine: ti: k3-udma: Report short packet errors (git-fixes). - doc/README.KSYMS: Add to repo. - docs: Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes). - drivers: clk: zynqmp: calculate closest mux rate (git-fixes). - drivers: clk: zynqmp: update divider round rate logic (git-fixes). - drm/amd/display: Fix tiled display misalignment (git-fixes). - drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-fixes). - drm/amd/display: add nv12 bounding box (git-fixes). - drm/amd/display: get dprefclk ss info from integration info table (git-fixes). - drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes). - drm/amd/display: pbn_div need be updated for hotplug event (git-fixes). - drm/amd/display: update dcn315 lpddr pstate latency (git-fixes). - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes). - drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-fixes). - drm/amd/pm: fix a double-free in si_dpm_init (git-fixes). - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (git-fixes). - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes). - drm/amdgpu/pm: Fix the power source flag error (git-fixes). - drm/amdgpu: Add NULL checks for function pointers (git-fixes). - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes). - drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' (git-fixes). - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (git-fixes). - drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes). - drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-fixes). - drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' (git-fixes). - drm/amdgpu: Let KFD sync with VM fences (git-fixes). - drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (git-fixes). - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-fixes). - drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes). - drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (git-fixes). - drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (git-fixes). - drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-fixes). - drm/amdkfd: Fix lock dependency warning (git-fixes). - drm/amdkfd: Fix lock dependency warning with srcu (git-fixes). - drm/amdkfd: Use resource_size() helper function (git-fixes). - drm/amdkfd: fixes for HMM mem allocation (git-fixes). - drm/bridge: Fix typo in post_disable() description (git-fixes). - drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes). - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes). - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes). - drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes). - drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (git-fixes). - drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (git-fixes). - drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-fixes). - drm/bridge: tc358767: Fix return value on error case (git-fixes). - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (git-fixes). - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes). - drm/crtc: fix uninitialized variable use (git-fixes). - drm/drv: propagate errors from drm_modeset_register_all() (git-fixes). - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-fixes). - drm/exynos: fix a potential error pointer dereference (git-fixes). - drm/exynos: fix a wrong error checking (git-fixes). - drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes). - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-fixes). - drm/framebuffer: Fix use of uninitialized variable (git-fixes). - drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-fixes). - drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr() (git-fixes). - drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes). - drm/msm/dpu: Set input_sel bit for INTF (git-fixes). - drm/msm/dpu: fix writeback programming for YUV cases (git-fixes). - drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality (git-fixes). - drm/msm/dsi: Enable runtime PM (git-fixes). - drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-fixes). - drm/msm/mdp4: flush vblank event on disable (git-fixes). - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-fixes). - drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes). - drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes). - drm/panel: nt35510: fix typo (git-fixes). - drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-fixes). - drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-fixes). - drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes). - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-fixes). - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-fixes). - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-fixes). - drm/radeon: check return value of radeon_ring_lock() (git-fixes). - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (git-fixes). - drm/tidss: Check for K2G in in dispc_softreset() (git-fixes). - drm/tidss: Fix atomic_flush check (git-fixes). - drm/tidss: Fix dss reset (git-fixes). - drm/tidss: Move reset to the end of dispc_init() (git-fixes). - drm/tidss: Return error value from from softreset (git-fixes). - drm/tilcdc: Fix irq free on unload (git-fixes). - drm: Do not unref the same fb many times by mistake due to deadlock handling (git-fixes). - drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-fixes). - drm: using mul_u32_u32() requires linux/math64.h (git-fixes). - dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694) - efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes). - eventfd: prevent underflow for eventfd semaphores (git-fixes). - exfat: fix reporting fs error when reading dir beyond EOF (git-fixes). - exfat: support handle zero-size directory (git-fixes). - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes). - fbdev: Only disable sysfb on the primary device (bsc#1216441) - fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an existing patch to fix bsc#1216441. - fbdev: flush deferred IO before closing (git-fixes). - fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes). - fbdev: imxfb: fix left margin setting (git-fixes). - fbdev: mmp: Fix typo and wording in code comment (git-fixes). - firewire: core: correct documentation of fw_csr_string() kernel API (git-fixes). - firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (git-fixes). - firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes). - fjes: fix memleaks in fjes_hw_setup (git-fixes). - fs/mount_setattr: always cleanup mount_kattr (git-fixes). - fs: Fix error checking for d_hash_and_lookup() (git-fixes). - fs: Move notify_change permission checks into may_setattr (git-fixes). - fs: do not audit the capability check in simple_xattr_list() (git-fixes). - fs: drop peer group ids under namespace lock (git-fixes). - fs: indicate request originates from old mount API (git-fixes). - fs: sendfile handles O_NONBLOCK of out_fd (git-fixes). - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659). - gfs2: Always check inode size of inline inodes (git-fixes). - gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes). - gfs2: Disable page faults during lockless buffered reads (git-fixes). - gfs2: Eliminate ip->i_gh (git-fixes). - gfs2: Eliminate vestigial HIF_FIRST (git-fixes). - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes). - gfs2: Introduce flag for glock holder auto-demotion (git-fixes). - gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes). - gfs2: Remove redundant check from gfs2_glock_dq (git-fixes). - gfs2: Switch to wait_event in gfs2_logd (git-fixes). - gfs2: assign rgrp glock before compute_bitstructs (git-fixes). - gfs2: low-memory forced flush fixes (git-fixes). - gfs2: release iopen glock early in evict (git-fixes). - gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes). - gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes). - hv_netvsc: rndis_filter needs to select NLS (git-fixes). - hwmon: (corsair-psu) Fix probe when built-in (git-fixes). - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes). - i2c: rk3x: fix potential spinlock recursion on poll (git-fixes). - i2c: s3c24xx: fix read transfers in polling mode (git-fixes). - i2c: s3c24xx: fix transferring more than one message in polling mode (git-fixes). - iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes). - iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes). - iio: adc: ad9467: do not ignore error codes (git-fixes). - iio: adc: ad9467: fix reset gpio handling (git-fixes). - ipmi: Use regspacings passed as a module parameter (git-fixes). - kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136) - kdb: Fix a potential buffer overflow in kdb_local() (git-fixes). - kernel-doc: handle a void function without producing a warning (git-fixes). - kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-fixes). - leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes). - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes). - libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-fixes). - md: fix bi_status reporting in md_end_clone_io (bsc#1210443). - media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes). - media: dt-bindings: ov8856: decouple lanes and link frequency from driver (git-fixes). - media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (git-fixes). - media: imx355: Enable runtime PM before registering async sub-device (git-fixes). - media: ov9734: Enable runtime PM before registering async sub-device (git-fixes). - media: pvrusb2: fix use after free on context disconnection (git-fixes). - media: rkisp1: Disable runtime PM in probe error path (git-fixes). - media: rkisp1: Fix media device memory leak (git-fixes). - media: rkisp1: Read the ID register at probe time instead of streamon (git-fixes). - media: videobuf2-dma-sg: fix vmap callback (git-fixes). - mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes). - misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes). - mm: fs: initialize fsdata passed to write_begin/write_end interface (git-fixes). - mmc: core: Cancel delayed work before releasing host (git-fixes). - modpost: move __attribute__((format(printf, 2, 3))) to modpost.h (git-fixes). - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes). - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-fixes). - mtd: rawnand: pl353: Fix kernel doc (git-fixes). - mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-fixes). - mtd: rawnand: rockchip: Rename a structure (git-fixes). - net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes). - net: usb: ax88179_178a: Bind only to vendor-specific interface (bsc#1218948). - net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948). - net: usb: ax88179_178a: move priv to driver_priv (git-fixes). - net: usb: ax88179_178a: remove redundant init code (git-fixes). - net: usb: ax88179_178a: restore state on resume (bsc#1218948). - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes). - nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349). - nfsd: fix RELEASE_LOCKOWNER (bsc#1218968). - nouveau/tu102: flush all pdbs on vmm flush (git-fixes). - nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes). - nsfs: add compat ioctl handler (git-fixes). - nvme-loop: always quiesce and cancel commands before destroying admin q (bsc#1211515). - nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes). - nvme-pci: fix sleeping function called from interrupt context (git-fixes). - nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-fixes). - nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515). - nvme: fix max_discard_sectors calculation (git-fixes). - nvme: introduce helper function to get ctrl state (git-fixes). - nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515). - nvme: start keep-alive after admin queue setup (bsc#1211515). - nvme: trace: avoid memcpy overflow warning (git-fixes). - nvmet: re-fix tracing strncpy() warning (git-fixes). - of: Fix double free in of_parse_phandle_with_args_map (git-fixes). - of: unittest: Fix of_count_phandle_with_args() expected value message (git-fixes). - parport: parport_serial: Add Brainboxes BAR details (git-fixes). - parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes). - pci: Drop PCI vmd patches that caused a regression (bsc#1218005) - perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958). - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (bsc#1218958). - perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (bsc#1219512). - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes). - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes). - pinctrl: intel: Revert 'Unexport intel_pinctrl_probe()' (git-fixes). - platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620). - platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620). - platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620). - platform/x86/amd/hsmp: improve the error log (jsc#PED-7620). - platform/x86: ISST: Reduce noise for missing numa information in logs (bsc#1219285). - platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620). - power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes). - power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes). - powerpc/fadump: reset dump area size if fadump memory reserve fails (bsc#1194869). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes). - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869). - powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes). - powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729). - powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1194869). - powerpc/pseries: fix potential memory leak in init_cpu_associativity() (bsc#1194869). - powerpc/xive: Fix endian conversion size (bsc#1194869). - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes). - pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes). - pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes). - pwm: stm32: Fix enable count for clk in .probe() (git-fixes). - pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes). - pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-fixes). - r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes). - r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-fixes). - ring-buffer/Documentation: Add documentation on buffer_percent file (git-fixes). - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (git-fixes). - s390/dasd: fix double module refcount decrement (bsc#1141539). - s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1219006). - s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012). - s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (git-fixes bsc#1219014). - s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (git-fixes bsc#1219013). - s390/vfio-ap: unpin pages on gisc registration failure (git-fixes bsc#1218723). - sched/isolation: add cpu_is_isolated() API (bsc#1217895). - scripts/kernel-doc: restore warning for Excess struct/union (git-fixes). - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes). - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes). - scsi: core: Always send batch on reset or error handling command (git-fixes). - scsi: fnic: Return error if vmalloc() failed (git-fixes). - scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes). - scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes). - scsi: hisi_sas: Fix warnings detected by sparse (git-fixes). - scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes). - scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes). - scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes). - scsi: hisi_sas: Replace with standard error code return value (git-fixes). - scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes). - scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-fixes). - scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (git-fixes). - scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097). - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097). - scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes). - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes). - scsi: lpfc: Change VMID driver load time parameters to read only (bsc#1219582). - scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (bsc#1219582). - scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (bsc#1219582). - scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582). - scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes). - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes). - scsi: mpt3sas: Fix an outdated comment (git-fixes). - scsi: mpt3sas: Fix in error path (git-fixes). - scsi: mpt3sas: Fix loop logic (bsc#1219067). - scsi: mpt3sas: Fix loop logic (git-fixes). - scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes). - scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (git-fixes). - scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes). - selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes). - serial: 8250: omap: Do not skip resource freeing if pm_runtime_resume_and_get() failed (git-fixes). - serial: core: Fix atomicity violation in uart_tiocmget (git-fixes). - serial: imx: Correct clock error message in function probe() (git-fixes). - serial: imx: fix tx statemachine deadlock (git-fixes). - serial: max310x: fail probe if clock crystal is unstable (git-fixes). - serial: max310x: improve crystal stable clock detection (git-fixes). - serial: max310x: set default value when reading clock ready bit (git-fixes). - serial: sc16is7xx: add check for unsupported SPI modes during probe (git-fixes). - serial: sc16is7xx: set safe default SPI clock frequency (git-fixes). - serial: sccnxp: Improve error message if regulator_disable() fails (git-fixes). - series.conf: the patch is not in git and breaks series_insert.py - shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-fixes). - software node: Let args be NULL in software_node_get_reference_args (git-fixes). - spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes). - swiotlb-xen: provide the 'max_mapping_size' method (git-fixes). - swiotlb: fix a braino in the alignment check fix (bsc#1216559). - swiotlb: fix slot alignment checks (bsc#1216559). - trace,smp: Add tracepoints around remotelly called functions (bsc#1217895). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes). - tracing: Add size check when printing trace_marker output (git-fixes). - tracing: Ensure visibility when inserting an element into tracing_map (git-fixes). - tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes). - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (git-fixes). - tracing: Increase trace array ref count on enable and filter files (bsc#1219490). - ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex (git-fixes). - ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted (git-fixes). - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-fixes). - uio: Fix use-after-free in uio_open (git-fixes). - usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-fixes). - usb: cdns3: fix uvc failure work since sg support enabled (git-fixes). - usb: chipidea: wait controller resume finished for wakeup irq (git-fixes). - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes). - usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes). - usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes). - usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes). - usb: otg numberpad exception (bsc#1218527). - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (git-fixes). - usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes). - usb: ucsi: Add missing ppm_lock (git-fixes). - usb: ucsi_acpi: Fix command completion handling (git-fixes). - usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-fixes). - usr/Kconfig: fix typos of 'its' (git-fixes). - vfs: make freeze_super abort when sync_filesystem returns error (git-fixes). - vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes). - virtio-mmio: fix memory leak of vm_dev (git-fixes). - virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes). - vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (git-fixes). - watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes). - watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes). - watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (git-fixes). - watchdog: set cdev owner before adding (git-fixes). - wifi: ath11k: Defer on rproc_get failure (git-fixes). - wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes). - wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes). - wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-fixes). - wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes). - wifi: libertas: stop selecting wext (git-fixes). - wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes). - wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-fixes). - wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes). - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes). - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-fixes). - wifi: rtlwifi: add calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-fixes). - wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes). - x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616). - x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622). - x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623). - x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622). - x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616). - x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615). - x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). - x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes). - x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown() (git-fixes). - x86/mce: Cleanup mce_usable_address() (jsc#PED-7623). - x86/mce: Define amd_mce_usable_address() (jsc#PED-7623). - xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes). - xen/events: fix delayed eoi list handling (git-fixes). - xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes). - xhci: cleanup xhci_hub_control port references (git-fixes). - xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes). - xhci: track port suspend state correctly in unsuccessful resume cases (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:534-1 Released: Tue Feb 20 08:48:52 2024 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1218762,1218763 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.9 (bsc#1218762, bsc#1218763) - Remove duplicate data collection for the plugin itself - Collect archive metering data when available - Query billing flavor status ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:549-1 Released: Tue Feb 20 17:05:52 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:555-1 Released: Tue Feb 20 17:22:17 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:564-1 Released: Wed Feb 21 07:18:18 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219425 This update for suseconnect-ng fixes the following issues: - Allow SUSEConnect on read write transactional systems (bsc#1219425) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:574-1 Released: Wed Feb 21 10:39:55 2024 Summary: Security update for bind Type: security Severity: important References: 1219823,1219826,1219851,1219852,1219853,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-5679,CVE-2023-6516 This update for bind fixes the following issues: Update to release 9.16.48: - CVE-2023-50387: Fixed a denial-of-service caused by DNS messages containing a lot of DNSSEC signatures (bsc#1219823). - CVE-2023-50868: Fixed a denial-of-service caused by NSEC3 closest encloser proof (bsc#1219826). - CVE-2023-4408: Fixed a denial-of-service caused by DNS messages with many different names (bsc#1219851). - CVE-2023-5517: Fixed a possible crash when nxdomain-redirect was enabled (bsc#1219852). - CVE-2023-5679: Fixed a possible crash when bad interaction between DNS64 and serve-stale, when both of these features are enabled (bsc#1219853). - CVE-2023-6516: Fixed excessive memory consumption when continuously trigger the cache database maintenance (bsc#1219854). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:581-1 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Type: security Severity: moderate References: 1210638,CVE-2023-27043 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:586-1 Released: Thu Feb 22 09:54:21 2024 Summary: Security update for docker Type: security Severity: important References: 1219267,1219268,1219438,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438). * CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268). * CVE-2024-23651: Fixed race condition in mount (bsc#1219267). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:588-1 Released: Thu Feb 22 10:06:31 2024 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1218494 This update for kdump fixes the following issues: - dracut: always create fstab, even if empty (bsc#1218494) - fix NOSPLIT option - Honor the KDUMP_VERBOSE setting in kdump-save ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:596-1 Released: Thu Feb 22 20:05:29 2024 Summary: Security update for openssh Type: security Severity: important References: 1218215,CVE-2023-51385 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:609-1 Released: Mon Feb 26 05:31:53 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1217102 This update for grub2 fixes the following issues: - Fix PowerPC grub slow loading time (bsc#1217102) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:638-1 Released: Tue Feb 27 10:36:11 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1218862,1218865,CVE-2024-0553,CVE-2024-0567 This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862). - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:794-1 Released: Thu Mar 7 10:33:17 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). The following package changes have been done: - bind-utils-9.16.48-150500.8.16.1 updated - docker-24.0.7_ce-150000.193.1 updated - google-guest-agent-20231031.01-150000.1.43.1 updated - google-guest-oslogin-20231101.00-150000.1.38.1 updated - grub2-i386-pc-2.06-150500.29.16.1 updated - grub2-x86_64-efi-2.06-150500.29.16.1 updated - grub2-2.06-150500.29.16.1 updated - hwdata-0.378-150000.3.65.1 updated - kdump-1.0.2+git45.g7e4faf4-150500.3.3.1 updated - kernel-default-5.14.21-150500.55.49.1 updated - libgnutls30-3.7.3-150400.4.41.3 updated - libopenssl1_1-1.1.1l-150500.17.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.54.1 updated - libsolv-tools-0.7.28-150400.3.16.2 updated - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - libxml2-2-2.10.3-150500.5.14.1 updated - libzypp-17.31.31-150400.3.52.2 updated - netcfg-11.6-150000.3.6.1 updated - openssh-clients-8.4p1-150300.3.30.1 updated - openssh-common-8.4p1-150300.3.30.1 updated - openssh-server-8.4p1-150300.3.30.1 updated - openssh-8.4p1-150300.3.30.1 updated - openssl-1_1-1.1.1l-150500.17.25.1 updated - python3-base-3.6.15-150300.10.54.1 updated - python3-bind-9.16.48-150500.8.16.1 updated - python3-3.6.15-150300.10.54.1 updated - rpm-ndb-4.14.3-150400.59.7.1 updated - runc-1.1.12-150000.61.2 updated - sudo-1.9.12p1-150500.7.7.1 updated - supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 updated - suse-build-key-12.0-150000.8.43.1 updated - suseconnect-ng-1.7.0~git0.5338270-150500.3.15.1 updated - timezone-2024a-150000.75.28.1 updated From sle-container-updates at lists.suse.com Mon Mar 11 15:24:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:24:33 +0100 (CET) Subject: SUSE-CU-2024:879-1: Security update of suse/sles12sp5 Message-ID: <20240311152433.DDCC7F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:879-1 Container Tags : suse/sles12sp5:6.5.572 , suse/sles12sp5:latest Container Release : 6.5.572 Severity : moderate Type : security References : 1218571 1219238 1219243 CVE-2023-7207 CVE-2024-0727 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:814-1 Released: Fri Mar 8 09:31:47 2024 Summary: Security update for openssl-1_0_0 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_0_0 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:825-1 Released: Mon Mar 11 14:14:35 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) The following package changes have been done: - cpio-2.11-36.21.1 updated - libopenssl1_0_0-1.0.2p-3.90.1 updated - openssl-1_0_0-1.0.2p-3.90.1 updated From sle-container-updates at lists.suse.com Mon Mar 11 15:25:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:25:26 +0100 (CET) Subject: SUSE-CU-2024:880-1: Recommended update of suse/389-ds Message-ID: <20240311152527.00614F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:880-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-20.27 , suse/389-ds:latest Container Release : 20.27 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libidn2-0-2.2.0-3.6.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libxml2-2-2.10.3-150500.5.14.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:25:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:25:56 +0100 (CET) Subject: SUSE-CU-2024:881-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240311152556.B5FEAF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:881-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-24.15 , bci/dotnet-aspnet:6.0.27 , bci/dotnet-aspnet:6.0.27-24.15 Container Release : 24.15 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - info-6.5-4.17 removed - krb5-1.20.1-150500.3.3.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libjitterentropy3-3.4.0-150000.1.9.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150500.17.25.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.14.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:26:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:26:25 +0100 (CET) Subject: SUSE-CU-2024:882-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240311152625.16B1AF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:882-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-24.15 , bci/dotnet-aspnet:7.0.16 , bci/dotnet-aspnet:7.0.16-24.15 Container Release : 24.15 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - info-6.5-4.17 removed - krb5-1.20.1-150500.3.3.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libjitterentropy3-3.4.0-150000.1.9.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150500.17.25.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.14.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:26:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:26:31 +0100 (CET) Subject: SUSE-CU-2024:883-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240311152631.162E8F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:883-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-6.15 , bci/dotnet-aspnet:8.0.2 , bci/dotnet-aspnet:8.0.2-6.15 , bci/dotnet-aspnet:latest Container Release : 6.15 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - info-6.5-4.17 removed - krb5-1.20.1-150500.3.3.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libjitterentropy3-3.4.0-150000.1.9.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150500.17.25.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.14.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:27:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:27:10 +0100 (CET) Subject: SUSE-CU-2024:884-1: Recommended update of bci/dotnet-sdk Message-ID: <20240311152710.E2EFBF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:884-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-23.15 , bci/dotnet-sdk:6.0.27 , bci/dotnet-sdk:6.0.27-23.15 Container Release : 23.15 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - info-6.5-4.17 removed - krb5-1.20.1-150500.3.3.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libjitterentropy3-3.4.0-150000.1.9.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150500.17.25.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.14.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:27:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:27:46 +0100 (CET) Subject: SUSE-CU-2024:885-1: Recommended update of bci/dotnet-sdk Message-ID: <20240311152746.819E0F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:885-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-25.15 , bci/dotnet-sdk:7.0.16 , bci/dotnet-sdk:7.0.16-25.15 Container Release : 25.15 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - info-6.5-4.17 removed - krb5-1.20.1-150500.3.3.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libjitterentropy3-3.4.0-150000.1.9.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150500.17.25.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.14.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:27:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:27:53 +0100 (CET) Subject: SUSE-CU-2024:886-1: Recommended update of bci/dotnet-sdk Message-ID: <20240311152753.BEA4CF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:886-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-6.15 , bci/dotnet-sdk:8.0.2 , bci/dotnet-sdk:8.0.2-6.15 , bci/dotnet-sdk:latest Container Release : 6.15 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - info-6.5-4.17 removed - krb5-1.20.1-150500.3.3.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libjitterentropy3-3.4.0-150000.1.9.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150500.17.25.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.14.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:28:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:28:21 +0100 (CET) Subject: SUSE-CU-2024:887-1: Recommended update of bci/dotnet-runtime Message-ID: <20240311152821.86BD9F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:887-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-23.15 , bci/dotnet-runtime:6.0.27 , bci/dotnet-runtime:6.0.27-23.15 Container Release : 23.15 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - info-6.5-4.17 removed - krb5-1.20.1-150500.3.3.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libjitterentropy3-3.4.0-150000.1.9.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150500.17.25.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.14.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:28:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:28:48 +0100 (CET) Subject: SUSE-CU-2024:888-1: Recommended update of bci/dotnet-runtime Message-ID: <20240311152848.3C01FF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:888-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-25.15 , bci/dotnet-runtime:7.0.16 , bci/dotnet-runtime:7.0.16-25.15 Container Release : 25.15 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - info-6.5-4.17 removed - krb5-1.20.1-150500.3.3.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libjitterentropy3-3.4.0-150000.1.9.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150500.17.25.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.3.1 removed - libssh4-0.9.8-150400.3.3.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.14.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:28:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:28:51 +0100 (CET) Subject: SUSE-CU-2024:889-1: Recommended update of bci/dotnet-runtime Message-ID: <20240311152851.B6C3DF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:889-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-6.15 , bci/dotnet-runtime:8.0.2 , bci/dotnet-runtime:8.0.2-6.15 , bci/dotnet-runtime:latest Container Release : 6.15 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - info-6.5-4.17 removed - krb5-1.20.1-150500.3.3.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libjitterentropy3-3.4.0-150000.1.9.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150500.17.25.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.14.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:29:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:29:13 +0100 (CET) Subject: SUSE-CU-2024:890-1: Security update of bci/golang Message-ID: <20240311152913.03316F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:890-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.2.25 , bci/golang:oldstable , bci/golang:oldstable-2.2.25 Container Release : 2.25 Severity : important Type : security References : 1212475 1212475 1219988 1220385 1220999 1221000 1221001 1221002 1221003 CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:734-1 Released: Thu Feb 29 13:16:38 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.7 (released 2024-02-06) includes fixes to the compiler, the go command, the runtime, and the crypto/x509 package. (bsc#1212475 go1.21 release tracking) * go#63209 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21 * go#63768 runtime: pinner.Pin doesn't panic when it says it will * go#64497 cmd/go: flag modcacherw does not take effect in the target package * go#64761 staticlockranking builders failing on release branches on LUCI * go#64935 runtime: 'traceback: unexpected SPWRITE function runtime.systemstack' * go#65023 x/tools/go/analysis/unitchecker,slices: TestVetStdlib failing due to vet errors in panic tests * go#65053 cmd/compile: //go:build file version ignored when calling generic fn which has related type params * go#65323 crypto: rollback BoringCrypto fips-20220613 update * go#65351 cmd/go: go generate fails silently when run on a package in a nested workspace module * go#65380 crypto/x509: TestIssue51759 consistently failing on gotip-darwin-amd64_10.15 LUCI builder * go#65449 runtime/trace: frame pointer unwinding crash on arm64 during async preemption ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:811-1 Released: Fri Mar 8 08:43:12 2024 Summary: Security update for go1.21 Type: security Severity: important References: 1212475,1219988,1220999,1221000,1221001,1221002,1221003,CVE-2023-45289,CVE-2023-45290,CVE-2024-24783,CVE-2024-24784,CVE-2024-24785 This update for go1.21 fixes the following issues: - Upgrade go to version 1.21.8 - CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000) - CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001) - CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999) - CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002) - CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - go1.21-doc-1.21.8-150000.1.27.1 updated - go1.21-1.21.8-150000.1.27.1 updated - go1.21-race-1.21.8-150000.1.27.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcrack2-2.9.7-11.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmount1-2.37.4-150500.9.3.1 removed - libnsl2-1.2.0-2.44 removed - libpopt0-1.16-3.22 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libxml2-2-2.10.3-150500.5.14.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:29:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:29:54 +0100 (CET) Subject: SUSE-CU-2024:892-1: Security update of bci/golang Message-ID: <20240311152954.0DAA7F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:892-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.2.23 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.2.23 Container Release : 2.23 Severity : important Type : security References : 1218424 1219988 1220999 1221000 1221001 1221002 1221003 CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:812-1 Released: Fri Mar 8 08:43:31 2024 Summary: Security update for go1.22 Type: security Severity: important References: 1218424,1219988,1220999,1221000,1221001,1221002,1221003,CVE-2023-45289,CVE-2023-45290,CVE-2024-24783,CVE-2024-24784,CVE-2024-24785 This update for go1.22 fixes the following issues: - Upgrade go to version 1.22.1 - CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000) - CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001) - CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999) - CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002) - CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003) The following package changes have been done: - go1.22-doc-1.22.1-150000.1.9.1 updated - go1.22-1.22.1-150000.1.9.1 updated - go1.22-race-1.22.1-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcrack2-2.9.7-11.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmount1-2.37.4-150500.9.3.1 removed - libnsl2-1.2.0-2.44 removed - libpopt0-1.16-3.22 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libxml2-2-2.10.3-150500.5.14.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:31:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:31:12 +0100 (CET) Subject: SUSE-CU-2024:896-1: Recommended update of bci/nodejs Message-ID: <20240311153112.0DE8DF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:896-1 Container Tags : bci/node:18 , bci/node:18-16.24 , bci/nodejs:18 , bci/nodejs:18-16.24 Container Release : 16.24 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmount1-2.37.4-150500.9.3.1 removed - libpopt0-1.16-3.22 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libxml2-2-2.10.3-150500.5.14.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - perl-base-5.26.1-150300.17.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:31:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:31:22 +0100 (CET) Subject: SUSE-CU-2024:897-1: Recommended update of bci/nodejs Message-ID: <20240311153122.CB3D5F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:897-1 Container Tags : bci/node:20 , bci/node:20-6.24 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-6.24 , bci/nodejs:latest Container Release : 6.24 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmount1-2.37.4-150500.9.3.1 removed - libpopt0-1.16-3.22 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libxml2-2-2.10.3-150500.5.14.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - perl-base-5.26.1-150300.17.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:31:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:31:52 +0100 (CET) Subject: SUSE-CU-2024:898-1: Security update of bci/openjdk Message-ID: <20240311153152.B0938F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:898-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-15.25 Container Release : 15.25 Severity : important Type : security References : 1198880 1200551 1217390 CVE-2021-40633 CVE-2022-28506 CVE-2023-48161 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:786-1 Released: Wed Mar 6 21:07:20 2024 Summary: Security update for giflib Type: security Severity: important References: 1198880,1200551,1217390,CVE-2021-40633,CVE-2022-28506,CVE-2023-48161 This update for giflib fixes the following issues: Update to version 5.2.2 * Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880) * #138 Documentation for obsolete utilities still installed * #139: Typo in 'LZW image data' page ('110_2 = 4_10') * #140: Typo in 'LZW image data' page ('LWZ') * #141: Typo in 'Bits and bytes' page ('filed') * Note as already fixed SF issue #143: cannot compile under mingw * #144: giflib-5.2.1 cannot be build on windows and other platforms using c89 * #145: Remove manual pages installation for binaries that are not installed too * #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7 * #147 [PATCH] Fixes to doc/whatsinagif/ content * #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB * Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1 * Declared Won't-fix on SF issue 149: Out of source builds no longer possible * #151: A heap-buffer-overflow in gif2rgb.c:294:45 * #152: Fix some typos on the html documentation and man pages * #153: Fix segmentation faults due to non correct checking for args * #154: Recover the giffilter manual page * #155: Add gifsponge docs * #157: An OutofMemory-Exception or Memory Leak in gif2rgb * #158: There is a null pointer problem in gif2rgb * #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45 * #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c * #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c * #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c * #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c The following package changes have been done: - libgif7-5.2.2-150000.4.13.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - fillup-1.42-2.18 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - krb5-1.20.1-150500.3.3.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnsl2-1.2.0-2.44 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.14.1 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:32:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:32:27 +0100 (CET) Subject: SUSE-CU-2024:899-1: Security update of bci/openjdk-devel Message-ID: <20240311153227.D3898F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:899-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-16.52 , bci/openjdk-devel:latest Container Release : 16.52 Severity : important Type : security References : 1198880 1200551 1217390 CVE-2021-40633 CVE-2022-28506 CVE-2023-48161 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:786-1 Released: Wed Mar 6 21:07:20 2024 Summary: Security update for giflib Type: security Severity: important References: 1198880,1200551,1217390,CVE-2021-40633,CVE-2022-28506,CVE-2023-48161 This update for giflib fixes the following issues: Update to version 5.2.2 * Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880) * #138 Documentation for obsolete utilities still installed * #139: Typo in 'LZW image data' page ('110_2 = 4_10') * #140: Typo in 'LZW image data' page ('LWZ') * #141: Typo in 'Bits and bytes' page ('filed') * Note as already fixed SF issue #143: cannot compile under mingw * #144: giflib-5.2.1 cannot be build on windows and other platforms using c89 * #145: Remove manual pages installation for binaries that are not installed too * #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7 * #147 [PATCH] Fixes to doc/whatsinagif/ content * #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB * Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1 * Declared Won't-fix on SF issue 149: Out of source builds no longer possible * #151: A heap-buffer-overflow in gif2rgb.c:294:45 * #152: Fix some typos on the html documentation and man pages * #153: Fix segmentation faults due to non correct checking for args * #154: Recover the giffilter manual page * #155: Add gifsponge docs * #157: An OutofMemory-Exception or Memory Leak in gif2rgb * #158: There is a null pointer problem in gif2rgb * #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45 * #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c * #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c * #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c * #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c The following package changes have been done: - libgif7-5.2.2-150000.4.13.1 updated - container:bci-openjdk-17-15.5.17-16.24 updated - gzip-1.10-150200.10.1 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libpopt0-1.16-3.22 removed - libsystemd0-249.17-150400.8.40.1 removed - libxml2-2-2.10.3-150500.5.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:32:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:32:58 +0100 (CET) Subject: SUSE-CU-2024:900-1: Security update of bci/openjdk Message-ID: <20240311153258.70866F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:900-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-16.24 , bci/openjdk:latest Container Release : 16.24 Severity : important Type : security References : 1198880 1200551 1217390 CVE-2021-40633 CVE-2022-28506 CVE-2023-48161 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:786-1 Released: Wed Mar 6 21:07:20 2024 Summary: Security update for giflib Type: security Severity: important References: 1198880,1200551,1217390,CVE-2021-40633,CVE-2022-28506,CVE-2023-48161 This update for giflib fixes the following issues: Update to version 5.2.2 * Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880) * #138 Documentation for obsolete utilities still installed * #139: Typo in 'LZW image data' page ('110_2 = 4_10') * #140: Typo in 'LZW image data' page ('LWZ') * #141: Typo in 'Bits and bytes' page ('filed') * Note as already fixed SF issue #143: cannot compile under mingw * #144: giflib-5.2.1 cannot be build on windows and other platforms using c89 * #145: Remove manual pages installation for binaries that are not installed too * #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7 * #147 [PATCH] Fixes to doc/whatsinagif/ content * #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB * Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1 * Declared Won't-fix on SF issue 149: Out of source builds no longer possible * #151: A heap-buffer-overflow in gif2rgb.c:294:45 * #152: Fix some typos on the html documentation and man pages * #153: Fix segmentation faults due to non correct checking for args * #154: Recover the giffilter manual page * #155: Add gifsponge docs * #157: An OutofMemory-Exception or Memory Leak in gif2rgb * #158: There is a null pointer problem in gif2rgb * #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45 * #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c * #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c * #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c * #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c The following package changes have been done: - libgif7-5.2.2-150000.4.13.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - fillup-1.42-2.18 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - krb5-1.20.1-150500.3.3.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnsl2-1.2.0-2.44 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.14.1 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:34:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:34:02 +0100 (CET) Subject: SUSE-CU-2024:902-1: Recommended update of bci/php-apache Message-ID: <20240311153402.74723F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:902-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-12.24 Container Release : 12.24 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libutempter0-1.1.6-3.42 removed - ncurses-utils-6.1-150000.5.20.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:34:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:34:31 +0100 (CET) Subject: SUSE-CU-2024:903-1: Recommended update of bci/php-fpm Message-ID: <20240311153431.1A4A7F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:903-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-12.24 Container Release : 12.24 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libpopt0-1.16-3.22 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - perl-base-5.26.1-150300.17.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:34:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:34:56 +0100 (CET) Subject: SUSE-CU-2024:904-1: Recommended update of bci/php Message-ID: <20240311153456.2FD86F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:904-1 Container Tags : bci/php:8 , bci/php:8-12.25 Container Release : 12.25 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libpopt0-1.16-3.22 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - perl-base-5.26.1-150300.17.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:57:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:57:05 +0100 (CET) Subject: SUSE-CU-2024:904-1: Recommended update of bci/php Message-ID: <20240311155705.2F5DFFBA5@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:904-1 Container Tags : bci/php:8 , bci/php:8-12.25 Container Release : 12.25 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libpopt0-1.16-3.22 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - perl-base-5.26.1-150300.17.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:57:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:57:21 +0100 (CET) Subject: SUSE-CU-2024:905-1: Recommended update of suse/postgres Message-ID: <20240311155721.A1E6CFBA5@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:905-1 Container Tags : suse/postgres:15 , suse/postgres:15-17.23 , suse/postgres:15.6 , suse/postgres:15.6-17.23 Container Release : 17.23 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libidn2-0-2.2.0-3.6.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - perl-base-5.26.1-150300.17.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:57:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:57:27 +0100 (CET) Subject: SUSE-CU-2024:906-1: Recommended update of suse/postgres Message-ID: <20240311155727.ED7E7FBA5@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:906-1 Container Tags : suse/postgres:16 , suse/postgres:16-6.24 , suse/postgres:16.2 , suse/postgres:16.2-6.24 , suse/postgres:latest Container Release : 6.24 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libidn2-0-2.2.0-3.6.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - perl-base-5.26.1-150300.17.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:57:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:57:44 +0100 (CET) Subject: SUSE-CU-2024:907-1: Security update of bci/python Message-ID: <20240311155744.369D3FBA5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:907-1 Container Tags : bci/python:3 , bci/python:3-17.24 , bci/python:3.11 , bci/python:3.11-17.24 , bci/python:latest Container Release : 17.24 Severity : important Type : security References : 1196025 1210638 1219666 CVE-2022-25236 CVE-2023-27043 CVE-2023-6597 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:782-1 Released: Wed Mar 6 16:33:49 2024 Summary: Security update for python311 Type: security Severity: important References: 1196025,1210638,1219666,CVE-2022-25236,CVE-2023-27043,CVE-2023-6597 This update for python311 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2023-27043: Fixed incorrect e-mqil parsing (bsc#1210638). - CVE-2022-25236: Fixed an expat vulnerability by supporting expat >= 2.4.4 (bsc#1212015). The following package changes have been done: - libpython3_11-1_0-3.11.8-150400.9.23.1 updated - python311-base-3.11.8-150400.9.23.1 updated - python311-3.11.8-150400.9.23.1 updated - python311-devel-3.11.8-150400.9.23.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - fillup-1.42-2.18 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcrack2-2.9.7-11.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmount1-2.37.4-150500.9.3.1 removed - libpopt0-1.16-3.22 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libutempter0-1.1.6-3.42 removed - libxml2-2-2.10.3-150500.5.14.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:58:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:58:00 +0100 (CET) Subject: SUSE-CU-2024:908-1: Recommended update of bci/python Message-ID: <20240311155800.4B788FBA5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:908-1 Container Tags : bci/python:3 , bci/python:3-18.24 , bci/python:3.6 , bci/python:3.6-18.24 Container Release : 18.24 Severity : important Type : recommended References : 1220385 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - fillup-1.42-2.18 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcrack2-2.9.7-11.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmount1-2.37.4-150500.9.3.1 removed - libpopt0-1.16-3.22 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libxml2-2-2.10.3-150500.5.14.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:58:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:58:08 +0100 (CET) Subject: SUSE-CU-2024:910-1: Recommended update of suse/rmt-mariadb Message-ID: <20240311155808.3659EFBA5@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:910-1 Container Tags : suse/mariadb:10.6 , suse/mariadb:10.6-19.6 , suse/mariadb:latest , suse/rmt-mariadb:10.6 , suse/rmt-mariadb:10.6-19.6 , suse/rmt-mariadb:latest Container Release : 19.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libidn2-0-2.2.0-3.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - libmagic1-5.32-7.14.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libunistring2-0.9.10-1.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - sles-release-15.5-150500.43.4 removed - tar-1.34-150000.3.34.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:58:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:58:17 +0100 (CET) Subject: SUSE-CU-2024:911-1: Recommended update of suse/rmt-server Message-ID: <20240311155817.6945DFBA5@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:911-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-15.22 , suse/rmt-server:latest Container Release : 15.22 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libidn2-0-2.2.0-3.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmagic1-5.32-7.14.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libunistring2-0.9.10-1.1 removed - libzstd1-1.5.0-150400.3.3.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - perl-base-5.26.1-150300.17.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - sles-release-15.5-150500.43.4 removed - tar-1.34-150000.3.34.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:58:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:58:35 +0100 (CET) Subject: SUSE-CU-2024:912-1: Recommended update of bci/ruby Message-ID: <20240311155835.12082F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:912-1 Container Tags : bci/ruby:2 , bci/ruby:2-16.21 , bci/ruby:2.5 , bci/ruby:2.5-16.21 , bci/ruby:latest Container Release : 16.21 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libpopt0-1.16-3.22 removed - libsystemd0-249.17-150400.8.40.1 removed - libxml2-2-2.10.3-150500.5.14.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - perl-base-5.26.1-150300.17.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - sles-release-15.5-150500.43.4 removed - tar-1.34-150000.3.34.1 removed From sle-container-updates at lists.suse.com Mon Mar 11 15:59:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 Mar 2024 16:59:27 +0100 (CET) Subject: SUSE-CU-2024:916-1: Recommended update of suse/sle15 Message-ID: <20240311155927.A71C9F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:916-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.10 , suse/sle15:15.5 , suse/sle15:15.5.36.11.10 Container Release : 36.11.10 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - timezone-2024a-150000.75.28.1 updated From sle-container-updates at lists.suse.com Tue Mar 12 08:04:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 Mar 2024 09:04:50 +0100 (CET) Subject: SUSE-CU-2024:919-1: Security update of suse/sle15 Message-ID: <20240312080450.95792F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:919-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.417 Container Release : 9.5.417 Severity : moderate Type : security References : 1218571 1219238 1219243 CVE-2023-7207 CVE-2024-0727 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:824-1 Released: Fri Mar 8 17:34:36 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:832-1 Released: Mon Mar 11 10:30:30 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). The following package changes have been done: - cpio-2.12-150000.3.12.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.85.1 updated - libopenssl1_1-1.1.1d-150200.11.85.1 updated - openssl-1_1-1.1.1d-150200.11.85.1 updated From sle-container-updates at lists.suse.com Wed Mar 13 08:04:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Mar 2024 09:04:02 +0100 (CET) Subject: SUSE-CU-2024:923-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240313080402.6EB75F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:923-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.173 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.173 Severity : important Type : security References : 1219026 1220389 CVE-2023-42465 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:794-1 Released: Thu Mar 7 10:33:17 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). The following package changes have been done: - sudo-1.9.12p1-150500.7.7.1 updated - timezone-2024a-150000.75.28.1 updated - container:sles15-image-15.0.0-36.11.10 updated From sle-container-updates at lists.suse.com Wed Mar 13 08:06:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Mar 2024 09:06:48 +0100 (CET) Subject: SUSE-CU-2024:928-1: Recommended update of suse/pcp Message-ID: <20240313080648.44971F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:928-1 Container Tags : suse/pcp:5 , suse/pcp:5-22.42 , suse/pcp:5.2 , suse/pcp:5.2-22.42 , suse/pcp:5.2.5 , suse/pcp:5.2.5-22.42 , suse/pcp:latest Container Release : 22.42 Severity : important Type : recommended References : 1198533 1214169 1218952 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:03 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) The following package changes have been done: - libuv1-1.44.2-150500.3.2.1 updated From sle-container-updates at lists.suse.com Wed Mar 13 08:05:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Mar 2024 09:05:36 +0100 (CET) Subject: SUSE-CU-2024:924-1: Recommended update of suse/sles12sp5 Message-ID: <20240313080536.07306F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:924-1 Container Tags : suse/sles12sp5:6.5.574 , suse/sles12sp5:latest Container Release : 6.5.574 Severity : moderate Type : recommended References : 1219442 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:843-1 Released: Tue Mar 12 09:12:42 2024 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1219442 This update for libzypp fixes the following issues: - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Update to version 16.22.12 The following package changes have been done: - libzypp-16.22.12-62.1 updated From sle-container-updates at lists.suse.com Wed Mar 13 08:06:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Mar 2024 09:06:51 +0100 (CET) Subject: SUSE-CU-2024:933-1: Security update of suse/sle15 Message-ID: <20240313080651.28D65F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:933-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.45.2.72 , suse/sle15:15.6 , suse/sle15:15.6.45.2.72 Container Release : 45.2.72 Severity : important Type : security References : 1200734 1200735 1200736 1200737 1202593 1202870 1204383 1204386 1206308 1206309 1207789 1207990 1207991 1207992 1209209 1209210 1209211 1209212 1209214 1211230 1211231 1211232 1211233 1211886 1212475 1213237 1215026 1215888 1215889 1216752 1216987 1217573 1217574 1219123 1219189 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-42916 CVE-2022-43551 CVE-2022-43552 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-32001 CVE-2023-38039 CVE-2023-38545 CVE-2023-38546 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:734-1 Released: Thu Feb 29 13:16:38 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.7 (released 2024-02-06) includes fixes to the compiler, the go command, the runtime, and the crypto/x509 package. (bsc#1212475 go1.21 release tracking) * go#63209 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21 * go#63768 runtime: pinner.Pin doesn't panic when it says it will * go#64497 cmd/go: flag modcacherw does not take effect in the target package * go#64761 staticlockranking builders failing on release branches on LUCI * go#64935 runtime: 'traceback: unexpected SPWRITE function runtime.systemstack' * go#65023 x/tools/go/analysis/unitchecker,slices: TestVetStdlib failing due to vet errors in panic tests * go#65053 cmd/compile: //go:build file version ignored when calling generic fn which has related type params * go#65323 crypto: rollback BoringCrypto fips-20220613 update * go#65351 cmd/go: go generate fails silently when run on a package in a nested workspace module * go#65380 crypto/x509: TestIssue51759 consistently failing on gotip-darwin-amd64_10.15 LUCI builder * go#65449 runtime/trace: frame pointer unwinding crash on arm64 during async preemption ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - branding-SLE-15-150600.43.4 updated - container-suseconnect-2.4.0-150000.4.50.2 updated - cracklib-dict-small-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - curl-8.0.1-150400.5.41.1 updated - glibc-2.38-150600.6.2 updated - gpg2-2.4.4-150600.1.3 updated - krb5-1.20.1-150600.8.4 updated - kubic-locale-archive-2.38-150600.18.3 updated - libaugeas0-1.14.1-150600.1.2 updated - libblkid1-2.39.3-150600.1.15 updated - libcom_err2-1.47.0-150600.2.25 updated - libcrack2-2.9.11-150600.1.89 updated - libcurl4-8.0.1-150400.5.41.1 updated - libfa1-1.14.1-150600.1.2 updated - libfdisk1-2.39.3-150600.1.15 updated - libgcrypt20-1.10.3-150600.1.9 updated - libglib-2_0-0-2.78.3-150600.1.6 updated - libgpg-error0-1.47-150600.1.2 updated - libgpgme11-1.23.0-150600.1.24 updated - libjitterentropy3-3.4.0-150000.1.9.1 added - libksba8-1.6.4-150600.1.2 updated - libldap-2_4-2-2.4.46-150600.23.6 updated - libldap-data-2.4.46-150600.23.6 updated - liblz4-1-1.9.4-150600.1.3 updated - liblzma5-5.4.6-150600.1.16 updated - libmount1-2.39.3-150600.1.15 updated - libnghttp2-14-1.40.0-150600.22.2 updated - libopenssl-3-fips-provider-3.1.4-150600.1.17 updated - libopenssl1_1-1.1.1w-150600.1.8 added - libopenssl3-3.1.4-150600.1.17 updated - libpcre2-8-0-10.42-150600.1.25 updated - libsasl2-3-2.1.28-150600.5.2 updated - libselinux1-3.5-150600.1.45 updated - libsemanage-conf-3.5-150600.1.48 updated - libsemanage2-3.5-150600.1.48 updated - libsepol2-3.5-150600.1.48 updated - libsigc-2_0-0-2.12.1-150600.1.2 updated - libsmartcols1-2.39.3-150600.1.15 updated - libssh-config-0.9.8-150600.8.2 updated - libssh4-0.9.8-150600.8.2 updated - libsystemd0-254.9-150600.2.8 updated - libudev1-254.9-150600.2.8 updated - libuuid1-2.39.3-150600.1.15 updated - libzck1-1.1.16-150600.9.2 updated - libzstd1-1.5.5-150600.1.2 updated - libzypp-17.31.31-150600.8.4 updated - login_defs-4.8.1-150600.15.44 updated - netcfg-11.6-150000.3.6.1 updated - openssl-3-3.1.4-150600.1.17 updated - openssl-3.1.4-150600.1.18 updated - patterns-base-fips-20200124-150600.29.2 updated - patterns-base-minimal_base-20200124-150600.29.2 updated - rpm-ndb-4.14.3-150400.59.7.1 updated - sed-4.9-150600.1.3 updated - shadow-4.8.1-150600.15.44 updated - skelcd-EULA-bci-2023.03.06-150600.7.2 updated - sle-module-basesystem-release-15.6-150600.26.3 updated - sle-module-python3-release-15.6-150600.26.3 updated - sle-module-server-applications-release-15.6-150600.26.3 updated - sles-release-15.6-150600.26.8 updated - suse-build-key-12.0-150000.8.43.1 updated - timezone-2024a-150000.75.28.1 updated - util-linux-2.39.3-150600.1.15 updated From sle-container-updates at lists.suse.com Wed Mar 13 08:06:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Mar 2024 09:06:15 +0100 (CET) Subject: SUSE-CU-2024:926-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240313080615.62092F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:926-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.10 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.10 Container Release : 3.10 Severity : moderate Type : security References : 1219243 1220117 CVE-2024-0727 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:833-1 Released: Mon Mar 11 10:31:14 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:838-1 Released: Tue Mar 12 06:46:28 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1220117 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) The following package changes have been done: - libblkid1-2.37.2-150400.8.26.1 updated - libfdisk1-2.37.2-150400.8.26.1 updated - libmount1-2.37.2-150400.8.26.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.63.1 updated - libopenssl1_1-1.1.1l-150400.7.63.1 updated - libsmartcols1-2.37.2-150400.8.26.1 updated - libuuid1-2.37.2-150400.8.26.1 updated - openssl-1_1-1.1.1l-150400.7.63.1 updated - timezone-2024a-150000.75.28.1 updated - util-linux-2.37.2-150400.8.26.1 updated From sle-container-updates at lists.suse.com Wed Mar 13 08:07:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Mar 2024 09:07:10 +0100 (CET) Subject: SUSE-CU-2024:934-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240313080710.45A4FF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:934-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.11 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.49.11 Severity : important Type : recommended References : 1198533 1214169 1218952 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:03 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) The following package changes have been done: - python3-netifaces-0.10.6-150000.3.2.1 updated From sle-container-updates at lists.suse.com Wed Mar 13 08:06:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Mar 2024 09:06:19 +0100 (CET) Subject: SUSE-CU-2024:927-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240313080619.7384CF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:927-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.5 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.5.11.8.2 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 11.8.2 Severity : important Type : security References : 1194869 1206453 1209412 1213456 1216776 1217927 1218195 1218216 1218450 1218527 1218663 1218915 1219126 1219127 1219141 1219146 1219295 1219443 1219653 1219827 1219835 1219839 1219840 1219934 1220003 1220009 1220021 1220030 1220106 1220140 1220187 1220238 1220240 1220241 1220243 1220250 1220251 1220253 1220254 1220255 1220257 1220267 1220277 1220317 1220326 1220328 1220330 1220335 1220344 1220348 1220350 1220364 1220392 1220393 1220398 1220409 1220444 1220457 1220459 1220649 1220796 1220825 CVE-2019-25162 CVE-2021-46923 CVE-2021-46924 CVE-2021-46932 CVE-2023-28746 CVE-2023-5197 CVE-2023-52340 CVE-2023-52429 CVE-2023-52439 CVE-2023-52443 CVE-2023-52445 CVE-2023-52447 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52452 CVE-2023-52456 CVE-2023-52457 CVE-2023-52463 CVE-2023-52464 CVE-2023-52475 CVE-2023-52478 CVE-2023-6817 CVE-2024-0607 CVE-2024-1151 CVE-2024-23849 CVE-2024-23850 CVE-2024-23851 CVE-2024-25744 CVE-2024-26585 CVE-2024-26586 CVE-2024-26589 CVE-2024-26591 CVE-2024-26593 CVE-2024-26595 CVE-2024-26598 CVE-2024-26602 CVE-2024-26603 CVE-2024-26622 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:858-1 Released: Wed Mar 13 01:09:39 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1206453,1209412,1213456,1216776,1217927,1218195,1218216,1218450,1218527,1218663,1218915,1219126,1219127,1219141,1219146,1219295,1219443,1219653,1219827,1219835,1219839,1219840,1219934,1220003,1220009,1220021,1220030,1220106,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220251,1220253,1220254,1220255,1220257,1220267,1220277,1220317,1220326,1220328,1220330,1220335,1220344,1220348,1220350,1220364,1220392,1220393,1220398,1220409,1220444,1220457,1220459,1220649,1220796,1220825,CVE-2019-25162,CVE-2021-46923,CVE-2021-46924,CVE-2021-46932,CVE-2023-28746,CVE-2023-5197,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52447,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52452,CVE-2023-52456,CVE-2023-52457,CVE-2023-52463,CVE-2023-52464,CVE-2023-52475,CVE-2023-52478,CVE-2023-6817,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23850,CVE-2024-23851,CVE-2024-25744,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-2659 1,CVE-2024-26593,CVE-2024-26595,CVE-2024-26598,CVE-2024-26602,CVE-2024-26603,CVE-2024-26622 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). - CVE-2023-52340: Fixed ICMPv6 ???Packet Too Big??? packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). - CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). - CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146). - CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). The following non-security bugs were fixed: - acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes). - acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes). - acpi: extlog: fix null pointer dereference check (git-fixes). - acpi: resource: add asus model s5402za to quirks (git-fixes). - acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes). - acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes). - acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes). - acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes). - add reference to recently released cve - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes). - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes). - afs: hide silly-rename files from userspace (git-fixes). - afs: increase buffer size in afs_update_volume_status() (git-fixes). - ahci: asm1166: correct count of reported ports (git-fixes). - alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes). - alsa: firewire-lib: fix to check cycle continuity (git-fixes). - alsa: hda/conexant: add quirk for sws js201d (git-fixes). - alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes). - alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes). - alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes). - alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes). - alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes). - alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes). - alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes). - alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes). - alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes). - alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes). - alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes). - alsa: usb-audio: check presence of valid altsetting control (git-fixes). - alsa: usb-audio: ignore clock selector errors for single connection (git-fixes). - alsa: usb-audio: more relaxed check of midi jack names (git-fixes). - alsa: usb-audio: sort quirk table entries (git-fixes). - arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443) - arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443) - arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443) - arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround. - arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break. - arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break - arm64: irq: set the correct node for shadow call stack (git-fixes) - arm64: irq: set the correct node for vmap stack (git-fixes) - arm64: rename arm64_workaround_2966298 (bsc#1219443) - arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes) - asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes). - asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes). - asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes). - asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes). - atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes). - bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes). - bluetooth: enforce validation on max value of connection interval (git-fixes). - bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes). - bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes). - bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes). - bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes). - bluetooth: l2cap: fix possible multiple reject send (git-fixes). - bluetooth: qca: fix wrong event type for patch config command (git-fixes). - bpf: fix verification of indirect var-off stack access (git-fixes). - bpf: guard stack limits against 32bit overflow (git-fixes). - bpf: minor logging improvement (bsc#1220257). - bus: moxtet: add spi device table (git-fixes). - cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267). - can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes). - crypto: api - disallow identical driver names (git-fixes). - crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes). - crypto: octeontx2 - fix cptvf driver cleanup (git-fixes). - crypto: stm32/crc32 - fix parsing list of devices (git-fixes). - dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes). - dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes). - dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes). - dmaengine: fsl-qdma: init irq after reg initialization (git-fixes). - dmaengine: ptdma: use consistent dma masks (git-fixes). - dmaengine: shdma: increase size of 'dev_id' (git-fixes). - dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes). - driver core: fix device_link_flag_is_sync_state_only() (git-fixes). - drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes). - drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes). - drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes). - drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes). - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes). - drm/amd/display: preserve original aspect ratio in create stream (git-fixes). - drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes). - drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes). - drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes). - drm/buddy: fix range bias (git-fixes). - drm/crtc: fix uninitialized variable use even harder (git-fixes). - drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes). - drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes). - drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes). - drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes). - drm/prime: support page array >= 4gb (git-fixes). - drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes). - drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes). - drop bcm5974 input patch causing a regression (bsc#1220030) - efi/capsule-loader: fix incorrect allocation size (git-fixes). - efi: do not add memblocks for soft-reserved memory (git-fixes). - efi: runtime: fix potential overflow of soft-reserved region size (git-fixes). - fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes). - fbdev: savage: error out if pixclock equals zero (git-fixes). - fbdev: sis: error out if pixclock equals zero (git-fixes). - firewire: core: send bus reset promptly on gap count error (git-fixes). - fs: dlm: fix build with config_ipv6 disabled (git-fixes). - fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes). - gpio: 74x164: enable output pins after registers are reset (git-fixes). - gpio: fix resource unwinding order in error path (git-fixes). - gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes). - gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes). - hid: apple: add 2021 magic keyboard fn key mapping (git-fixes). - hid: apple: add support for the 2021 magic keyboard (git-fixes). - hid: wacom: do not register input devices until after hid_hw_start (git-fixes). - hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes). - hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes). - hwmon: (coretemp) enlarge per package core count limit (git-fixes). - hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes). - hwmon: (coretemp) fix out-of-bounds memory access (git-fixes). - i2c: i801: fix block process call transactions (git-fixes). - i2c: i801: remove i801_set_block_buffer_mode (git-fixes). - i2c: imx: add timer for handling the stop condition (git-fixes). - i2c: imx: when being a target, mark the last read as processed (git-fixes). - i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes). - ib/hfi1: fix a memleak in init_credit_return (git-fixes) - ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes) - iio: accel: bma400: fix a compilation problem (git-fixes). - iio: adc: ad7091r: set alert bit in config register (git-fixes). - iio: core: fix memleak in iio_device_register_sysfs (git-fixes). - iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes). - iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes). - input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes). - input: xpad - add lenovo legion go controllers (git-fixes). - irqchip/gic-v3-its: fix gicv4.1 vpe affinity update (git-fixes). - irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes). - jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes). - jfs: fix array-index-out-of-bounds in dinewext (git-fixes). - jfs: fix slab-out-of-bounds read in dtsearch (git-fixes). - jfs: fix uaf in jfs_evict_inode (git-fixes). - kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes). - kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839). - kvm: s390: fix setting of fpc register (git-fixes bsc#1220392). - kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393). - kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes). - kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes). - lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes). - leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes). - lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423). - lib/stackdepot: add refcount for records (jsc-ped#7423). - lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423). - lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423). - libsubcmd: fix memory leak in uniq() (git-fixes). - media: ddbridge: fix an error code problem in ddb_probe (git-fixes). - media: ir_toy: fix a memleak in irtoy_tx (git-fixes). - media: rc: bpf attach/detach requires write permission (git-fixes). - media: rockchip: rga: fix swizzling for rgb formats (git-fixes). - media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes). - mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes). - mm,page_owner: display all stacks and their count (jsc-ped#7423). - mm,page_owner: filter out stacks by a threshold (jsc-ped#7423). - mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423). - mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423). - mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423). - mm/hwpoison: fix unpoison_memory() (bsc#1218663). - mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663). - mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663). - mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes). - mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes). - mmc: core: use mrq.sbc in close-ended ffu (git-fixes). - mmc: mmc_spi: remove custom dma mapped buffers (git-fixes). - mmc: sdhci-xenon: add timeout for phy init complete (git-fixes). - mmc: sdhci-xenon: fix phy init clock stability (git-fixes). - mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes). - modpost: trim leading spaces when processing source files list (git-fixes). - mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003). - nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes). - nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes). - nouveau/svm: fix kvcalloc() argument order (git-fixes). - nouveau: fix function cast warnings (git-fixes). - ntfs: check overflow when iterating attr_records (git-fixes). - ntfs: fix use-after-free in ntfs_attr_find() (git-fixes). - nvme-fabrics: fix i/o connect error handling (git-fixes). - nvme-host: fix the updating of the firmware version (git-fixes). - pci/aer: decode requester id when no error info found (git-fixes). - pci: add no pm reset quirk for nvidia spectrum devices (git-fixes). - pci: add pci_header_type_mfd definition (bsc#1220021). - pci: fix 64gt/s effective data rate calculation (git-fixes). - pci: only override amd usb controller if required (git-fixes). - pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes). - platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes). - platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes). - platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes). - pm: core: remove unnecessary (void *) conversions (git-fixes). - pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes). - pnp: acpi: fix fortify warning (git-fixes). - power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes). - powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869). - powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869). - powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348). - powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869). - powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348). - powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869). - powerpc/watchpoints: annotate atomic context in more places (bsc#1194869). - powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869). - powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869). - powerpc: do not include lppaca.h in paca.h (bsc#1194869). - pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes). - ras/amd/atl: add mi300 row retirement support (jsc#ped-7618). - ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes). - ras: introduce a fru memory poison manager (jsc#ped-7618). - rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes) - rdma/bnxt_re: return error for srq resize (git-fixes) - rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934). - rdma/core: get ib width and speed from netdev (bsc#1219934). - rdma/irdma: add ae for too many rnrs (git-fixes) - rdma/irdma: fix kasan issue with tasklet (git-fixes) - rdma/irdma: set the cq read threshold for gen 1 (git-fixes) - rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes) - rdma/qedr: fix qedr_create_user_qp error flow (git-fixes) - rdma/srpt: fix function pointer cast warnings (git-fixes) - rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes) - refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io (bsc#1216776, bsc#1220277) - regulator: core: only increment use_count when enable_count changes (git-fixes). - regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes). - revert 'drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz' (git-fixes). - revert 'drm/amd/pm: resolve reboot exception for si oland' (git-fixes). - revert 'drm/amd: flush any delayed gfxoff on suspend entry' (git-fixes). - rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created. - s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840). - s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317). - sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes). - scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes). - scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes). - scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141). - scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes). - scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106). - scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106). - scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes). - scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021). - scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021). - scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021). - scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021). - scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021). - scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021). - scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021). - scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021). - scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021). - scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021). - scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021). - scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021). - scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021). - scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021). - scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021). - scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021). - scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021). - scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes). - scsi: revert 'scsi: fcoe: fix potential deadlock on &fip->ctlr_lock' (git-fixes bsc#1219141). - serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes). - spi-mxs: fix chipselect glitch (git-fixes). - spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes). - spi: ppc4xx: drop write-only variable (git-fixes). - spi: sh-msiof: avoid integer overflow in constants (git-fixes). - staging: iio: ad5933: fix type mismatch regression (git-fixes). - supported.conf: remove external flag from ibm supported modules. (bsc#1209412) - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450). - tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes). - topology/sysfs: add format parameter to macro defining 'show' functions for proc (jsc#ped-7618). - topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618). - tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes). - ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes). - usb: cdns3: fix memory double free when handle zero packet (git-fixes). - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes). - usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes). - usb: cdns3: put the cdns set active part outside the spin lock (git-fixes). - usb: cdns: readd old api (git-fixes). - usb: cdnsp: blocked some cdns3 specific code (git-fixes). - usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes). - usb: dwc3: gadget: do not disconnect if not started (git-fixes). - usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes). - usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes). - usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes). - usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes). - usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes). - usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes). - usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes). - usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: gadget: f_hid: fix report descriptor allocation (git-fixes). - usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes). - usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes). - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes). - usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes). - usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). - usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). - usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes). - usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527). - usb: hub: replace hardcoded quirk value with bit() macro (git-fixes). - usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes). - usb: roles: fix null pointer issue when put module's reference (git-fixes). - usb: serial: cp210x: add id for imst im871a-usb (git-fixes). - usb: serial: option: add fibocom fm101-gl variant (git-fixes). - usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes). - watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes). - wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes). - wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes). - wifi: cfg80211: fix missing interfaces when dumping (git-fixes). - wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes). - wifi: iwlwifi: fix some error codes (git-fixes). - wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes). - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes). - wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes). - wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes). - wifi: nl80211: reject iftype change with mesh id change (git-fixes). - wifi: rt2x00: restart beacon queue when hardware reset (git-fixes). - wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes). - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes). - wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes). - x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: add asm helpers for executing verw (git-fixes). - x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk. - x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618). - x86/entry_32: add verw just before userspace transition (git-fixes). - x86/entry_64: add verw just before userspace transition (git-fixes). - x86/mm: fix memory encryption features advertisement (bsc#1206453). - xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes). - xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes). The following package changes have been done: - kernel-default-5.14.21-150500.55.52.1 updated From sle-container-updates at lists.suse.com Wed Mar 13 08:06:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Mar 2024 09:06:07 +0100 (CET) Subject: SUSE-CU-2024:925-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240313080607.C8DD9F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:925-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.19 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.19 Container Release : 4.19 Severity : moderate Type : security References : 1218571 1219238 1219243 CVE-2023-7207 CVE-2024-0727 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:824-1 Released: Fri Mar 8 17:34:36 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:832-1 Released: Mon Mar 11 10:30:30 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). The following package changes have been done: - cpio-2.12-150000.3.12.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.85.1 updated - libopenssl1_1-1.1.1d-150200.11.85.1 updated - openssl-1_1-1.1.1d-150200.11.85.1 updated - timezone-2024a-150000.75.28.1 updated From sle-container-updates at lists.suse.com Wed Mar 13 08:07:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Mar 2024 09:07:45 +0100 (CET) Subject: SUSE-CU-2024:935-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240313080745.3A1ECF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:935-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.553 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.553 Severity : important Type : security References : 1219026 1220389 CVE-2023-42465 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:834-1 Released: Mon Mar 11 14:22:12 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). Fixed issues introduced by first patches for CVE-2023-42465 (bsc#1220389). The following package changes have been done: - sudo-1.9.5p2-150300.3.33.1 updated From sle-container-updates at lists.suse.com Wed Mar 13 08:08:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Mar 2024 09:08:19 +0100 (CET) Subject: SUSE-CU-2024:936-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240313080819.AA687F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:936-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.375 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.375 Severity : important Type : security References : 1219026 1220389 CVE-2023-42465 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:834-1 Released: Mon Mar 11 14:22:12 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). Fixed issues introduced by first patches for CVE-2023-42465 (bsc#1220389). The following package changes have been done: - sudo-1.9.5p2-150300.3.33.1 updated From sle-container-updates at lists.suse.com Fri Mar 15 08:04:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 09:04:57 +0100 (CET) Subject: SUSE-CU-2024:942-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240315080457.C775FF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:942-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.14 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.49.14 Severity : important Type : security References : 1214691 1219666 CVE-2022-48566 CVE-2023-6597 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). The following package changes have been done: - python3-base-3.6.15-150300.10.57.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - python3-3.6.15-150300.10.57.1 updated From sle-container-updates at lists.suse.com Fri Mar 15 08:05:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 09:05:09 +0100 (CET) Subject: SUSE-CU-2024:943-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240315080509.5CBDAF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:943-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.11 , suse/manager/4.3/proxy-salt-broker:4.3.11.9.39.15 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.39.15 Severity : important Type : security References : 1214691 1219666 CVE-2022-48566 CVE-2023-6597 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - python3-base-3.6.15-150300.10.57.1 updated - python3-3.6.15-150300.10.57.1 updated From sle-container-updates at lists.suse.com Fri Mar 15 08:05:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 09:05:23 +0100 (CET) Subject: SUSE-CU-2024:944-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20240315080523.51F2FF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:944-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.11 , suse/manager/4.3/proxy-ssh:4.3.11.9.39.12 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.39.12 Severity : important Type : security References : 1214691 1219666 CVE-2022-48566 CVE-2023-6597 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - python3-base-3.6.15-150300.10.57.1 updated - python3-3.6.15-150300.10.57.1 updated From sle-container-updates at lists.suse.com Fri Mar 15 08:05:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 09:05:37 +0100 (CET) Subject: SUSE-CU-2024:945-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20240315080537.74CB1F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:945-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.11 , suse/manager/4.3/proxy-tftpd:4.3.11.9.39.12 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.39.12 Severity : important Type : security References : 1214691 1219666 CVE-2022-48566 CVE-2023-6597 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - python3-base-3.6.15-150300.10.57.1 updated - python3-3.6.15-150300.10.57.1 updated From sle-container-updates at lists.suse.com Thu Mar 14 08:01:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Mar 2024 09:01:08 +0100 (CET) Subject: SUSE-IU-2024:282-1: Security update of suse-sles-15-sp4-chost-byos-v20240312-x86_64-gen2 Message-ID: <20240314080108.3E02BF7A4@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20240312-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:282-1 Image Tags : suse-sles-15-sp4-chost-byos-v20240312-x86_64-gen2:20240312 Image Release : Severity : critical Type : security References : 1027519 1029961 1084909 1107342 1108281 1158830 1170415 1170446 1177529 1178760 1179610 1183045 1183663 1193173 1193285 1196293 1198269 1198533 1201010 1201384 1206798 1207987 1209122 1209834 1210141 1210447 1210638 1211162 1211188 1211190 1211226 1211547 1211886 1212091 1212160 1212584 1213229 1213500 1214076 1214169 1214169 1214286 1214668 1214747 1214788 1214823 1214976 1215124 1215229 1215237 1215241 1215275 1215292 1215294 1215323 1215420 1215434 1215458 1215496 1215692 1215696 1215698 1215710 1215740 1215794 1215885 1215885 1216007 1216011 1216016 1216049 1216057 1216058 1216105 1216259 1216388 1216390 1216412 1216522 1216559 1216584 1216693 1216702 1216752 1216759 1216776 1216827 1216844 1216853 1216861 1216909 1216959 1216965 1216976 1216987 1217000 1217036 1217036 1217068 1217086 1217124 1217140 1217195 1217200 1217205 1217217 1217217 1217237 1217250 1217277 1217287 1217292 1217332 1217366 1217460 1217513 1217515 1217592 1217593 1217598 1217599 1217602 1217609 1217670 1217687 1217692 1217695 1217696 1217731 1217775 1217780 1217790 1217801 1217873 1217895 1217933 1217938 1217946 1217947 1217950 1217952 1217961 1217969 1217980 1217981 1217982 1217987 1217988 1217989 1218014 1218056 1218126 1218139 1218184 1218186 1218201 1218209 1218215 1218234 1218253 1218258 1218282 1218291 1218335 1218357 1218364 1218447 1218475 1218515 1218559 1218561 1218569 1218571 1218571 1218649 1218659 1218689 1218713 1218730 1218739 1218752 1218757 1218762 1218763 1218765 1218768 1218782 1218799 1218804 1218831 1218832 1218836 1218851 1218862 1218865 1218894 1218894 1218916 1218926 1218927 1218929 1218930 1218952 1218968 1219026 1219053 1219120 1219123 1219123 1219128 1219189 1219189 1219238 1219243 1219265 1219267 1219268 1219349 1219412 1219425 1219429 1219434 1219438 1219442 1219490 1219576 1219608 1219751 1219823 1219826 1219851 1219852 1219853 1219854 1220117 1220385 1220389 CVE-2020-12912 CVE-2020-26555 CVE-2020-8694 CVE-2020-8695 CVE-2021-33631 CVE-2023-1667 CVE-2023-1786 CVE-2023-2006 CVE-2023-2283 CVE-2023-25775 CVE-2023-27043 CVE-2023-38472 CVE-2023-39197 CVE-2023-39198 CVE-2023-39804 CVE-2023-4244 CVE-2023-42465 CVE-2023-4408 CVE-2023-45863 CVE-2023-45871 CVE-2023-46838 CVE-2023-46839 CVE-2023-46862 CVE-2023-47233 CVE-2023-48795 CVE-2023-48795 CVE-2023-49083 CVE-2023-4921 CVE-2023-50387 CVE-2023-50495 CVE-2023-50868 CVE-2023-51042 CVE-2023-51043 CVE-2023-51385 CVE-2023-5158 CVE-2023-51779 CVE-2023-51780 CVE-2023-51782 CVE-2023-5517 CVE-2023-5679 CVE-2023-5717 CVE-2023-5981 CVE-2023-6004 CVE-2023-6039 CVE-2023-6040 CVE-2023-6121 CVE-2023-6176 CVE-2023-6356 CVE-2023-6516 CVE-2023-6531 CVE-2023-6535 CVE-2023-6536 CVE-2023-6546 CVE-2023-6606 CVE-2023-6610 CVE-2023-6622 CVE-2023-6915 CVE-2023-6918 CVE-2023-6931 CVE-2023-6932 CVE-2023-7207 CVE-2023-7207 CVE-2024-0340 CVE-2024-0553 CVE-2024-0565 CVE-2024-0567 CVE-2024-0641 CVE-2024-0727 CVE-2024-0775 CVE-2024-1085 CVE-2024-1086 CVE-2024-21626 CVE-2024-21626 CVE-2024-22365 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24860 CVE-2024-25062 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20240312-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4810-1 Released: Wed Dec 13 18:59:03 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1084909,1210447,1214286,1214976,1215124,1215292,1215420,1215458,1215710,1216058,1216105,1216259,1216584,1216693,1216759,1216844,1216861,1216909,1216959,1216965,1216976,1217036,1217068,1217086,1217124,1217140,1217195,1217200,1217205,1217332,1217366,1217515,1217598,1217599,1217609,1217687,1217731,1217780,CVE-2023-2006,CVE-2023-25775,CVE-2023-39197,CVE-2023-39198,CVE-2023-4244,CVE-2023-45863,CVE-2023-45871,CVE-2023-46862,CVE-2023-5158,CVE-2023-5717,CVE-2023-6039,CVE-2023-6176 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). - CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). The following non-security bugs were fixed: - ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes). - ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes). - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes). - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes). - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes). - ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes). - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes). - ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes). - ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes). - ALSA: info: Fix potential deadlock at disconnection (git-fixes). - ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes). - ASoC: ams-delta.c: use component after check (git-fixes). - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). - ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes). - ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes). - ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes). - ASoC: hdmi-codec: register hpd callback on component probe (git-fixes). - ASoC: rt5650: fix the wrong result of key button (git-fixes). - ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes). - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes). - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes). - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes). - Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes). - Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes). - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes). - HID: hyperv: Replace one-element array with flexible-array member (git-fixes). - HID: hyperv: avoid struct memcpy overrun warning (git-fixes). - HID: hyperv: remove unused struct synthhid_msg (git-fixes). - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). - HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes). - HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). - HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes). - HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes). - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes). - Input: xpad - add VID for Turtle Beach controllers (git-fixes). - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes). - PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes). - PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458). - PCI: Extract ATS disabling to a helper function (bsc#1215458). - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes). - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes). - PCI: Use FIELD_GET() to extract Link Width (git-fixes). - PCI: exynos: Do not discard .remove() callback (git-fixes). - PCI: keystone: Do not discard .probe() callback (git-fixes). - PCI: keystone: Do not discard .remove() callback (git-fixes). - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes). - PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes). - PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes). - USB: dwc2: write HCINT with INTMASK applied (bsc#1214286). - USB: dwc3: qcom: fix ACPI platform device leak (git-fixes). - USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). - USB: dwc3: qcom: fix software node leak on probe errors (git-fixes). - USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes). - USB: serial: option: add Fibocom L7xx modules (git-fixes). - USB: serial: option: add Luat Air72*U series products (git-fixes). - USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes). - USB: serial: option: fix FM101R-GL defines (git-fixes). - USB: usbip: fix stub_dev hub disconnect (git-fixes). - arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). - arm64: Add Cortex-A520 CPU part definition (git-fixes) - arm64: allow kprobes on EL0 handlers (git-fixes) - arm64: armv8_deprecated move emulation functions (git-fixes) - arm64: armv8_deprecated: fix unused-function error (git-fixes) - arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) - arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) - arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) - arm64: consistently pass ESR_ELx to die() (git-fixes) - arm64: die(): pass 'err' as long (git-fixes) - arm64: factor insn read out of call_undef_hook() (git-fixes) - arm64: factor out EL1 SSBS emulation hook (git-fixes) - arm64: report EL1 UNDEFs better (git-fixes) - arm64: rework BTI exception handling (git-fixes) - arm64: rework EL0 MRS emulation (git-fixes) - arm64: rework FPAC exception handling (git-fixes) - arm64: split EL0/EL1 UNDEF handlers (git-fixes) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes). - atl1c: Work around the DMA RX overflow issue (git-fixes). - atm: iphase: Do PCI error checks on own line (git-fixes). - blk-mq: Do not clear driver tags own mapping (bsc#1217366). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). - bluetooth: Add device 0bda:887b to device tables (git-fixes). - bluetooth: Add device 13d3:3571 to device tables (git-fixes). - can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). - can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes). - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). - can: isotp: add local echo tx processing for consecutive frames (git-fixes). - can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes). - can: isotp: fix tx state handling for echo tx processing (git-fixes). - can: isotp: handle wait_event_interruptible() return values (git-fixes). - can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes). - can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes). - can: isotp: remove re-binding of bound socket (git-fixes). - can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes). - can: isotp: set max PDU size to 64 kByte (git-fixes). - can: isotp: split tx timer into transmission and timeout (git-fixes). - can: sja1000: Fix comment (git-fixes). - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes). - clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes). - clk: imx: imx8mq: correct error handling path (git-fixes). - clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes). - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes). - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes). - clk: npcm7xx: Fix incorrect kfree (git-fixes). - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes). - clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes). - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes). - clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes). - clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes). - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). - clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes). - clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes). - clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes). - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes). - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes). - dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). - docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). - docs: net: reformat driver.rst from a list to sections (bsc#1215458). - docs: net: use C syntax highlight in driver.rst (bsc#1215458). - drm/amd/display: Avoid NULL dereference of timing generator (git-fixes). - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes). - drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). - drm/amd/display: use full update for clip size increase of large plane source (git-fixes). - drm/amd/pm: Handle non-terminated overdrive commands (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes). - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes). - drm/amdgpu: Fix potential null pointer derefernce (git-fixes). - drm/amdgpu: do not use ATRM for external devices (git-fixes). - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). - drm/amdgpu: fix software pci_unplug on some chips (git-fixes). - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes). - drm/amdkfd: Fix shift out-of-bounds issue (git-fixes). - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). - drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). - drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes). - drm/bridge: lt8912b: Fix bridge_detach (git-fixes). - drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes). - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes). - drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). - drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes). - drm/bridge: tc358768: Fix bit updates (git-fixes). - drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes). - drm/gud: Use size_add() in call to struct_size() (git-fixes). - drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). - drm/i915: Fix potential spectre vulnerability (git-fixes). - drm/komeda: drop all currently held locks if deadlock happens (git-fixes). - drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes). - drm/mediatek: Fix iommu fault during crtc enabling (git-fixes). - drm/mipi-dsi: Create devm device attachment (git-fixes). - drm/mipi-dsi: Create devm device registration (git-fixes). - drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes). - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes). - drm/panel: fix a possible null pointer dereference (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes). - drm/panel: st7703: Pick different reset sequence (git-fixes). - drm/qxl: prevent memory leak (git-fixes). - drm/radeon: possible buffer overflow (git-fixes). - drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes). - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes). - drm/rockchip: vop: Fix call to crtc reset helper (git-fixes). - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes). - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes). - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes). - drm/vc4: fix typo (git-fixes). - drm: vmwgfx_surface.c: copy user-array safely (git-fixes). - dt-bindings: usb: hcd: add missing phy name to example (git-fixes). - dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). - fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). - fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes). - fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes). - fbdev: imsttfb: fix a resource leak in probe (git-fixes). - fbdev: imsttfb: fix double free in probe() (git-fixes). - fbdev: omapfb: Drop unused remove function (git-fixes). - firewire: core: fix possible memory leak in create_units() (git-fixes). - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes). - gpio: mockup: fix kerneldoc (git-fixes). - gpio: mockup: remove unused field (git-fixes). - hid: cp2112: Fix duplicate workqueue initialization (git-fixes). - hv: simplify sysctl registration (git-fixes). - hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes). - hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes). - hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). - hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes). - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes). - i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). - i2c: core: Run atomic i2c xfer when !preemptible (git-fixes). - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes). - i2c: dev: copy userspace array safely (git-fixes). - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes). - i2c: iproc: handle invalid slave state (git-fixes). - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). - i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes). - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes). - i3c: master: cdns: Fix reading status register (git-fixes). - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes). - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes). - i3c: master: svc: fix check wrong status register in irq handler (git-fixes). - i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). - i3c: master: svc: fix race condition in ibi work thread (git-fixes). - i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes). - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes). - i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes). - idpf: add RX splitq napi poll support (bsc#1215458). - idpf: add SRIOV support and other ndo_ops (bsc#1215458). - idpf: add TX splitq napi poll support (bsc#1215458). - idpf: add controlq init and reset checks (bsc#1215458). - idpf: add core init and interrupt request (bsc#1215458). - idpf: add create vport and netdev configuration (bsc#1215458). - idpf: add ethtool callbacks (bsc#1215458). - idpf: add module register and probe functionality (bsc#1215458). - idpf: add ptypes and MAC filter support (bsc#1215458). - idpf: add singleq start_xmit and napi poll (bsc#1215458). - idpf: add splitq start_xmit (bsc#1215458). - idpf: cancel mailbox work in error path (bsc#1215458). - idpf: configure resources for RX queues (bsc#1215458). - idpf: configure resources for TX queues (bsc#1215458). - idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). - idpf: initialize interrupts and enable vport (bsc#1215458). - idpf: set scheduling mode for completion queue (bsc#1215458). - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes). - iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes). - iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). - irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes). - leds: pwm: Do not disable the PWM when the LED should be off (git-fixes). - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes). - leds: turris-omnia: Do not use SMBUS calls (git-fixes). - lsm: fix default return value for inode_getsecctx (git-fixes). - lsm: fix default return value for vm_enough_memory (git-fixes). - media: bttv: fix use after free error due to btv->timeout timer (git-fixes). - media: ccs: Correctly initialise try compose rectangle (git-fixes). - media: ccs: Fix driver quirk struct documentation (git-fixes). - media: cedrus: Fix clock/reset sequence (git-fixes). - media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes). - media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). - media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes). - media: imon: fix access to invalid resource for the second interface (git-fixes). - media: lirc: drop trailing space from scancode transmit (git-fixes). - media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes). - media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes). - media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes). - media: qcom: camss: Fix vfe_get() error jump (git-fixes). - media: sharp: fix sharp encoding (git-fixes). - media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes). - media: venus: hfi: add checks to handle capabilities from firmware (git-fixes). - media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes). - media: venus: hfi: fix the check to handle session buffer requirement (git-fixes). - media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes). - media: vidtv: mux: Add check and kfree for kstrdup (git-fixes). - media: vidtv: psi: Add check for kstrdup (git-fixes). - media: vivid: avoid integer overflow (git-fixes). - mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes). - mfd: core: Ensure disabled devices are skipped without aborting (git-fixes). - mfd: dln2: Fix double put in dln2_probe (git-fixes). - misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes). - mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes). - mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes). - mmc: block: Do not lose cache flush during CQE error recovery (git-fixes). - mmc: block: Retry commands in CQE error recovery (git-fixes). - mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes). - mmc: cqhci: Increase recovery halt timeout (git-fixes). - mmc: cqhci: Warn of halt or task clear failure (git-fixes). - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes). - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes). - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes). - mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes). - mmc: vub300: fix an error code (git-fixes). - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes). - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). - mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes). - mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes). - net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). - net: Avoid address overwrite in kernel_connect (bsc#1216861). - net: add macro netif_subqueue_completed_wake (bsc#1215458). - net: fix use-after-free in tw_timer_handler (bsc#1217195). - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). - net: mana: Fix return type of mana_start_xmit() (git-fixes). - net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). - net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). - net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes). - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes). - nvme: update firmware version after commit (bsc#1215292). - pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). - pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). - pinctrl: avoid reload of p state in list iteration (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes). - platform/x86: wmi: Fix opening of char device (git-fixes). - platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes). - platform/x86: wmi: remove unnecessary initializations (git-fixes). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). - pwm: Fix double shift bug (git-fixes). - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes). - pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes). - r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). - r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). - r8152: Check for unplug in rtl_phy_patch_request() (git-fixes). - r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). - r8152: Release firmware if we have an error in probe (git-fixes). - r8152: Run the unload routine if we have errors during probe (git-fixes). - regmap: Ensure range selector registers are updated after cache sync (git-fixes). - regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes). - regmap: prevent noinc writes from clobbering cache (git-fixes). - s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687). - s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). - s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086). - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086). - s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086). - s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). - s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). - s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086). - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086). - s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599). - sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731). - scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731). - scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). - scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731). - scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). - scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731). - scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124). - scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731). - scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124). - scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). - scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). - scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731). - scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124). - scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). - scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes). - selftests/efivarfs: create-read: fix a resource leak (git-fixes). - selftests/pidfd: Fix ksft print formats (git-fixes). - selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes). - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes). - selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes). - seq_buf: fix a misleading comment (git-fixes). - serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes). - serial: meson: Use platform_get_irq() to get the interrupt (git-fixes). - soc: qcom: llcc: Handle a second device without data corruption (git-fixes). - spi: nxp-fspi: use the correct ioremap function (git-fixes). - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). - spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes). - staging: media: ipu3: remove ftrace-like logging (git-fixes). - string.h: add array-wrappers for (v)memdup_user() (git-fixes). - supported.conf: marked idpf supported - thermal: core: prevent potential string overflow (git-fixes). - treewide: Spelling fix in comment (git-fixes). - tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). - tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes). - tty: 8250: Add support for Brainboxes UP cards (git-fixes). - tty: 8250: Add support for Intashield IS-100 (git-fixes). - tty: 8250: Add support for Intashield IX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes PX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes UC cards (git-fixes). - tty: 8250: Fix port count of PX-257 (git-fixes). - tty: 8250: Fix up PX-803/PX-857 (git-fixes). - tty: 8250: Remove UC-257 and UC-431 (git-fixes). - tty: Fix uninit-value access in ppp_sync_receive() (git-fixes). - tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). - tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes). - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). - tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes). - usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes). - usb: chipidea: Fix DMA overwrite for Tegra (git-fixes). - usb: chipidea: Simplify Tegra DMA alignment code (git-fixes). - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes). - usb: dwc3: Fix default mode initialization (git-fixes). - usb: dwc3: set the dma max_seg_size (git-fixes). - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes). - usb: raw-gadget: properly handle interrupted requests (git-fixes). - usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes). - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes). - usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes). - virtchnl: add virtchnl version 2 ops (bsc#1215458). - wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes). - wifi: ath10k: fix clang-specific fortify warning (git-fixes). - wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes). - wifi: ath11k: fix dfs radar event locking (git-fixes). - wifi: ath11k: fix htt pktlog locking (git-fixes). - wifi: ath11k: fix temperature event locking (git-fixes). - wifi: ath9k: fix clang-specific fortify warnings (git-fixes). - wifi: iwlwifi: Use FW rate for non-data frames (git-fixes). - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes). - wifi: iwlwifi: empty overflow queue during flush (git-fixes). - wifi: iwlwifi: honor the enable_ini value (git-fixes). - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes). - wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes). - wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes). - wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). - wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes). - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes). - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes). - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes). - x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes). - x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes). - x86/hyperv: Make hv_get_nmi_reason public (git-fixes). - x86/hyperv: fix a warning in mshyperv.h (git-fixes). - x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes). - x86/sev: Fix calculation of end address based on number of pages (git-fixes). - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: add attr state machine tracepoints (git-fixes). - xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). - xfs: constify btree function parameters that are not modified (git-fixes). - xfs: convert AGF log flags to unsigned (git-fixes). - xfs: convert AGI log flags to unsigned (git-fixes). - xfs: convert attr type flags to unsigned (git-fixes). - xfs: convert bmap extent type flags to unsigned (git-fixes). - xfs: convert bmapi flags to unsigned (git-fixes). - xfs: convert btree buffer log flags to unsigned (git-fixes). - xfs: convert buffer flags to unsigned (git-fixes). - xfs: convert buffer log item flags to unsigned (git-fixes). - xfs: convert da btree operations flags to unsigned (git-fixes). - xfs: convert dquot flags to unsigned (git-fixes). - xfs: convert inode lock flags to unsigned (git-fixes). - xfs: convert log item tracepoint flags to unsigned (git-fixes). - xfs: convert log ticket and iclog flags to unsigned (git-fixes). - xfs: convert quota options flags to unsigned (git-fixes). - xfs: convert scrub type flags to unsigned (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes). - xfs: make the key parameters to all btree key comparison functions const (git-fixes). - xfs: make the key parameters to all btree query range functions const (git-fixes). - xfs: make the keys and records passed to btree inorder functions const (git-fixes). - xfs: make the pointer passed to btree set_root functions const (git-fixes). - xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). - xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). - xfs: mark the record passed into btree init_key functions as const (git-fixes). - xfs: mark the record passed into xchk_btree functions as const (git-fixes). - xfs: remove xfs_btree_cur_t typedef (git-fixes). - xfs: rename i_disk_size fields in ftrace output (git-fixes). - xfs: resolve fork names in trace output (git-fixes). - xfs: standardize AG block number formatting in ftrace output (git-fixes). - xfs: standardize AG number formatting in ftrace output (git-fixes). - xfs: standardize daddr formatting in ftrace output (git-fixes). - xfs: standardize inode generation formatting in ftrace output (git-fixes). - xfs: standardize inode number formatting in ftrace output (git-fixes). - xfs: standardize remaining xfs_buf length tracepoints (git-fixes). - xfs: standardize rmap owner number formatting in ftrace output (git-fixes). - xhci: Enable RPM on controllers that support low-power states (git-fixes). - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4843-1 Released: Thu Dec 14 12:22:44 2023 Summary: Security update for python3-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4880-1 Released: Fri Dec 15 10:43:44 2023 Summary: Recommended update for xen Type: recommended Severity: moderate References: 1027519 This update for xen fixes the following issues: - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4901-1 Released: Tue Dec 19 11:25:47 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1216853,CVE-2023-38472 This update for avahi fixes the following issues: - CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4902-1 Released: Tue Dec 19 13:09:42 2023 Summary: Security update for openssh Type: security Severity: important References: 1214788,1217950,CVE-2023-48795 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4916-1 Released: Wed Dec 20 08:49:04 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1215229 This update for lvm2 fixes the following issues: - Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4936-1 Released: Wed Dec 20 17:18:21 2023 Summary: Security update for docker, rootlesskit Type: security Severity: important References: 1170415,1170446,1178760,1210141,1213229,1213500,1215323,1217513,CVE-2020-12912,CVE-2020-8694,CVE-2020-8695 This update for docker, rootlesskit fixes the following issues: docker: - Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513 * Deny containers access to /sys/devices/virtual/powercap by default. - CVE-2020-8694 bsc#1170415 - CVE-2020-8695 bsc#1170446 - CVE-2020-12912 bsc#1178760 - Update to Docker 24.0.6-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323 - Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141 - Update to Docker 24.0.5-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229 This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180) rootlesskit: - new package, for docker rootless support. (jsc#PED-6180) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4983-1 Released: Thu Dec 28 14:21:40 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:8-1 Released: Tue Jan 2 13:18:50 2024 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1214076 This update for samba fixes the following issues: - Add 'net offlinejoin composeodj' command (bsc#1214076) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-?? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:50-1 Released: Mon Jan 8 03:20:25 2024 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1217695,1217696 This update for python-instance-billing-flavor-check fixes the following issues: - Run the command as sudo only (bsc#1217696, bsc#1217695) - Handle exception for Python 3.4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate References: 1215496 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:68-1 Released: Tue Jan 9 15:26:08 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1217292 This update for rsyslog fixes the following issues: - Restart daemon after modules packages have been updated (bsc#1217292) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:70-1 Released: Tue Jan 9 18:29:39 2024 Summary: Security update for tar Type: security Severity: low References: 1217969,CVE-2023-39804 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:88-1 Released: Thu Jan 11 10:08:20 2024 Summary: Recommended update for libsolv, zypper, libzypp Type: recommended Severity: moderate References: 1212160,1215294,1216412,1217593,1217873,1218291 This update for libsolv, zypper, libzypp fixes the following issues: - Expand RepoVars in URLs downloading a .repo file (bsc#1212160) - Fix search/info commands ignoring --ignore-unknown (bsc#1217593) - CheckAccessDeleted: fix 'running in container' filter (bsc#1218291) - Open rpmdb just once during execution of %posttrans scripts (bsc#1216412) - Make sure reboot-needed is remembered until next boot (bsc#1217873) - Stop using boost version 1 timer library (bsc#1215294) - Updated to version 0.7.27 - Add zstd support for the installcheck tool - Add putinowndirpool cache to make file list handling in repo_write much faster - Do not use deprecated headerUnload with newer rpm versions - Support complex deps in SOLVABLE_PREREQ_IGNOREINST - Fix minimization not prefering installed packages in some cases - Reduce memory usage in repo_updateinfoxml - Fix lock-step interfering with architecture selection - Fix choice rule handing for package downgrades - Fix complex dependencies with an 'else' part sometimes leading to unsolved dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:105-1 Released: Mon Jan 15 15:41:05 2024 Summary: Recommended update for grub2 and efibootmgr Type: recommended Severity: important References: 1217237 This update for grub2 and efibootmgr fixes the following issues: grub2: - Deliver missing grub2-arm64-efi and grub2-powerpc-ieee1275 to SUSE Manager 4.3 (no source changes) (bsc#1217237) efibootmgr: - Deliver missing efibootmgr to SUSE Manager 4.3 (no source changes) (bsc#1217237) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:125-1 Released: Tue Jan 16 13:46:56 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1218364 This update for suseconnect-ng fixes the following issues: - Update to version 1.5.0 - Configure docker credentials for registry authentication - Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364) - Add --json output option ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:128-1 Released: Tue Jan 16 13:50:37 2024 Summary: Security update for cloud-init Type: security Severity: moderate References: 1198269,1201010,1214169,1215740,1215794,1216007,1216011,CVE-2023-1786 This update for cloud-init contains the following fixes: - Move fdupes call back to %install.(bsc#1214169) - Update to version 23.3. (bsc#1216011) * (bsc#1215794) * (bsc#1215740) * (bsc#1216007) + Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support (#4390) + Fix cc_keyboard in mantic (LP: #2030788) + ec2: initialize get_instance_userdata return value to bytes (#4387) [Noah Meyerhans] + cc_users_groups: Add doas/opendoas support (#4363) [dermotbradley] + Fix pip-managed ansible + status: treat SubState=running and MainPID=0 as service exited + azure/imds: increase read-timeout to 30s (#4372) [Chris Patterson] + collect-logs fix memory usage (SC-1590) (#4289) [Alec Warren] (LP: #1980150) + cc_mounts: Use fallocate to create swapfile on btrfs (#4369) + Undocument nocloud-net (#4318) + feat(akamai): add akamai to settings.py and apport.py (#4370) + read-version: fallback to get_version when git describe fails (#4366) + apt: fix cloud-init status --wait blocking on systemd v 253 (#4364) + integration tests: Pass username to pycloudlib (#4324) + Bump pycloudlib to 1!5.1.0 (#4353) + cloud.cfg.tmpl: reorganise, minimise/reduce duplication (#4272) [dermotbradley] + analyze: fix (unexpected) timestamp parsing (#4347) [Mina Gali??] + cc_growpart: fix tests to run on FreeBSD (#4351) [Mina Gali??] + subp: Fix spurious test failure on FreeBSD (#4355) [Mina Gali??] + cmd/clean: fix tests on non-Linux platforms (#4352) [Mina Gali??] + util: Fix get_proc_ppid() on non-Linux systems (#4348) [Mina Gali??] + cc_wireguard: make tests pass on FreeBSD (#4346) [Mina Gali??] + unittests: fix breakage in test_read_cfg_paths_fetches_cached_datasource (#4328) [Ani Sinha] + Fix test_tools.py collection (#4315) + cc_keyboard: add Alpine support (#4278) [dermotbradley] + Flake8 fixes (#4340) [Robert Schweikert] + cc_mounts: Fix swapfile not working on btrfs (#4319) [?????????] (LP: #1884127) + ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen (#4281) [Wei Zhou] + ec2: Support double encoded userdata (#4275) [Noah Meyerhans] + cc_mounts: xfs is a Linux only FS (#4334) [Mina Gali??] + tests/net: fix TestGetInterfaces' mock coverage for get_master (#4336) [Chris Patterson] + change openEuler to openeuler and fix some bugs in openEuler (#4317) [sxt1001] + Replace flake8 with ruff (#4314) + NM renderer: set default IPv6 addr-gen-mode for all interfaces to eui64 (#4291) [Ani Sinha] + cc_ssh_import_id: add Alpine support and add doas support (#4277) [dermotbradley] + sudoers not idempotent (SC-1589) (#4296) [Alec Warren] (LP: #1998539) + Added support for Akamai Connected Cloud (formerly Linode) (#4167) [Will Smith] + Fix reference before assignment (#4292) + Overhaul module reference page (#4237) [Sally] + replaced spaces with commas for setting passenv (#4269) [Alec Warren] + DS VMware: modify a few log level (#4284) [PengpengSun] + tools/read-version refactors and unit tests (#4268) + Ensure get_features() grabs all features (#4285) + Don't always require passlib dependency (#4274) + tests: avoid leaks into host system checking of ovs-vsctl cmd (#4275) + Fix NoCloud kernel commandline key parsing (#4273) + testing: Clear all LRU caches after each test (#4249) + Remove the crypt dependency (#2139) [Gon??ri Le Bouder] + logging: keep current file mode of log file if its stricter than the new mode (#4250) [Ani Sinha] + Remove default membership in redundant groups (#4258) [Dave Jones] (LP: #1923363) + doc: improve datasource_creation.rst (#4262) + Remove duplicate Integration testing button (#4261) [Rishita Shaw] + tools/read-version: fix the tool so that it can handle version parsing errors (#4234) [Ani Sinha] + net/dhcp: add udhcpc support (#4190) [Jean-Fran??ois Roche] + DS VMware: add i386 arch dir to deployPkg plugin search path [PengpengSun] + LXD moved from linuxcontainers.org to Canonical [Simon Deziel] + cc_mounts.py: Add note about issue with creating mounts inside mounts (#4232) [dermotbradley] + lxd: install lxd from snap, not deb if absent in image + landscape: use landscape-config to write configuration + Add deprecation log during init of DataSourceDigitalOcean (#4194) [tyb-truth] + doc: fix typo on apt.primary.arches (#4238) [Dan Bungert] + Inspect systemd state for cloud-init status (#4230) + instance-data: add system-info and features to combined-cloud-config (#4224) + systemd: Block login until config stage completes (#2111) (LP: #2013403) + tests: proposed should invoke apt-get install -t=-proposed (#4235) + cloud.cfg.tmpl: reinstate ca_certs entry (#4236) [dermotbradley] + Remove feature flag override ability (#4228) + tests: drop stray unrelated file presence test (#4227) + Update LXD URL (#4223) [Sally] + schema: add network v1 schema definition and validation functions + tests: daily PPA for devel series is version 99.daily update tests to match (#4225) + instance-data: write /run/cloud-init/combined-cloud-config.json + mount parse: Fix matching non-existent directories (#4222) [Mina Gali??] + Specify build-system for pep517 (#4218) + Fix network v2 metric rendering (#4220) + Migrate content out of FAQ page (SD-1187) (#4205) [Sally] + setup: fix generation of init templates (#4209) [Mina Gali??] + docs: Correct some bootcmd example wording + fix changelog + tests: reboot client to assert x-shellscript-per-boot is triggered + nocloud: parse_cmdline no longer detects nocloud-net datasource (#4204) (LP: 4203, #2025180) + Add docstring and typing to mergemanydict (#4200) + BSD: add dsidentify to early startup scripts (#4182) [Mina Gali??] + handler: report errors on skipped merged cloud-config.txt parts (LP: #1999952) + Add cloud-init summit writeups (#4179) [Sally] + tests: Update test_clean_log for oci (#4187) + gce: improve ephemeral fallback NIC selection (CPC-2578) (#4163) + tests: pin pytest 7.3.1 to avoid adverse testpaths behavior (#4184) + Ephemeral Networking for FreeBSD (#2165) [Mina Gali??] + Clarify directory syntax for nocloud local filesystem. (#4178) + Set default renderer as sysconfig for centos/rhel (#4165) [Ani Sinha] + Test static routes and netplan 0.106 + FreeBSD fix parsing of mount and mount options (#2146) [Mina Gali??] + test: add tracking bug id (#4164) + tests: can't match MAC for LXD container veth due to netplan 0.106 (#4162) + Add kaiwalyakoparkar as a contributor (#4156) [Kaiwalya Koparkar] + BSD: remove datasource_list from cloud.cfg template (#4159) [Mina Gali??] + launching salt-minion in masterless mode (#4110) [Denis Halturin] + tools: fix run-container builds for rockylinux/8 git hash mismatch (#4161) + fix doc lint: spellchecker tripped up (#4160) [Mina Gali??] + Support Ephemeral Networking for BSD (#2127) + Added / fixed support for static routes on OpenBSD and FreeBSD (#2157) [Kadir Mueller] + cc_rsyslog: Refactor for better multi-platform support (#4119) [Mina Gali??] (LP: #1798055) + tests: fix test_lp1835584 (#4154) + cloud.cfg mod names: docs and rename salt_minion and set_password (#4153) + vultr: remove check_route check (#2151) [Jonas Chevalier] + Update SECURITY.md (#4150) [Indrranil Pawar] + Update CONTRIBUTING.rst (#4149) [Indrranil Pawar] + Update .github-cla-signers (#4151) [Indrranil Pawar] + Standardise module names in cloud.cfg.tmpl to only use underscore (#4128) [dermotbradley] + Modify PR template so autoclose works >From 23.2.2 + Fix NoCloud kernel commandline key parsing (#4273) (Fixes: #4271) (LP: #2028562) + Fix reference before assignment (#4292) (Fixes: #4288) (LP: #2028784) >From 23.2.1 + nocloud: Fix parse_cmdline detection of nocloud-net datasource (#4204) (Fixes: 4203) (LP: #2025180) >From 23.2 + BSD: simplify finding MBR partitions by removing duplicate code [Mina Gali??] + tests: bump pycloudlib version for mantic builds + network-manager: Set higher autoconnect priority for nm keyfiles (#3671) [Ani Sinha] + alpine.py: change the locale file used (#4139) [dermotbradley] + cc_ntp: Sync up with current FreeBSD ntp.conf (#4122) [Mina Gali??] + config: drop refresh_rmc_and_interface as RHEL 7 no longer supported [Robert Schweikert] + docs: Add feedback button to docs + net/sysconfig: enable sysconfig renderer if network manager has ifcfg-rh plugin (#4132) [Ani Sinha] + For Alpine use os-release PRETTY_NAME (#4138) [dermotbradley] + network_manager: add a method for ipv6 static IP configuration (#4127) [Ani Sinha] + correct misnamed template file host.mariner.tmpl (#4124) [dermotbradley] + nm: generate ipv6 stateful dhcp config at par with sysconfig (#4115) [Ani Sinha] + Add templates for GitHub Issues + Add 'peers' and 'allow' directives in cc_ntp (#3124) [Jacob Salmela] + FreeBSD: Fix user account locking (#4114) [Mina Gali??] (GH: #1854594) + FreeBSD: add ResizeGrowFS class to cc_growpart (#2334) [Mina Gali??] + Update tests in Azure TestCanDevBeReformatted class (#2771) [Ksenija Stanojevic] + Replace Launchpad references with GitHub Issues + Fix KeyError in iproute pformat (#3287) [Dmitry Zykov] + schema: read_cfg_paths call init.fetch to lookup /v/l/c/instance + azure/errors: introduce reportable errors for imds (#3647) [Chris Patterson] + FreeBSD (and friends): better identify MBR slices (#2168) [Mina Gali??] (LP: #2016350) + azure/errors: add host reporting for dhcp errors (#2167) [Chris Patterson] + net: purge blacklist_drivers across net and azure (#2160) [Chris Patterson] + net: refactor hyper-v VF filtering and apply to get_interfaces() (#2153) [Chris Patterson] + tests: avoid leaks to underlying filesystem for /etc/cloud/clean.d (#2251) + net: refactor find_candidate_nics_on_linux() to use get_interfaces() (#2159) [Chris Patterson] + resolv_conf: Allow > 3 nameservers (#2152) [Major Hayden] + Remove mount NTFS error message (#2134) [Ksenija Stanojevic] + integration tests: fix image specification parsing (#2166) + ci: add hypothesis scheduled GH check (#2149) + Move supported distros list to docs (#2162) + Fix logger, use instance rather than module function (#2163) + README: Point to Github Actions build status (#2158) + Revert 'fix linux-specific code on bsd (#2143)' (#2161) + Do not generate dsa and ed25519 key types when crypto FIPS mode is enabled (#2142) [Ani Sinha] (LP: 2017761) + Add documentation label automatically (#2156) + sources/azure: report success to host and introduce kvp module (#2141) [Chris Patterson] + setup.py: use pkg-config for udev/rules path (#2137) [dankm] + openstack/static: honor the DNS servers associated with a network (#2138) [Gon??ri Le Bouder] + fix linux-specific code on bsd (#2143) + cli: schema validation of jinja template user-data (SC-1385) (#2132) (LP: #1881925) + gce: activate network discovery on every boot (#2128) + tests: update integration test to assert 640 across reboots (#2145) + Make user/vendor data sensitive and remove log permissions (#2144) (LP: #2013967) + Update kernel command line docs (SC-1457) (#2133) + docs: update network configuration path links (#2140) [d1r3ct0r] + sources/azure: report failures to host via kvp (#2136) [Chris Patterson] + net: Document use of `ip route append` to add routes (#2130) + dhcp: Add missing mocks (#2135) + azure/imds: retry fetching metadata up to 300 seconds (#2121) [Chris Patterson] + [1/2] DHCP: Refactor dhcp client code (#2122) + azure/errors: treat traceback_base64 as string (#2131) [Chris Patterson] + azure/errors: introduce reportable errors (#2129) [Chris Patterson] + users: schema permit empty list to indicate create no users + azure: introduce identity module (#2116) [Chris Patterson] + Standardize disabling cloud-init on non-systemd (#2112) + Update .github-cla-signers (#2126) [Rob Tongue] + NoCloud: Use seedfrom protocol to determine mode (#2107) + rhel: Remove sysvinit files. (#2114) + tox.ini: set -vvvv --showlocals for pytest (#2104) [Chris Patterson] + Fix NoCloud kernel commandline semi-colon args + run-container: make the container/VM timeout configurable (#2118) [Paride Legovini] + suse: Remove sysvinit files. (#2115) + test: Backport assert_call_count for old requests (#2119) + Add 'licebmi' as contributor (#2113) [Mark Martinez] + Adapt DataSourceScaleway to upcoming IPv6 support (#2033) [Louis Bouchard] + rhel: make sure previous-hostname file ends with a new line (#2108) [Ani Sinha] + Adding contributors for DataSourceAkamai (#2110) [acourdavAkamai] + Cleanup ephemeral IP routes on exception (#2100) [sxt1001] + commit 09a64badfb3f51b1b391fa29be19962381a4bbeb [sxt1001] (LP: #2011291) + Standardize kernel commandline user interface (#2093) + config/cc_resizefs: fix do_resize arguments (#2106) [Chris Patterson] + Fix test_dhclient_exits_with_error (#2105) + net/dhcp: catch dhclient failures and raise NoDHCPLeaseError (#2083) [Chris Patterson] + sources/azure: move pps handling out of _poll_imds() (#2075) [Chris Patterson] + tests: bump pycloudlib version (#2102) + schema: do not manipulate draft4 metaschema for jsonschema 2.6.0 (#2098) + sources/azure/imds: don't count timeout errors as connection errors (#2074) [Chris Patterson] + Fix Python 3.12 unit test failures (#2099) + integration tests: Refactor instance checking (#1989) + ci: migrate remaining jobs from travis to gh (#2085) + missing ending quote in instancedata docs(#2094) [Hong L] + refactor: stop passing log instances to cc_* handlers (#2016) [d1r3ct0r] + tests/vmware: fix test_no_data_access_method failure (#2092) [Chris Patterson] + Don't change permissions of netrules target (#2076) (LP: #2011783) + tests/sources: patch util.get_cmdline() for datasource tests (#2091) [Chris Patterson] + macs: ignore duplicate MAC for devs with driver driver qmi_wwan (#2090) (LP: #2008888) + Fedora: Enable CA handling (#2086) [Franti??ek Zatloukal] + Send dhcp-client-identifier for InfiniBand ports (#2043) [Waleed Mousa] + cc_ansible: complete the examples and doc (#2082) [Yves] + bddeb: for dev package, derive debhelper-compat from host system + apport: only prompt for cloud_name when instance-data.json is absent + datasource: Optimize datasource detection, fix bugs (#2060) + Handle non existent ca-cert-config situation (#2073) [Shreenidhi Shedi] + sources/azure: add networking check for all source PPS (#2061) [Chris Patterson] + do not attempt dns resolution on ip addresses (#2040) + chore: fix style tip (#2071) + Fix metadata IP in instancedata.rst (#2063) [Brian Haley] + util: Pass deprecation schedule in deprecate_call() (#2064) + config: Update grub-dpkg docs (#2058) + docs: Cosmetic improvements and styling (#2057) [s-makin] + cc_grub_dpkg: Added UEFI support (#2029) [Alexander Birkner] + tests: Write to /var/spool/rsyslog to adhere to apparmor profile (#2059) + oracle-ds: prefer system_cfg over ds network config source (#1998) (LP: #1956788) + Remove dead code (#2038) + source: Force OpenStack when it is only option (#2045) (LP: #2008727) + cc_ubuntu_advantage: improve UA logs discovery + sources/azure: fix regressions in IMDS behavior (#2041) [Chris Patterson] + tests: fix test_schema (#2042) + dhcp: Cleanup unused kwarg (#2037) + sources/vmware/imc: fix-missing-catch-few-negtive-scenarios (#2027) [PengpengSun] + dhclient_hook: remove vestigal dhclient_hook command (#2015) + log: Add standardized deprecation tooling (SC-1312) (#2026) + Enable SUSE based distros for ca handling (#2036) [Robert Schweikert] >From 23.1.2 + Make user/vendor data sensitive and remove log permissions (LP: #2013967) (CVE-2023-1786) - Remove six dependency (bsc#1198269) - Update to version 22.4 (bsc#1201010) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:140-1 Released: Thu Jan 18 11:34:58 2024 Summary: Security update for libssh Type: security Severity: important References: 1211188,1211190,1218126,1218186,1218209,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918 This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:156-1 Released: Thu Jan 18 17:01:26 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1179610,1183045,1193285,1211162,1211226,1212584,1214747,1214823,1215237,1215696,1215885,1216057,1216559,1216776,1217036,1217217,1217250,1217602,1217692,1217790,1217801,1217933,1217938,1217946,1217947,1217980,1217981,1217982,1218056,1218139,1218184,1218234,1218253,1218258,1218335,1218357,1218447,1218515,1218559,1218569,1218659,CVE-2020-26555,CVE-2023-51779,CVE-2023-6121,CVE-2023-6531,CVE-2023-6546,CVE-2023-6606,CVE-2023-6610,CVE-2023-6622,CVE-2023-6931,CVE-2023-6932 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). - CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335). - CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253). - CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938). - CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250). The following non-security bugs were fixed: - Reviewed and added more information to README.SUSE (jsc#PED-5021). - Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184). - Drop drm/bridge lt9611uxc patches that have been reverted on stable trees - KVM: s390/mm: Properly reset no-dat (bsc#1218056). - KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933). - KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322). - NFS: Fix O_DIRECT locking issues (bsc#1211162). - NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). - NFS: Fix a potential data corruption (bsc#1211162). - NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). - NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). - NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). - NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). - NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). - NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692). - Updated SPI patches for NVIDIA Grace enablement (bsc#1212584 jsc#PED-3459) - block: fix revalidate performance regression (bsc#1216057). - bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234). - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980). - ceph: fix type promotion bug on 32bit systems (bsc#1217982). - clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217). - clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217). - clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217). - clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217). - clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217). - clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217). - clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217). - clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217). - dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659). - libceph: use kernel_connect() (bsc#1217981). - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515). - net/smc: Fix pos miscalculation in statistics (bsc#1218139). - net/tg3: fix race condition in tg3_reset_task() (bsc#1217801). - nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). - remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569). - s390/vx: fix save/restore of fpu kernel context (bsc#1218357). - scsi: lpfc: use unsigned type for num_sge (bsc#1214747). - swiotlb: fix a braino in the alignment check fix (bsc#1216559). - swiotlb: fix slot alignment checks (bsc#1216559). - tracing: Disable preemption when using the filter buffer (bsc#1217036). - tracing: Fix a possible race when disabling buffered events (bsc#1217036). - tracing: Fix a warning when allocating buffered events fails (bsc#1217036). - tracing: Fix incomplete locking when disabling buffered events (bsc#1217036). - tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036). - tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036). - uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978). - vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). - x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790). - x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217). - x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217). - x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:187-1 Released: Tue Jan 23 13:38:00 2024 Summary: Recommended update for python-chardet Type: recommended Severity: moderate References: 1218765 This update for python-chardet fixes the following issues: - Fix update-alternative in %postun (bsc#1218765) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:188-1 Released: Tue Jan 23 13:53:14 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: critical References: 1217961,1218649 This update for suseconnect-ng contains the following fix: - Update to version 1.6.0: * Disable EULA display for addons. (bsc#1218649 and bsc#1217961) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:214-1 Released: Wed Jan 24 16:01:31 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1214668,1215241,1217460 This update for systemd fixes the following issues: - resolved: actually check authenticated flag of SOA transaction - core/mount: Make device deps from /proc/self/mountinfo and .mount unit file exclusive - core: Add trace logging to mount_add_device_dependencies() - core/mount: Remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460) - core/mount: Set Mount.from_proc_self_mountinfo flag before adding default dependencies - core: wrap some long comment - utmp-wtmp: Handle EINTR gracefully when waiting to write to tty - utmp-wtmp: Fix error in case isatty() fails - homed: Handle EINTR gracefully when waiting for device node - resolved: Handle EINTR returned from fd_wait_for_event() better - sd-netlink: Handle EINTR from poll() gracefully, as success - varlink: Handle EINTR gracefully when waiting for EIO via ppoll() - stdio-bridge: Don't be bothered with EINTR - sd-bus: Handle EINTR return from bus_poll() (bsc#1215241) - core: Replace slice dependencies as they get added (bsc#1214668) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:219-1 Released: Wed Jan 24 19:43:28 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1218799 This update for rsyslog fixes the following issues: - suppress installation errors when systemd is not running (bsc#1218799) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:233-1 Released: Thu Jan 25 11:58:47 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1217775 This update for suse-module-tools fixes the following issues: - Update to version 15.4.19 - Add symlink /boot/.vmlinuz.hmac (bsc#1217775) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:238-1 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:243-1 Released: Fri Jan 26 13:00:47 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1207987 This update for util-linux fixes the following issues: - Fix performance degradation (bsc#1207987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:254-1 Released: Fri Jan 26 17:19:30 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: 1217952 This update for containerd fixes the following issues: - Fix permissions of address file (bsc#1217952) - Update to version 1.7.10 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:268-1 Released: Tue Jan 30 14:19:42 2024 Summary: Security update for xen Type: security Severity: moderate References: 1218851,CVE-2023-46839 This update for xen fixes the following issues: - CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:295-1 Released: Thu Feb 1 08:23:17 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. (bsc#1218894) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:306-1 Released: Thu Feb 1 17:58:09 2024 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1218561,1218739 This update for python-instance-billing-flavor-check fixes the following issues: - Support proxy setup on the client to access the update infrastructure API (bsc#1218561) - Add IPv6 support (bsc#1218739) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:427-1 Released: Thu Feb 8 12:56:57 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1196293,1211547,1216049,1216388,1216390,1216522,1216827,1217287,1218201,1218282 This update for supportutils fixes the following issues: - Update to version 3.1.28 - Correctly detects Xen Dom0 (bsc#1218201) - Fixed smart disk error (bsc#1218282) - Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173) - Added missing klp information to kernel-livepatch.txt (bsc#1216390) - Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388) - Provides long listing for /etc/sssd/sssd.conf (bsc#1211547) - Optimize lsof usage (bsc#1183663) - Collects chrony or ntp as needed (bsc#1196293) - Fixed podman display issue (bsc#1217287) - Added nvme-stas configuration to nvme.txt (bsc#1216049) - Added timed command to fs-files.txt (bsc#1216827) - Collects zypp history file issue#166 (bsc#1216522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:444-1 Released: Fri Feb 9 16:39:32 2024 Summary: Security update for suse-build-key Type: security Severity: important References: 1219123,1219189 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:459-1 Released: Tue Feb 13 15:28:56 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:480-1 Released: Thu Feb 15 12:35:51 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:515-1 Released: Thu Feb 15 15:45:38 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1108281,1177529,1209834,1212091,1215275,1215885,1216016,1216702,1217217,1217670,1217895,1217987,1217988,1217989,1218689,1218713,1218730,1218752,1218757,1218768,1218804,1218832,1218836,1218916,1218929,1218930,1218968,1219053,1219120,1219128,1219349,1219412,1219429,1219434,1219490,1219608,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-4921,CVE-2023-51042,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0340,CVE-2024-0565,CVE-2024-0641,CVE-2024-0775,CVE-2024-1085,CVE-2024-1086,CVE-2024-24860 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429). - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608). The following non-security bugs were fixed: - Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). - bcache: Remove unnecessary NULL point check in node allocations (git-fixes). - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). - bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). - bcache: avoid oversize memory allocation by small stripe_size (git-fixes). - bcache: check return value from btree_node_alloc_replacement() (git-fixes). - bcache: fixup btree_cache_wait list damage (git-fixes). - bcache: fixup init dirty data errors (git-fixes). - bcache: fixup lock c->root error (git-fixes). - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes). - bcache: prevent potential division by zero error (git-fixes). - bcache: remove redundant assignment to variable cur_idx (git-fixes). - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). - block: Fix kabi header include (bsc#1218929). - block: free the extended dev_t minor later (bsc#1218930). - clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217). - clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885). - dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). - dm cache: add cond_resched() to various workqueue loops (git-fixes). - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes). - dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). - dm crypt: avoid accessing uninitialized tasklet (git-fixes). - dm flakey: do not corrupt the zero page (git-fixes). - dm flakey: fix a crash with invalid table line (git-fixes). - dm flakey: fix logic when corrupting a bio (git-fixes). - dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). - dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes). - dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes). - dm stats: check for and propagate alloc_percpu failure (git-fixes). - dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes). - dm thin metadata: check fail_io before using data_sm (git-fixes). - dm thin: add cond_resched() to various workqueue loops (git-fixes). - dm thin: fix deadlock when swapping to thin device (bsc#1177529). - dm verity: do not perform FEC for failed readahead IO (git-fixes). - dm verity: fix error handling for check_at_most_once on FEC (git-fixes). - dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes). - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). - dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). - dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). - dm-verity: align struct dm_verity_fec_io properly (git-fixes). - dm: add cond_resched() to dm_wq_work() (git-fixes). - dm: do not lock fs when the map is NULL during suspend or resume (git-fixes). - dm: do not lock fs when the map is NULL in process of resume (git-fixes). - dm: remove flush_scheduled_work() during local_exit() (git-fixes). - dm: send just one event on resize, not two (git-fixes). - doc/README.KSYMS: Add to repo. - hv_netvsc: rndis_filter needs to select NLS (git-fixes). - intel_idle: add Emerald Rapids Xeon support (bsc#1216016). - kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - loop: suppress uevents while reconfiguring the device (git-fixes). - nbd: Fix debugfs_create_dir error checking (git-fixes). - nbd: fix incomplete validation of ioctl arg (git-fixes). - nbd: use the correct block_device in nbd_bdev_reset (git-fixes). - nfsd: fix RELEASE_LOCKOWNER (bsc#1218968). - nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349). - null_blk: Always check queue mode setting from configfs (git-fixes). - powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes). - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes). - rbd: decouple header read-in from updating rbd_dev->header (git-fixes). - rbd: decouple parent info read-in from updating rbd_dev (git-fixes). - rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes). - rbd: harden get_lock_owner_info() a bit (git-fixes). - rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes). - rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes). - rbd: move rbd_dev_refresh() definition (git-fixes). - rbd: prevent busy loop when requesting exclusive lock (git-fixes). - rbd: retrieve and check lock owner twice before blocklisting (git-fixes). - rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes). - sched/isolation: add cpu_is_isolated() API (bsc#1217895). - scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097). - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097). - trace,smp: Add tracepoints around remotelly called functions (bsc#1217895). - vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:534-1 Released: Tue Feb 20 08:48:52 2024 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1218762,1218763 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.9 (bsc#1218762, bsc#1218763) - Remove duplicate data collection for the plugin itself - Collect archive metering data when available - Query billing flavor status ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:565-1 Released: Wed Feb 21 07:18:46 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219425 This update for suseconnect-ng fixes the following issues: - Allow SUSEConnect on read write transactional systems (bsc#1219425) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:581-1 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Type: security Severity: moderate References: 1210638,CVE-2023-27043 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:586-1 Released: Thu Feb 22 09:54:21 2024 Summary: Security update for docker Type: security Severity: important References: 1219267,1219268,1219438,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438). * CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268). * CVE-2024-23651: Fixed race condition in mount (bsc#1219267). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:590-1 Released: Thu Feb 22 14:38:47 2024 Summary: Security update for bind Type: security Severity: important References: 1219823,1219826,1219851,1219852,1219853,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-5679,CVE-2023-6516 This update for bind fixes the following issues: Update to release 9.16.48: Feature Changes: * The IP addresses for B.ROOT-SERVERS.NET have been updated to 170.247.170.2 and 2801:1b8:10::b. Security Fixes: * Validating DNS messages containing a lot of DNSSEC signatures could cause excessive CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50387) [bsc#1219823] * Preparing an NSEC3 closest encloser proof could cause excessive CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50868) [bsc#1219826] * Parsing DNS messages with many different names could cause excessive CPU load. This has been fixed. (CVE-2023-4408) [bsc#1219851] * Specific queries could cause named to crash with an assertion failure when nxdomain-redirect was enabled. This has been fixed. (CVE-2023-5517) [bsc#1219852] * A bad interaction between DNS64 and serve-stale could cause named to crash with an assertion failure, when both of these features were enabled. This has been fixed. (CVE-2023-5679) [bsc#1219853] * Query patterns that continuously triggered cache database maintenance could cause an excessive amount of memory to be allocated, exceeding max-cache-size and potentially leading to all available memory on the host running named being exhausted. This has been fixed. (CVE-2023-6516) [bsc#1219854] Removed Features: * Support for using AES as the DNS COOKIE algorithm (cookie-algorithm aes;) has been deprecated and will be removed in a future release. Please use the current default, SipHash-2-4, instead. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:596-1 Released: Thu Feb 22 20:05:29 2024 Summary: Security update for openssh Type: security Severity: important References: 1218215,CVE-2023-51385 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:613-1 Released: Mon Feb 26 11:21:43 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:638-1 Released: Tue Feb 27 10:36:11 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1218862,1218865,CVE-2024-0553,CVE-2024-0567 This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862). - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:795-1 Released: Thu Mar 7 10:33:50 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:802-1 Released: Thu Mar 7 11:07:48 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1215692,1218926,1218927,1219265,1219751 This update for wicked fixes the following issues: - ifreload: VLAN changes require device deletion (bsc#1218927) - ifcheck: fix config changed check (bsc#1218926) - client: fix exit code for no-carrier status (bsc#1219265) - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) - duid: fix comment for v6time - rtnl: fix peer address parsing for non ptp-interfaces - system-updater: Parse updater format from XML configuration to ensure install calls can run - team: add new options like link_watch_policy (jsc#PED-7183) - Fix memory leaks in dbus variant destroy and fsm free - xpath: allow underscore in node identifier - vxlan: don't format unknown rtnl attrs (bsc#1219751) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:833-1 Released: Mon Mar 11 10:31:14 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Mon Mar 11 14:15:37 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:838-1 Released: Tue Mar 12 06:46:28 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1220117 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:34 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 updated - bind-utils-9.16.48-150400.5.40.1 updated - cloud-init-config-suse-23.3-150100.8.74.7 updated - cloud-init-23.3-150100.8.74.7 updated - containerd-ctr-1.7.10-150000.106.1 updated - containerd-1.7.10-150000.106.1 updated - cpio-2.13-150400.3.6.1 updated - curl-8.0.1-150400.5.41.1 updated - dhcp-client-4.3.6.P1-150000.6.19.1 updated - dhcp-4.3.6.P1-150000.6.19.1 updated - docker-24.0.7_ce-150000.193.1 updated - efibootmgr-17-150400.3.2.2 updated - grub2-i386-pc-2.06-150400.11.43.2 updated - grub2-x86_64-efi-2.06-150400.11.43.2 updated - grub2-2.06-150400.11.43.2 updated - hwdata-0.378-150000.3.65.1 updated - kernel-default-5.14.21-150400.24.108.1 updated - libavahi-client3-0.8-150400.7.13.1 updated - libavahi-common3-0.8-150400.7.13.1 updated - libblkid1-2.37.2-150400.8.26.1 updated - libcrypt1-4.4.15-150300.4.7.1 updated - libcurl4-8.0.1-150400.5.41.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.191.1 updated - libfdisk1-2.37.2-150400.8.26.1 updated - libfstrm0-0.6.1-150300.9.5.1 updated - libgnutls30-3.7.3-150400.4.41.3 updated - libmaxminddb0-1.4.3-150000.1.8.1 updated - libmetalink3-0.1.3-150000.3.2.1 updated - libmount1-2.37.2-150400.8.26.1 updated - libncurses6-6.1-150000.5.20.1 updated - libopenssl1_1-1.1.1l-150400.7.63.1 updated - libprocps8-3.3.17-150000.7.37.1 added - libpython3_6m1_0-3.6.15-150300.10.54.1 updated - libsmartcols1-2.37.2-150400.8.26.1 updated - libsolv-tools-0.7.28-150400.3.16.2 updated - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - libsystemd0-249.17-150400.8.40.1 updated - libudev1-249.17-150400.8.40.1 updated - libuuid1-2.37.2-150400.8.26.1 updated - libxml2-2-2.9.14-150400.5.28.1 updated - libzypp-17.31.31-150400.3.52.2 updated - ncurses-utils-6.1-150000.5.20.1 updated - netcfg-11.6-150000.3.6.1 updated - openssh-clients-8.4p1-150300.3.30.1 updated - openssh-common-8.4p1-150300.3.30.1 updated - openssh-server-8.4p1-150300.3.30.1 updated - openssh-8.4p1-150300.3.30.1 updated - openssl-1_1-1.1.1l-150400.7.63.1 updated - pam-1.3.0-150000.6.66.1 updated - procps-3.3.17-150000.7.37.1 updated - python-instance-billing-flavor-check-0.0.6-150000.1.9.1 updated - python3-PyJWT-2.4.0-150200.3.8.1 updated - python3-attrs-19.3.0-150200.3.6.1 updated - python3-base-3.6.15-150300.10.54.1 updated - python3-bind-9.16.48-150400.5.40.1 updated - python3-blinker-1.4-150000.3.6.1 updated - python3-chardet-3.0.4-150000.5.3.1 updated - python3-cryptography-3.3.2-150400.23.1 updated - python3-cssselect-1.0.3-150000.3.5.1 updated - python3-importlib-metadata-1.5.0-150100.3.5.1 updated - python3-jsonpatch-1.23-150100.3.5.1 updated - python3-jsonpointer-1.14-150000.3.2.1 updated - python3-jsonschema-3.2.0-150200.9.5.1 updated - python3-lxml-4.7.1-150200.3.12.1 updated - python3-more-itertools-8.10.0-150400.7.1 updated - python3-netifaces-0.10.6-150000.3.2.1 updated - python3-oauthlib-2.0.6-150000.3.6.1 updated - python3-passlib-1.7.4-150300.3.2.1 added - python3-pyrsistent-0.14.4-150100.3.4.1 updated - python3-pyserial-3.4-150000.3.4.1 updated - python3-zipp-0.6.0-150100.3.5.1 updated - python3-3.6.15-150300.10.54.1 updated - rpm-ndb-4.14.3-150400.59.7.1 updated - rsyslog-module-relp-8.2306.0-150400.5.27.1 updated - rsyslog-8.2306.0-150400.5.27.1 updated - runc-1.1.12-150000.61.2 updated - samba-client-libs-4.15.13+git.710.7032820fcd-150400.3.34.2 updated - sudo-1.9.9-150400.4.33.1 updated - supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 updated - supportutils-3.1.28-150300.7.35.24.1 updated - suse-build-key-12.0-150000.8.43.1 updated - suse-module-tools-15.4.19-150400.3.17.1 updated - suseconnect-ng-1.7.0~git0.5338270-150400.3.25.1 updated - systemd-sysvinit-249.17-150400.8.40.1 updated - systemd-249.17-150400.8.40.1 updated - tar-1.34-150000.3.34.1 updated - terminfo-base-6.1-150000.5.20.1 updated - terminfo-6.1-150000.5.20.1 updated - timezone-2024a-150000.75.28.1 updated - udev-249.17-150400.8.40.1 updated - util-linux-systemd-2.37.2-150400.8.26.1 updated - util-linux-2.37.2-150400.8.26.1 updated - wget-1.20.3-150000.3.17.1 updated - wicked-service-0.6.74-150400.3.13.1 updated - wicked-0.6.74-150400.3.13.1 updated - xen-libs-4.16.5_12-150400.4.46.1 updated - zypper-1.14.68-150400.3.40.2 updated - libprocps7-3.3.15-150000.7.34.1 removed From sle-container-updates at lists.suse.com Thu Mar 14 08:01:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Mar 2024 09:01:16 +0100 (CET) Subject: SUSE-IU-2024:283-1: Security update of suse-sles-15-sp4-chost-byos-v20240312-hvm-ssd-x86_64 Message-ID: <20240314080116.6CE03F7A4@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20240312-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:283-1 Image Tags : suse-sles-15-sp4-chost-byos-v20240312-hvm-ssd-x86_64:20240312 Image Release : Severity : critical Type : security References : 1027519 1029961 1084909 1107342 1108281 1158830 1170415 1170446 1177529 1178760 1179610 1183045 1183663 1193173 1193285 1196293 1198269 1198533 1201010 1201384 1206798 1207987 1209122 1209834 1210141 1210447 1210638 1211162 1211188 1211190 1211226 1211547 1211886 1212091 1212160 1212584 1213229 1213500 1214076 1214169 1214169 1214286 1214668 1214747 1214788 1214823 1214976 1215124 1215229 1215237 1215241 1215275 1215292 1215294 1215323 1215420 1215434 1215458 1215496 1215692 1215696 1215698 1215710 1215740 1215794 1215885 1215885 1216007 1216011 1216016 1216049 1216057 1216058 1216105 1216259 1216388 1216390 1216412 1216522 1216559 1216584 1216693 1216702 1216752 1216759 1216776 1216827 1216844 1216853 1216861 1216909 1216959 1216965 1216976 1216987 1217000 1217036 1217036 1217068 1217086 1217124 1217140 1217195 1217200 1217205 1217217 1217217 1217237 1217250 1217277 1217287 1217292 1217332 1217366 1217460 1217513 1217515 1217592 1217593 1217598 1217599 1217602 1217609 1217670 1217687 1217692 1217695 1217696 1217731 1217775 1217780 1217790 1217801 1217873 1217895 1217933 1217938 1217946 1217947 1217950 1217952 1217961 1217969 1217980 1217981 1217982 1217987 1217988 1217989 1218014 1218056 1218126 1218139 1218184 1218186 1218201 1218209 1218215 1218234 1218253 1218258 1218282 1218291 1218335 1218357 1218364 1218447 1218475 1218515 1218559 1218561 1218569 1218571 1218571 1218649 1218659 1218689 1218713 1218730 1218739 1218752 1218757 1218762 1218763 1218765 1218768 1218782 1218799 1218804 1218831 1218832 1218836 1218851 1218862 1218865 1218894 1218894 1218916 1218926 1218927 1218929 1218930 1218952 1218968 1219026 1219053 1219120 1219123 1219123 1219128 1219189 1219189 1219238 1219243 1219265 1219267 1219268 1219349 1219412 1219425 1219429 1219434 1219438 1219442 1219490 1219576 1219608 1219751 1219823 1219826 1219851 1219852 1219853 1219854 1220117 1220385 1220389 CVE-2020-12912 CVE-2020-26555 CVE-2020-8694 CVE-2020-8695 CVE-2021-33631 CVE-2023-1667 CVE-2023-1786 CVE-2023-2006 CVE-2023-2283 CVE-2023-25775 CVE-2023-27043 CVE-2023-38472 CVE-2023-39197 CVE-2023-39198 CVE-2023-39804 CVE-2023-4244 CVE-2023-42465 CVE-2023-4408 CVE-2023-45863 CVE-2023-45871 CVE-2023-46838 CVE-2023-46839 CVE-2023-46862 CVE-2023-47233 CVE-2023-48795 CVE-2023-48795 CVE-2023-49083 CVE-2023-4921 CVE-2023-50387 CVE-2023-50495 CVE-2023-50868 CVE-2023-51042 CVE-2023-51043 CVE-2023-51385 CVE-2023-5158 CVE-2023-51779 CVE-2023-51780 CVE-2023-51782 CVE-2023-5517 CVE-2023-5679 CVE-2023-5717 CVE-2023-5981 CVE-2023-6004 CVE-2023-6039 CVE-2023-6040 CVE-2023-6121 CVE-2023-6176 CVE-2023-6356 CVE-2023-6516 CVE-2023-6531 CVE-2023-6535 CVE-2023-6536 CVE-2023-6546 CVE-2023-6606 CVE-2023-6610 CVE-2023-6622 CVE-2023-6915 CVE-2023-6918 CVE-2023-6931 CVE-2023-6932 CVE-2023-7207 CVE-2023-7207 CVE-2024-0340 CVE-2024-0553 CVE-2024-0565 CVE-2024-0567 CVE-2024-0641 CVE-2024-0727 CVE-2024-0775 CVE-2024-1085 CVE-2024-1086 CVE-2024-21626 CVE-2024-21626 CVE-2024-22365 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24860 CVE-2024-25062 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20240312-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4810-1 Released: Wed Dec 13 18:59:03 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1084909,1210447,1214286,1214976,1215124,1215292,1215420,1215458,1215710,1216058,1216105,1216259,1216584,1216693,1216759,1216844,1216861,1216909,1216959,1216965,1216976,1217036,1217068,1217086,1217124,1217140,1217195,1217200,1217205,1217332,1217366,1217515,1217598,1217599,1217609,1217687,1217731,1217780,CVE-2023-2006,CVE-2023-25775,CVE-2023-39197,CVE-2023-39198,CVE-2023-4244,CVE-2023-45863,CVE-2023-45871,CVE-2023-46862,CVE-2023-5158,CVE-2023-5717,CVE-2023-6039,CVE-2023-6176 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). - CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). The following non-security bugs were fixed: - ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes). - ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes). - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes). - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes). - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes). - ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes). - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes). - ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes). - ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes). - ALSA: info: Fix potential deadlock at disconnection (git-fixes). - ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes). - ASoC: ams-delta.c: use component after check (git-fixes). - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). - ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes). - ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes). - ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes). - ASoC: hdmi-codec: register hpd callback on component probe (git-fixes). - ASoC: rt5650: fix the wrong result of key button (git-fixes). - ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes). - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes). - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes). - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes). - Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes). - Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes). - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes). - HID: hyperv: Replace one-element array with flexible-array member (git-fixes). - HID: hyperv: avoid struct memcpy overrun warning (git-fixes). - HID: hyperv: remove unused struct synthhid_msg (git-fixes). - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). - HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes). - HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). - HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes). - HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes). - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes). - Input: xpad - add VID for Turtle Beach controllers (git-fixes). - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes). - PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes). - PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458). - PCI: Extract ATS disabling to a helper function (bsc#1215458). - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes). - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes). - PCI: Use FIELD_GET() to extract Link Width (git-fixes). - PCI: exynos: Do not discard .remove() callback (git-fixes). - PCI: keystone: Do not discard .probe() callback (git-fixes). - PCI: keystone: Do not discard .remove() callback (git-fixes). - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes). - PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes). - PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes). - USB: dwc2: write HCINT with INTMASK applied (bsc#1214286). - USB: dwc3: qcom: fix ACPI platform device leak (git-fixes). - USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). - USB: dwc3: qcom: fix software node leak on probe errors (git-fixes). - USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes). - USB: serial: option: add Fibocom L7xx modules (git-fixes). - USB: serial: option: add Luat Air72*U series products (git-fixes). - USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes). - USB: serial: option: fix FM101R-GL defines (git-fixes). - USB: usbip: fix stub_dev hub disconnect (git-fixes). - arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). - arm64: Add Cortex-A520 CPU part definition (git-fixes) - arm64: allow kprobes on EL0 handlers (git-fixes) - arm64: armv8_deprecated move emulation functions (git-fixes) - arm64: armv8_deprecated: fix unused-function error (git-fixes) - arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) - arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) - arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) - arm64: consistently pass ESR_ELx to die() (git-fixes) - arm64: die(): pass 'err' as long (git-fixes) - arm64: factor insn read out of call_undef_hook() (git-fixes) - arm64: factor out EL1 SSBS emulation hook (git-fixes) - arm64: report EL1 UNDEFs better (git-fixes) - arm64: rework BTI exception handling (git-fixes) - arm64: rework EL0 MRS emulation (git-fixes) - arm64: rework FPAC exception handling (git-fixes) - arm64: split EL0/EL1 UNDEF handlers (git-fixes) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes). - atl1c: Work around the DMA RX overflow issue (git-fixes). - atm: iphase: Do PCI error checks on own line (git-fixes). - blk-mq: Do not clear driver tags own mapping (bsc#1217366). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). - bluetooth: Add device 0bda:887b to device tables (git-fixes). - bluetooth: Add device 13d3:3571 to device tables (git-fixes). - can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). - can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes). - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). - can: isotp: add local echo tx processing for consecutive frames (git-fixes). - can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes). - can: isotp: fix tx state handling for echo tx processing (git-fixes). - can: isotp: handle wait_event_interruptible() return values (git-fixes). - can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes). - can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes). - can: isotp: remove re-binding of bound socket (git-fixes). - can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes). - can: isotp: set max PDU size to 64 kByte (git-fixes). - can: isotp: split tx timer into transmission and timeout (git-fixes). - can: sja1000: Fix comment (git-fixes). - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes). - clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes). - clk: imx: imx8mq: correct error handling path (git-fixes). - clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes). - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes). - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes). - clk: npcm7xx: Fix incorrect kfree (git-fixes). - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes). - clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes). - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes). - clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes). - clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes). - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). - clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes). - clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes). - clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes). - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes). - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes). - dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). - docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). - docs: net: reformat driver.rst from a list to sections (bsc#1215458). - docs: net: use C syntax highlight in driver.rst (bsc#1215458). - drm/amd/display: Avoid NULL dereference of timing generator (git-fixes). - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes). - drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). - drm/amd/display: use full update for clip size increase of large plane source (git-fixes). - drm/amd/pm: Handle non-terminated overdrive commands (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes). - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes). - drm/amdgpu: Fix potential null pointer derefernce (git-fixes). - drm/amdgpu: do not use ATRM for external devices (git-fixes). - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). - drm/amdgpu: fix software pci_unplug on some chips (git-fixes). - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes). - drm/amdkfd: Fix shift out-of-bounds issue (git-fixes). - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). - drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). - drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes). - drm/bridge: lt8912b: Fix bridge_detach (git-fixes). - drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes). - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes). - drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). - drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes). - drm/bridge: tc358768: Fix bit updates (git-fixes). - drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes). - drm/gud: Use size_add() in call to struct_size() (git-fixes). - drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). - drm/i915: Fix potential spectre vulnerability (git-fixes). - drm/komeda: drop all currently held locks if deadlock happens (git-fixes). - drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes). - drm/mediatek: Fix iommu fault during crtc enabling (git-fixes). - drm/mipi-dsi: Create devm device attachment (git-fixes). - drm/mipi-dsi: Create devm device registration (git-fixes). - drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes). - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes). - drm/panel: fix a possible null pointer dereference (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes). - drm/panel: st7703: Pick different reset sequence (git-fixes). - drm/qxl: prevent memory leak (git-fixes). - drm/radeon: possible buffer overflow (git-fixes). - drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes). - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes). - drm/rockchip: vop: Fix call to crtc reset helper (git-fixes). - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes). - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes). - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes). - drm/vc4: fix typo (git-fixes). - drm: vmwgfx_surface.c: copy user-array safely (git-fixes). - dt-bindings: usb: hcd: add missing phy name to example (git-fixes). - dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). - fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). - fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes). - fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes). - fbdev: imsttfb: fix a resource leak in probe (git-fixes). - fbdev: imsttfb: fix double free in probe() (git-fixes). - fbdev: omapfb: Drop unused remove function (git-fixes). - firewire: core: fix possible memory leak in create_units() (git-fixes). - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes). - gpio: mockup: fix kerneldoc (git-fixes). - gpio: mockup: remove unused field (git-fixes). - hid: cp2112: Fix duplicate workqueue initialization (git-fixes). - hv: simplify sysctl registration (git-fixes). - hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes). - hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes). - hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). - hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes). - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes). - i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). - i2c: core: Run atomic i2c xfer when !preemptible (git-fixes). - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes). - i2c: dev: copy userspace array safely (git-fixes). - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes). - i2c: iproc: handle invalid slave state (git-fixes). - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). - i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes). - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes). - i3c: master: cdns: Fix reading status register (git-fixes). - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes). - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes). - i3c: master: svc: fix check wrong status register in irq handler (git-fixes). - i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). - i3c: master: svc: fix race condition in ibi work thread (git-fixes). - i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes). - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes). - i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes). - idpf: add RX splitq napi poll support (bsc#1215458). - idpf: add SRIOV support and other ndo_ops (bsc#1215458). - idpf: add TX splitq napi poll support (bsc#1215458). - idpf: add controlq init and reset checks (bsc#1215458). - idpf: add core init and interrupt request (bsc#1215458). - idpf: add create vport and netdev configuration (bsc#1215458). - idpf: add ethtool callbacks (bsc#1215458). - idpf: add module register and probe functionality (bsc#1215458). - idpf: add ptypes and MAC filter support (bsc#1215458). - idpf: add singleq start_xmit and napi poll (bsc#1215458). - idpf: add splitq start_xmit (bsc#1215458). - idpf: cancel mailbox work in error path (bsc#1215458). - idpf: configure resources for RX queues (bsc#1215458). - idpf: configure resources for TX queues (bsc#1215458). - idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). - idpf: initialize interrupts and enable vport (bsc#1215458). - idpf: set scheduling mode for completion queue (bsc#1215458). - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes). - iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes). - iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). - irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes). - leds: pwm: Do not disable the PWM when the LED should be off (git-fixes). - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes). - leds: turris-omnia: Do not use SMBUS calls (git-fixes). - lsm: fix default return value for inode_getsecctx (git-fixes). - lsm: fix default return value for vm_enough_memory (git-fixes). - media: bttv: fix use after free error due to btv->timeout timer (git-fixes). - media: ccs: Correctly initialise try compose rectangle (git-fixes). - media: ccs: Fix driver quirk struct documentation (git-fixes). - media: cedrus: Fix clock/reset sequence (git-fixes). - media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes). - media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). - media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes). - media: imon: fix access to invalid resource for the second interface (git-fixes). - media: lirc: drop trailing space from scancode transmit (git-fixes). - media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes). - media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes). - media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes). - media: qcom: camss: Fix vfe_get() error jump (git-fixes). - media: sharp: fix sharp encoding (git-fixes). - media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes). - media: venus: hfi: add checks to handle capabilities from firmware (git-fixes). - media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes). - media: venus: hfi: fix the check to handle session buffer requirement (git-fixes). - media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes). - media: vidtv: mux: Add check and kfree for kstrdup (git-fixes). - media: vidtv: psi: Add check for kstrdup (git-fixes). - media: vivid: avoid integer overflow (git-fixes). - mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes). - mfd: core: Ensure disabled devices are skipped without aborting (git-fixes). - mfd: dln2: Fix double put in dln2_probe (git-fixes). - misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes). - mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes). - mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes). - mmc: block: Do not lose cache flush during CQE error recovery (git-fixes). - mmc: block: Retry commands in CQE error recovery (git-fixes). - mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes). - mmc: cqhci: Increase recovery halt timeout (git-fixes). - mmc: cqhci: Warn of halt or task clear failure (git-fixes). - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes). - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes). - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes). - mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes). - mmc: vub300: fix an error code (git-fixes). - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes). - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). - mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes). - mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes). - net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). - net: Avoid address overwrite in kernel_connect (bsc#1216861). - net: add macro netif_subqueue_completed_wake (bsc#1215458). - net: fix use-after-free in tw_timer_handler (bsc#1217195). - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). - net: mana: Fix return type of mana_start_xmit() (git-fixes). - net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). - net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). - net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes). - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes). - nvme: update firmware version after commit (bsc#1215292). - pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). - pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). - pinctrl: avoid reload of p state in list iteration (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes). - platform/x86: wmi: Fix opening of char device (git-fixes). - platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes). - platform/x86: wmi: remove unnecessary initializations (git-fixes). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). - pwm: Fix double shift bug (git-fixes). - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes). - pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes). - r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). - r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). - r8152: Check for unplug in rtl_phy_patch_request() (git-fixes). - r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). - r8152: Release firmware if we have an error in probe (git-fixes). - r8152: Run the unload routine if we have errors during probe (git-fixes). - regmap: Ensure range selector registers are updated after cache sync (git-fixes). - regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes). - regmap: prevent noinc writes from clobbering cache (git-fixes). - s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687). - s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). - s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086). - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086). - s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086). - s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). - s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). - s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086). - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086). - s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599). - sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731). - scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731). - scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). - scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731). - scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). - scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731). - scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124). - scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731). - scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124). - scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). - scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). - scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731). - scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124). - scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). - scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes). - selftests/efivarfs: create-read: fix a resource leak (git-fixes). - selftests/pidfd: Fix ksft print formats (git-fixes). - selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes). - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes). - selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes). - seq_buf: fix a misleading comment (git-fixes). - serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes). - serial: meson: Use platform_get_irq() to get the interrupt (git-fixes). - soc: qcom: llcc: Handle a second device without data corruption (git-fixes). - spi: nxp-fspi: use the correct ioremap function (git-fixes). - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). - spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes). - staging: media: ipu3: remove ftrace-like logging (git-fixes). - string.h: add array-wrappers for (v)memdup_user() (git-fixes). - supported.conf: marked idpf supported - thermal: core: prevent potential string overflow (git-fixes). - treewide: Spelling fix in comment (git-fixes). - tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). - tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes). - tty: 8250: Add support for Brainboxes UP cards (git-fixes). - tty: 8250: Add support for Intashield IS-100 (git-fixes). - tty: 8250: Add support for Intashield IX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes PX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes UC cards (git-fixes). - tty: 8250: Fix port count of PX-257 (git-fixes). - tty: 8250: Fix up PX-803/PX-857 (git-fixes). - tty: 8250: Remove UC-257 and UC-431 (git-fixes). - tty: Fix uninit-value access in ppp_sync_receive() (git-fixes). - tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). - tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes). - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). - tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes). - usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes). - usb: chipidea: Fix DMA overwrite for Tegra (git-fixes). - usb: chipidea: Simplify Tegra DMA alignment code (git-fixes). - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes). - usb: dwc3: Fix default mode initialization (git-fixes). - usb: dwc3: set the dma max_seg_size (git-fixes). - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes). - usb: raw-gadget: properly handle interrupted requests (git-fixes). - usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes). - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes). - usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes). - virtchnl: add virtchnl version 2 ops (bsc#1215458). - wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes). - wifi: ath10k: fix clang-specific fortify warning (git-fixes). - wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes). - wifi: ath11k: fix dfs radar event locking (git-fixes). - wifi: ath11k: fix htt pktlog locking (git-fixes). - wifi: ath11k: fix temperature event locking (git-fixes). - wifi: ath9k: fix clang-specific fortify warnings (git-fixes). - wifi: iwlwifi: Use FW rate for non-data frames (git-fixes). - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes). - wifi: iwlwifi: empty overflow queue during flush (git-fixes). - wifi: iwlwifi: honor the enable_ini value (git-fixes). - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes). - wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes). - wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes). - wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). - wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes). - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes). - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes). - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes). - x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes). - x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes). - x86/hyperv: Make hv_get_nmi_reason public (git-fixes). - x86/hyperv: fix a warning in mshyperv.h (git-fixes). - x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes). - x86/sev: Fix calculation of end address based on number of pages (git-fixes). - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: add attr state machine tracepoints (git-fixes). - xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). - xfs: constify btree function parameters that are not modified (git-fixes). - xfs: convert AGF log flags to unsigned (git-fixes). - xfs: convert AGI log flags to unsigned (git-fixes). - xfs: convert attr type flags to unsigned (git-fixes). - xfs: convert bmap extent type flags to unsigned (git-fixes). - xfs: convert bmapi flags to unsigned (git-fixes). - xfs: convert btree buffer log flags to unsigned (git-fixes). - xfs: convert buffer flags to unsigned (git-fixes). - xfs: convert buffer log item flags to unsigned (git-fixes). - xfs: convert da btree operations flags to unsigned (git-fixes). - xfs: convert dquot flags to unsigned (git-fixes). - xfs: convert inode lock flags to unsigned (git-fixes). - xfs: convert log item tracepoint flags to unsigned (git-fixes). - xfs: convert log ticket and iclog flags to unsigned (git-fixes). - xfs: convert quota options flags to unsigned (git-fixes). - xfs: convert scrub type flags to unsigned (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes). - xfs: make the key parameters to all btree key comparison functions const (git-fixes). - xfs: make the key parameters to all btree query range functions const (git-fixes). - xfs: make the keys and records passed to btree inorder functions const (git-fixes). - xfs: make the pointer passed to btree set_root functions const (git-fixes). - xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). - xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). - xfs: mark the record passed into btree init_key functions as const (git-fixes). - xfs: mark the record passed into xchk_btree functions as const (git-fixes). - xfs: remove xfs_btree_cur_t typedef (git-fixes). - xfs: rename i_disk_size fields in ftrace output (git-fixes). - xfs: resolve fork names in trace output (git-fixes). - xfs: standardize AG block number formatting in ftrace output (git-fixes). - xfs: standardize AG number formatting in ftrace output (git-fixes). - xfs: standardize daddr formatting in ftrace output (git-fixes). - xfs: standardize inode generation formatting in ftrace output (git-fixes). - xfs: standardize inode number formatting in ftrace output (git-fixes). - xfs: standardize remaining xfs_buf length tracepoints (git-fixes). - xfs: standardize rmap owner number formatting in ftrace output (git-fixes). - xhci: Enable RPM on controllers that support low-power states (git-fixes). - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4843-1 Released: Thu Dec 14 12:22:44 2023 Summary: Security update for python3-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4880-1 Released: Fri Dec 15 10:43:44 2023 Summary: Recommended update for xen Type: recommended Severity: moderate References: 1027519 This update for xen fixes the following issues: - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4901-1 Released: Tue Dec 19 11:25:47 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1216853,CVE-2023-38472 This update for avahi fixes the following issues: - CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4902-1 Released: Tue Dec 19 13:09:42 2023 Summary: Security update for openssh Type: security Severity: important References: 1214788,1217950,CVE-2023-48795 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4916-1 Released: Wed Dec 20 08:49:04 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1215229 This update for lvm2 fixes the following issues: - Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4936-1 Released: Wed Dec 20 17:18:21 2023 Summary: Security update for docker, rootlesskit Type: security Severity: important References: 1170415,1170446,1178760,1210141,1213229,1213500,1215323,1217513,CVE-2020-12912,CVE-2020-8694,CVE-2020-8695 This update for docker, rootlesskit fixes the following issues: docker: - Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513 * Deny containers access to /sys/devices/virtual/powercap by default. - CVE-2020-8694 bsc#1170415 - CVE-2020-8695 bsc#1170446 - CVE-2020-12912 bsc#1178760 - Update to Docker 24.0.6-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323 - Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141 - Update to Docker 24.0.5-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229 This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180) rootlesskit: - new package, for docker rootless support. (jsc#PED-6180) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4983-1 Released: Thu Dec 28 14:21:40 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:8-1 Released: Tue Jan 2 13:18:50 2024 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1214076 This update for samba fixes the following issues: - Add 'net offlinejoin composeodj' command (bsc#1214076) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-?? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:50-1 Released: Mon Jan 8 03:20:25 2024 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1217695,1217696 This update for python-instance-billing-flavor-check fixes the following issues: - Run the command as sudo only (bsc#1217696, bsc#1217695) - Handle exception for Python 3.4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate References: 1215496 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:68-1 Released: Tue Jan 9 15:26:08 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1217292 This update for rsyslog fixes the following issues: - Restart daemon after modules packages have been updated (bsc#1217292) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:70-1 Released: Tue Jan 9 18:29:39 2024 Summary: Security update for tar Type: security Severity: low References: 1217969,CVE-2023-39804 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:88-1 Released: Thu Jan 11 10:08:20 2024 Summary: Recommended update for libsolv, zypper, libzypp Type: recommended Severity: moderate References: 1212160,1215294,1216412,1217593,1217873,1218291 This update for libsolv, zypper, libzypp fixes the following issues: - Expand RepoVars in URLs downloading a .repo file (bsc#1212160) - Fix search/info commands ignoring --ignore-unknown (bsc#1217593) - CheckAccessDeleted: fix 'running in container' filter (bsc#1218291) - Open rpmdb just once during execution of %posttrans scripts (bsc#1216412) - Make sure reboot-needed is remembered until next boot (bsc#1217873) - Stop using boost version 1 timer library (bsc#1215294) - Updated to version 0.7.27 - Add zstd support for the installcheck tool - Add putinowndirpool cache to make file list handling in repo_write much faster - Do not use deprecated headerUnload with newer rpm versions - Support complex deps in SOLVABLE_PREREQ_IGNOREINST - Fix minimization not prefering installed packages in some cases - Reduce memory usage in repo_updateinfoxml - Fix lock-step interfering with architecture selection - Fix choice rule handing for package downgrades - Fix complex dependencies with an 'else' part sometimes leading to unsolved dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:105-1 Released: Mon Jan 15 15:41:05 2024 Summary: Recommended update for grub2 and efibootmgr Type: recommended Severity: important References: 1217237 This update for grub2 and efibootmgr fixes the following issues: grub2: - Deliver missing grub2-arm64-efi and grub2-powerpc-ieee1275 to SUSE Manager 4.3 (no source changes) (bsc#1217237) efibootmgr: - Deliver missing efibootmgr to SUSE Manager 4.3 (no source changes) (bsc#1217237) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:125-1 Released: Tue Jan 16 13:46:56 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1218364 This update for suseconnect-ng fixes the following issues: - Update to version 1.5.0 - Configure docker credentials for registry authentication - Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364) - Add --json output option ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:128-1 Released: Tue Jan 16 13:50:37 2024 Summary: Security update for cloud-init Type: security Severity: moderate References: 1198269,1201010,1214169,1215740,1215794,1216007,1216011,CVE-2023-1786 This update for cloud-init contains the following fixes: - Move fdupes call back to %install.(bsc#1214169) - Update to version 23.3. (bsc#1216011) * (bsc#1215794) * (bsc#1215740) * (bsc#1216007) + Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support (#4390) + Fix cc_keyboard in mantic (LP: #2030788) + ec2: initialize get_instance_userdata return value to bytes (#4387) [Noah Meyerhans] + cc_users_groups: Add doas/opendoas support (#4363) [dermotbradley] + Fix pip-managed ansible + status: treat SubState=running and MainPID=0 as service exited + azure/imds: increase read-timeout to 30s (#4372) [Chris Patterson] + collect-logs fix memory usage (SC-1590) (#4289) [Alec Warren] (LP: #1980150) + cc_mounts: Use fallocate to create swapfile on btrfs (#4369) + Undocument nocloud-net (#4318) + feat(akamai): add akamai to settings.py and apport.py (#4370) + read-version: fallback to get_version when git describe fails (#4366) + apt: fix cloud-init status --wait blocking on systemd v 253 (#4364) + integration tests: Pass username to pycloudlib (#4324) + Bump pycloudlib to 1!5.1.0 (#4353) + cloud.cfg.tmpl: reorganise, minimise/reduce duplication (#4272) [dermotbradley] + analyze: fix (unexpected) timestamp parsing (#4347) [Mina Gali??] + cc_growpart: fix tests to run on FreeBSD (#4351) [Mina Gali??] + subp: Fix spurious test failure on FreeBSD (#4355) [Mina Gali??] + cmd/clean: fix tests on non-Linux platforms (#4352) [Mina Gali??] + util: Fix get_proc_ppid() on non-Linux systems (#4348) [Mina Gali??] + cc_wireguard: make tests pass on FreeBSD (#4346) [Mina Gali??] + unittests: fix breakage in test_read_cfg_paths_fetches_cached_datasource (#4328) [Ani Sinha] + Fix test_tools.py collection (#4315) + cc_keyboard: add Alpine support (#4278) [dermotbradley] + Flake8 fixes (#4340) [Robert Schweikert] + cc_mounts: Fix swapfile not working on btrfs (#4319) [?????????] (LP: #1884127) + ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen (#4281) [Wei Zhou] + ec2: Support double encoded userdata (#4275) [Noah Meyerhans] + cc_mounts: xfs is a Linux only FS (#4334) [Mina Gali??] + tests/net: fix TestGetInterfaces' mock coverage for get_master (#4336) [Chris Patterson] + change openEuler to openeuler and fix some bugs in openEuler (#4317) [sxt1001] + Replace flake8 with ruff (#4314) + NM renderer: set default IPv6 addr-gen-mode for all interfaces to eui64 (#4291) [Ani Sinha] + cc_ssh_import_id: add Alpine support and add doas support (#4277) [dermotbradley] + sudoers not idempotent (SC-1589) (#4296) [Alec Warren] (LP: #1998539) + Added support for Akamai Connected Cloud (formerly Linode) (#4167) [Will Smith] + Fix reference before assignment (#4292) + Overhaul module reference page (#4237) [Sally] + replaced spaces with commas for setting passenv (#4269) [Alec Warren] + DS VMware: modify a few log level (#4284) [PengpengSun] + tools/read-version refactors and unit tests (#4268) + Ensure get_features() grabs all features (#4285) + Don't always require passlib dependency (#4274) + tests: avoid leaks into host system checking of ovs-vsctl cmd (#4275) + Fix NoCloud kernel commandline key parsing (#4273) + testing: Clear all LRU caches after each test (#4249) + Remove the crypt dependency (#2139) [Gon??ri Le Bouder] + logging: keep current file mode of log file if its stricter than the new mode (#4250) [Ani Sinha] + Remove default membership in redundant groups (#4258) [Dave Jones] (LP: #1923363) + doc: improve datasource_creation.rst (#4262) + Remove duplicate Integration testing button (#4261) [Rishita Shaw] + tools/read-version: fix the tool so that it can handle version parsing errors (#4234) [Ani Sinha] + net/dhcp: add udhcpc support (#4190) [Jean-Fran??ois Roche] + DS VMware: add i386 arch dir to deployPkg plugin search path [PengpengSun] + LXD moved from linuxcontainers.org to Canonical [Simon Deziel] + cc_mounts.py: Add note about issue with creating mounts inside mounts (#4232) [dermotbradley] + lxd: install lxd from snap, not deb if absent in image + landscape: use landscape-config to write configuration + Add deprecation log during init of DataSourceDigitalOcean (#4194) [tyb-truth] + doc: fix typo on apt.primary.arches (#4238) [Dan Bungert] + Inspect systemd state for cloud-init status (#4230) + instance-data: add system-info and features to combined-cloud-config (#4224) + systemd: Block login until config stage completes (#2111) (LP: #2013403) + tests: proposed should invoke apt-get install -t=-proposed (#4235) + cloud.cfg.tmpl: reinstate ca_certs entry (#4236) [dermotbradley] + Remove feature flag override ability (#4228) + tests: drop stray unrelated file presence test (#4227) + Update LXD URL (#4223) [Sally] + schema: add network v1 schema definition and validation functions + tests: daily PPA for devel series is version 99.daily update tests to match (#4225) + instance-data: write /run/cloud-init/combined-cloud-config.json + mount parse: Fix matching non-existent directories (#4222) [Mina Gali??] + Specify build-system for pep517 (#4218) + Fix network v2 metric rendering (#4220) + Migrate content out of FAQ page (SD-1187) (#4205) [Sally] + setup: fix generation of init templates (#4209) [Mina Gali??] + docs: Correct some bootcmd example wording + fix changelog + tests: reboot client to assert x-shellscript-per-boot is triggered + nocloud: parse_cmdline no longer detects nocloud-net datasource (#4204) (LP: 4203, #2025180) + Add docstring and typing to mergemanydict (#4200) + BSD: add dsidentify to early startup scripts (#4182) [Mina Gali??] + handler: report errors on skipped merged cloud-config.txt parts (LP: #1999952) + Add cloud-init summit writeups (#4179) [Sally] + tests: Update test_clean_log for oci (#4187) + gce: improve ephemeral fallback NIC selection (CPC-2578) (#4163) + tests: pin pytest 7.3.1 to avoid adverse testpaths behavior (#4184) + Ephemeral Networking for FreeBSD (#2165) [Mina Gali??] + Clarify directory syntax for nocloud local filesystem. (#4178) + Set default renderer as sysconfig for centos/rhel (#4165) [Ani Sinha] + Test static routes and netplan 0.106 + FreeBSD fix parsing of mount and mount options (#2146) [Mina Gali??] + test: add tracking bug id (#4164) + tests: can't match MAC for LXD container veth due to netplan 0.106 (#4162) + Add kaiwalyakoparkar as a contributor (#4156) [Kaiwalya Koparkar] + BSD: remove datasource_list from cloud.cfg template (#4159) [Mina Gali??] + launching salt-minion in masterless mode (#4110) [Denis Halturin] + tools: fix run-container builds for rockylinux/8 git hash mismatch (#4161) + fix doc lint: spellchecker tripped up (#4160) [Mina Gali??] + Support Ephemeral Networking for BSD (#2127) + Added / fixed support for static routes on OpenBSD and FreeBSD (#2157) [Kadir Mueller] + cc_rsyslog: Refactor for better multi-platform support (#4119) [Mina Gali??] (LP: #1798055) + tests: fix test_lp1835584 (#4154) + cloud.cfg mod names: docs and rename salt_minion and set_password (#4153) + vultr: remove check_route check (#2151) [Jonas Chevalier] + Update SECURITY.md (#4150) [Indrranil Pawar] + Update CONTRIBUTING.rst (#4149) [Indrranil Pawar] + Update .github-cla-signers (#4151) [Indrranil Pawar] + Standardise module names in cloud.cfg.tmpl to only use underscore (#4128) [dermotbradley] + Modify PR template so autoclose works >From 23.2.2 + Fix NoCloud kernel commandline key parsing (#4273) (Fixes: #4271) (LP: #2028562) + Fix reference before assignment (#4292) (Fixes: #4288) (LP: #2028784) >From 23.2.1 + nocloud: Fix parse_cmdline detection of nocloud-net datasource (#4204) (Fixes: 4203) (LP: #2025180) >From 23.2 + BSD: simplify finding MBR partitions by removing duplicate code [Mina Gali??] + tests: bump pycloudlib version for mantic builds + network-manager: Set higher autoconnect priority for nm keyfiles (#3671) [Ani Sinha] + alpine.py: change the locale file used (#4139) [dermotbradley] + cc_ntp: Sync up with current FreeBSD ntp.conf (#4122) [Mina Gali??] + config: drop refresh_rmc_and_interface as RHEL 7 no longer supported [Robert Schweikert] + docs: Add feedback button to docs + net/sysconfig: enable sysconfig renderer if network manager has ifcfg-rh plugin (#4132) [Ani Sinha] + For Alpine use os-release PRETTY_NAME (#4138) [dermotbradley] + network_manager: add a method for ipv6 static IP configuration (#4127) [Ani Sinha] + correct misnamed template file host.mariner.tmpl (#4124) [dermotbradley] + nm: generate ipv6 stateful dhcp config at par with sysconfig (#4115) [Ani Sinha] + Add templates for GitHub Issues + Add 'peers' and 'allow' directives in cc_ntp (#3124) [Jacob Salmela] + FreeBSD: Fix user account locking (#4114) [Mina Gali??] (GH: #1854594) + FreeBSD: add ResizeGrowFS class to cc_growpart (#2334) [Mina Gali??] + Update tests in Azure TestCanDevBeReformatted class (#2771) [Ksenija Stanojevic] + Replace Launchpad references with GitHub Issues + Fix KeyError in iproute pformat (#3287) [Dmitry Zykov] + schema: read_cfg_paths call init.fetch to lookup /v/l/c/instance + azure/errors: introduce reportable errors for imds (#3647) [Chris Patterson] + FreeBSD (and friends): better identify MBR slices (#2168) [Mina Gali??] (LP: #2016350) + azure/errors: add host reporting for dhcp errors (#2167) [Chris Patterson] + net: purge blacklist_drivers across net and azure (#2160) [Chris Patterson] + net: refactor hyper-v VF filtering and apply to get_interfaces() (#2153) [Chris Patterson] + tests: avoid leaks to underlying filesystem for /etc/cloud/clean.d (#2251) + net: refactor find_candidate_nics_on_linux() to use get_interfaces() (#2159) [Chris Patterson] + resolv_conf: Allow > 3 nameservers (#2152) [Major Hayden] + Remove mount NTFS error message (#2134) [Ksenija Stanojevic] + integration tests: fix image specification parsing (#2166) + ci: add hypothesis scheduled GH check (#2149) + Move supported distros list to docs (#2162) + Fix logger, use instance rather than module function (#2163) + README: Point to Github Actions build status (#2158) + Revert 'fix linux-specific code on bsd (#2143)' (#2161) + Do not generate dsa and ed25519 key types when crypto FIPS mode is enabled (#2142) [Ani Sinha] (LP: 2017761) + Add documentation label automatically (#2156) + sources/azure: report success to host and introduce kvp module (#2141) [Chris Patterson] + setup.py: use pkg-config for udev/rules path (#2137) [dankm] + openstack/static: honor the DNS servers associated with a network (#2138) [Gon??ri Le Bouder] + fix linux-specific code on bsd (#2143) + cli: schema validation of jinja template user-data (SC-1385) (#2132) (LP: #1881925) + gce: activate network discovery on every boot (#2128) + tests: update integration test to assert 640 across reboots (#2145) + Make user/vendor data sensitive and remove log permissions (#2144) (LP: #2013967) + Update kernel command line docs (SC-1457) (#2133) + docs: update network configuration path links (#2140) [d1r3ct0r] + sources/azure: report failures to host via kvp (#2136) [Chris Patterson] + net: Document use of `ip route append` to add routes (#2130) + dhcp: Add missing mocks (#2135) + azure/imds: retry fetching metadata up to 300 seconds (#2121) [Chris Patterson] + [1/2] DHCP: Refactor dhcp client code (#2122) + azure/errors: treat traceback_base64 as string (#2131) [Chris Patterson] + azure/errors: introduce reportable errors (#2129) [Chris Patterson] + users: schema permit empty list to indicate create no users + azure: introduce identity module (#2116) [Chris Patterson] + Standardize disabling cloud-init on non-systemd (#2112) + Update .github-cla-signers (#2126) [Rob Tongue] + NoCloud: Use seedfrom protocol to determine mode (#2107) + rhel: Remove sysvinit files. (#2114) + tox.ini: set -vvvv --showlocals for pytest (#2104) [Chris Patterson] + Fix NoCloud kernel commandline semi-colon args + run-container: make the container/VM timeout configurable (#2118) [Paride Legovini] + suse: Remove sysvinit files. (#2115) + test: Backport assert_call_count for old requests (#2119) + Add 'licebmi' as contributor (#2113) [Mark Martinez] + Adapt DataSourceScaleway to upcoming IPv6 support (#2033) [Louis Bouchard] + rhel: make sure previous-hostname file ends with a new line (#2108) [Ani Sinha] + Adding contributors for DataSourceAkamai (#2110) [acourdavAkamai] + Cleanup ephemeral IP routes on exception (#2100) [sxt1001] + commit 09a64badfb3f51b1b391fa29be19962381a4bbeb [sxt1001] (LP: #2011291) + Standardize kernel commandline user interface (#2093) + config/cc_resizefs: fix do_resize arguments (#2106) [Chris Patterson] + Fix test_dhclient_exits_with_error (#2105) + net/dhcp: catch dhclient failures and raise NoDHCPLeaseError (#2083) [Chris Patterson] + sources/azure: move pps handling out of _poll_imds() (#2075) [Chris Patterson] + tests: bump pycloudlib version (#2102) + schema: do not manipulate draft4 metaschema for jsonschema 2.6.0 (#2098) + sources/azure/imds: don't count timeout errors as connection errors (#2074) [Chris Patterson] + Fix Python 3.12 unit test failures (#2099) + integration tests: Refactor instance checking (#1989) + ci: migrate remaining jobs from travis to gh (#2085) + missing ending quote in instancedata docs(#2094) [Hong L] + refactor: stop passing log instances to cc_* handlers (#2016) [d1r3ct0r] + tests/vmware: fix test_no_data_access_method failure (#2092) [Chris Patterson] + Don't change permissions of netrules target (#2076) (LP: #2011783) + tests/sources: patch util.get_cmdline() for datasource tests (#2091) [Chris Patterson] + macs: ignore duplicate MAC for devs with driver driver qmi_wwan (#2090) (LP: #2008888) + Fedora: Enable CA handling (#2086) [Franti??ek Zatloukal] + Send dhcp-client-identifier for InfiniBand ports (#2043) [Waleed Mousa] + cc_ansible: complete the examples and doc (#2082) [Yves] + bddeb: for dev package, derive debhelper-compat from host system + apport: only prompt for cloud_name when instance-data.json is absent + datasource: Optimize datasource detection, fix bugs (#2060) + Handle non existent ca-cert-config situation (#2073) [Shreenidhi Shedi] + sources/azure: add networking check for all source PPS (#2061) [Chris Patterson] + do not attempt dns resolution on ip addresses (#2040) + chore: fix style tip (#2071) + Fix metadata IP in instancedata.rst (#2063) [Brian Haley] + util: Pass deprecation schedule in deprecate_call() (#2064) + config: Update grub-dpkg docs (#2058) + docs: Cosmetic improvements and styling (#2057) [s-makin] + cc_grub_dpkg: Added UEFI support (#2029) [Alexander Birkner] + tests: Write to /var/spool/rsyslog to adhere to apparmor profile (#2059) + oracle-ds: prefer system_cfg over ds network config source (#1998) (LP: #1956788) + Remove dead code (#2038) + source: Force OpenStack when it is only option (#2045) (LP: #2008727) + cc_ubuntu_advantage: improve UA logs discovery + sources/azure: fix regressions in IMDS behavior (#2041) [Chris Patterson] + tests: fix test_schema (#2042) + dhcp: Cleanup unused kwarg (#2037) + sources/vmware/imc: fix-missing-catch-few-negtive-scenarios (#2027) [PengpengSun] + dhclient_hook: remove vestigal dhclient_hook command (#2015) + log: Add standardized deprecation tooling (SC-1312) (#2026) + Enable SUSE based distros for ca handling (#2036) [Robert Schweikert] >From 23.1.2 + Make user/vendor data sensitive and remove log permissions (LP: #2013967) (CVE-2023-1786) - Remove six dependency (bsc#1198269) - Update to version 22.4 (bsc#1201010) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:140-1 Released: Thu Jan 18 11:34:58 2024 Summary: Security update for libssh Type: security Severity: important References: 1211188,1211190,1218126,1218186,1218209,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918 This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:156-1 Released: Thu Jan 18 17:01:26 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1179610,1183045,1193285,1211162,1211226,1212584,1214747,1214823,1215237,1215696,1215885,1216057,1216559,1216776,1217036,1217217,1217250,1217602,1217692,1217790,1217801,1217933,1217938,1217946,1217947,1217980,1217981,1217982,1218056,1218139,1218184,1218234,1218253,1218258,1218335,1218357,1218447,1218515,1218559,1218569,1218659,CVE-2020-26555,CVE-2023-51779,CVE-2023-6121,CVE-2023-6531,CVE-2023-6546,CVE-2023-6606,CVE-2023-6610,CVE-2023-6622,CVE-2023-6931,CVE-2023-6932 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). - CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335). - CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253). - CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938). - CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250). The following non-security bugs were fixed: - Reviewed and added more information to README.SUSE (jsc#PED-5021). - Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184). - Drop drm/bridge lt9611uxc patches that have been reverted on stable trees - KVM: s390/mm: Properly reset no-dat (bsc#1218056). - KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933). - KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322). - NFS: Fix O_DIRECT locking issues (bsc#1211162). - NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). - NFS: Fix a potential data corruption (bsc#1211162). - NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). - NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). - NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). - NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). - NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). - NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692). - Updated SPI patches for NVIDIA Grace enablement (bsc#1212584 jsc#PED-3459) - block: fix revalidate performance regression (bsc#1216057). - bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234). - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980). - ceph: fix type promotion bug on 32bit systems (bsc#1217982). - clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217). - clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217). - clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217). - clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217). - clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217). - clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217). - clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217). - clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217). - dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659). - libceph: use kernel_connect() (bsc#1217981). - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515). - net/smc: Fix pos miscalculation in statistics (bsc#1218139). - net/tg3: fix race condition in tg3_reset_task() (bsc#1217801). - nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). - remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569). - s390/vx: fix save/restore of fpu kernel context (bsc#1218357). - scsi: lpfc: use unsigned type for num_sge (bsc#1214747). - swiotlb: fix a braino in the alignment check fix (bsc#1216559). - swiotlb: fix slot alignment checks (bsc#1216559). - tracing: Disable preemption when using the filter buffer (bsc#1217036). - tracing: Fix a possible race when disabling buffered events (bsc#1217036). - tracing: Fix a warning when allocating buffered events fails (bsc#1217036). - tracing: Fix incomplete locking when disabling buffered events (bsc#1217036). - tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036). - tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036). - uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978). - vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). - x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790). - x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217). - x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217). - x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:187-1 Released: Tue Jan 23 13:38:00 2024 Summary: Recommended update for python-chardet Type: recommended Severity: moderate References: 1218765 This update for python-chardet fixes the following issues: - Fix update-alternative in %postun (bsc#1218765) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:188-1 Released: Tue Jan 23 13:53:14 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: critical References: 1217961,1218649 This update for suseconnect-ng contains the following fix: - Update to version 1.6.0: * Disable EULA display for addons. (bsc#1218649 and bsc#1217961) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:214-1 Released: Wed Jan 24 16:01:31 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1214668,1215241,1217460 This update for systemd fixes the following issues: - resolved: actually check authenticated flag of SOA transaction - core/mount: Make device deps from /proc/self/mountinfo and .mount unit file exclusive - core: Add trace logging to mount_add_device_dependencies() - core/mount: Remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460) - core/mount: Set Mount.from_proc_self_mountinfo flag before adding default dependencies - core: wrap some long comment - utmp-wtmp: Handle EINTR gracefully when waiting to write to tty - utmp-wtmp: Fix error in case isatty() fails - homed: Handle EINTR gracefully when waiting for device node - resolved: Handle EINTR returned from fd_wait_for_event() better - sd-netlink: Handle EINTR from poll() gracefully, as success - varlink: Handle EINTR gracefully when waiting for EIO via ppoll() - stdio-bridge: Don't be bothered with EINTR - sd-bus: Handle EINTR return from bus_poll() (bsc#1215241) - core: Replace slice dependencies as they get added (bsc#1214668) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:219-1 Released: Wed Jan 24 19:43:28 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1218799 This update for rsyslog fixes the following issues: - suppress installation errors when systemd is not running (bsc#1218799) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:233-1 Released: Thu Jan 25 11:58:47 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1217775 This update for suse-module-tools fixes the following issues: - Update to version 15.4.19 - Add symlink /boot/.vmlinuz.hmac (bsc#1217775) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:238-1 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:243-1 Released: Fri Jan 26 13:00:47 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1207987 This update for util-linux fixes the following issues: - Fix performance degradation (bsc#1207987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:254-1 Released: Fri Jan 26 17:19:30 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: 1217952 This update for containerd fixes the following issues: - Fix permissions of address file (bsc#1217952) - Update to version 1.7.10 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:268-1 Released: Tue Jan 30 14:19:42 2024 Summary: Security update for xen Type: security Severity: moderate References: 1218851,CVE-2023-46839 This update for xen fixes the following issues: - CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:295-1 Released: Thu Feb 1 08:23:17 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. (bsc#1218894) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:306-1 Released: Thu Feb 1 17:58:09 2024 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1218561,1218739 This update for python-instance-billing-flavor-check fixes the following issues: - Support proxy setup on the client to access the update infrastructure API (bsc#1218561) - Add IPv6 support (bsc#1218739) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:427-1 Released: Thu Feb 8 12:56:57 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1196293,1211547,1216049,1216388,1216390,1216522,1216827,1217287,1218201,1218282 This update for supportutils fixes the following issues: - Update to version 3.1.28 - Correctly detects Xen Dom0 (bsc#1218201) - Fixed smart disk error (bsc#1218282) - Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173) - Added missing klp information to kernel-livepatch.txt (bsc#1216390) - Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388) - Provides long listing for /etc/sssd/sssd.conf (bsc#1211547) - Optimize lsof usage (bsc#1183663) - Collects chrony or ntp as needed (bsc#1196293) - Fixed podman display issue (bsc#1217287) - Added nvme-stas configuration to nvme.txt (bsc#1216049) - Added timed command to fs-files.txt (bsc#1216827) - Collects zypp history file issue#166 (bsc#1216522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:444-1 Released: Fri Feb 9 16:39:32 2024 Summary: Security update for suse-build-key Type: security Severity: important References: 1219123,1219189 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:459-1 Released: Tue Feb 13 15:28:56 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:480-1 Released: Thu Feb 15 12:35:51 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:515-1 Released: Thu Feb 15 15:45:38 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1108281,1177529,1209834,1212091,1215275,1215885,1216016,1216702,1217217,1217670,1217895,1217987,1217988,1217989,1218689,1218713,1218730,1218752,1218757,1218768,1218804,1218832,1218836,1218916,1218929,1218930,1218968,1219053,1219120,1219128,1219349,1219412,1219429,1219434,1219490,1219608,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-4921,CVE-2023-51042,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0340,CVE-2024-0565,CVE-2024-0641,CVE-2024-0775,CVE-2024-1085,CVE-2024-1086,CVE-2024-24860 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429). - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608). The following non-security bugs were fixed: - Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). - bcache: Remove unnecessary NULL point check in node allocations (git-fixes). - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). - bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). - bcache: avoid oversize memory allocation by small stripe_size (git-fixes). - bcache: check return value from btree_node_alloc_replacement() (git-fixes). - bcache: fixup btree_cache_wait list damage (git-fixes). - bcache: fixup init dirty data errors (git-fixes). - bcache: fixup lock c->root error (git-fixes). - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes). - bcache: prevent potential division by zero error (git-fixes). - bcache: remove redundant assignment to variable cur_idx (git-fixes). - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). - block: Fix kabi header include (bsc#1218929). - block: free the extended dev_t minor later (bsc#1218930). - clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217). - clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885). - dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). - dm cache: add cond_resched() to various workqueue loops (git-fixes). - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes). - dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). - dm crypt: avoid accessing uninitialized tasklet (git-fixes). - dm flakey: do not corrupt the zero page (git-fixes). - dm flakey: fix a crash with invalid table line (git-fixes). - dm flakey: fix logic when corrupting a bio (git-fixes). - dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). - dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes). - dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes). - dm stats: check for and propagate alloc_percpu failure (git-fixes). - dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes). - dm thin metadata: check fail_io before using data_sm (git-fixes). - dm thin: add cond_resched() to various workqueue loops (git-fixes). - dm thin: fix deadlock when swapping to thin device (bsc#1177529). - dm verity: do not perform FEC for failed readahead IO (git-fixes). - dm verity: fix error handling for check_at_most_once on FEC (git-fixes). - dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes). - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). - dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). - dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). - dm-verity: align struct dm_verity_fec_io properly (git-fixes). - dm: add cond_resched() to dm_wq_work() (git-fixes). - dm: do not lock fs when the map is NULL during suspend or resume (git-fixes). - dm: do not lock fs when the map is NULL in process of resume (git-fixes). - dm: remove flush_scheduled_work() during local_exit() (git-fixes). - dm: send just one event on resize, not two (git-fixes). - doc/README.KSYMS: Add to repo. - hv_netvsc: rndis_filter needs to select NLS (git-fixes). - intel_idle: add Emerald Rapids Xeon support (bsc#1216016). - kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - loop: suppress uevents while reconfiguring the device (git-fixes). - nbd: Fix debugfs_create_dir error checking (git-fixes). - nbd: fix incomplete validation of ioctl arg (git-fixes). - nbd: use the correct block_device in nbd_bdev_reset (git-fixes). - nfsd: fix RELEASE_LOCKOWNER (bsc#1218968). - nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349). - null_blk: Always check queue mode setting from configfs (git-fixes). - powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes). - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes). - rbd: decouple header read-in from updating rbd_dev->header (git-fixes). - rbd: decouple parent info read-in from updating rbd_dev (git-fixes). - rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes). - rbd: harden get_lock_owner_info() a bit (git-fixes). - rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes). - rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes). - rbd: move rbd_dev_refresh() definition (git-fixes). - rbd: prevent busy loop when requesting exclusive lock (git-fixes). - rbd: retrieve and check lock owner twice before blocklisting (git-fixes). - rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes). - sched/isolation: add cpu_is_isolated() API (bsc#1217895). - scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097). - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097). - trace,smp: Add tracepoints around remotelly called functions (bsc#1217895). - vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:534-1 Released: Tue Feb 20 08:48:52 2024 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1218762,1218763 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.9 (bsc#1218762, bsc#1218763) - Remove duplicate data collection for the plugin itself - Collect archive metering data when available - Query billing flavor status ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:565-1 Released: Wed Feb 21 07:18:46 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219425 This update for suseconnect-ng fixes the following issues: - Allow SUSEConnect on read write transactional systems (bsc#1219425) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:581-1 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Type: security Severity: moderate References: 1210638,CVE-2023-27043 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:586-1 Released: Thu Feb 22 09:54:21 2024 Summary: Security update for docker Type: security Severity: important References: 1219267,1219268,1219438,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438). * CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268). * CVE-2024-23651: Fixed race condition in mount (bsc#1219267). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:590-1 Released: Thu Feb 22 14:38:47 2024 Summary: Security update for bind Type: security Severity: important References: 1219823,1219826,1219851,1219852,1219853,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-5679,CVE-2023-6516 This update for bind fixes the following issues: Update to release 9.16.48: Feature Changes: * The IP addresses for B.ROOT-SERVERS.NET have been updated to 170.247.170.2 and 2801:1b8:10::b. Security Fixes: * Validating DNS messages containing a lot of DNSSEC signatures could cause excessive CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50387) [bsc#1219823] * Preparing an NSEC3 closest encloser proof could cause excessive CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50868) [bsc#1219826] * Parsing DNS messages with many different names could cause excessive CPU load. This has been fixed. (CVE-2023-4408) [bsc#1219851] * Specific queries could cause named to crash with an assertion failure when nxdomain-redirect was enabled. This has been fixed. (CVE-2023-5517) [bsc#1219852] * A bad interaction between DNS64 and serve-stale could cause named to crash with an assertion failure, when both of these features were enabled. This has been fixed. (CVE-2023-5679) [bsc#1219853] * Query patterns that continuously triggered cache database maintenance could cause an excessive amount of memory to be allocated, exceeding max-cache-size and potentially leading to all available memory on the host running named being exhausted. This has been fixed. (CVE-2023-6516) [bsc#1219854] Removed Features: * Support for using AES as the DNS COOKIE algorithm (cookie-algorithm aes;) has been deprecated and will be removed in a future release. Please use the current default, SipHash-2-4, instead. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:596-1 Released: Thu Feb 22 20:05:29 2024 Summary: Security update for openssh Type: security Severity: important References: 1218215,CVE-2023-51385 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:613-1 Released: Mon Feb 26 11:21:43 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:638-1 Released: Tue Feb 27 10:36:11 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1218862,1218865,CVE-2024-0553,CVE-2024-0567 This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862). - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:795-1 Released: Thu Mar 7 10:33:50 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:802-1 Released: Thu Mar 7 11:07:48 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1215692,1218926,1218927,1219265,1219751 This update for wicked fixes the following issues: - ifreload: VLAN changes require device deletion (bsc#1218927) - ifcheck: fix config changed check (bsc#1218926) - client: fix exit code for no-carrier status (bsc#1219265) - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) - duid: fix comment for v6time - rtnl: fix peer address parsing for non ptp-interfaces - system-updater: Parse updater format from XML configuration to ensure install calls can run - team: add new options like link_watch_policy (jsc#PED-7183) - Fix memory leaks in dbus variant destroy and fsm free - xpath: allow underscore in node identifier - vxlan: don't format unknown rtnl attrs (bsc#1219751) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:833-1 Released: Mon Mar 11 10:31:14 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Mon Mar 11 14:15:37 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:838-1 Released: Tue Mar 12 06:46:28 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1220117 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:34 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 updated - bind-utils-9.16.48-150400.5.40.1 updated - cloud-init-config-suse-23.3-150100.8.74.7 updated - cloud-init-23.3-150100.8.74.7 updated - containerd-ctr-1.7.10-150000.106.1 updated - containerd-1.7.10-150000.106.1 updated - cpio-2.13-150400.3.6.1 updated - curl-8.0.1-150400.5.41.1 updated - dhcp-client-4.3.6.P1-150000.6.19.1 updated - dhcp-4.3.6.P1-150000.6.19.1 updated - docker-24.0.7_ce-150000.193.1 updated - efibootmgr-17-150400.3.2.2 updated - grub2-i386-pc-2.06-150400.11.43.2 updated - grub2-x86_64-efi-2.06-150400.11.43.2 updated - grub2-x86_64-xen-2.06-150400.11.43.2 updated - grub2-2.06-150400.11.43.2 updated - hwdata-0.378-150000.3.65.1 updated - kernel-default-5.14.21-150400.24.108.1 updated - libavahi-client3-0.8-150400.7.13.1 updated - libavahi-common3-0.8-150400.7.13.1 updated - libblkid1-2.37.2-150400.8.26.1 updated - libcrypt1-4.4.15-150300.4.7.1 updated - libcurl4-8.0.1-150400.5.41.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.191.1 updated - libfdisk1-2.37.2-150400.8.26.1 updated - libfstrm0-0.6.1-150300.9.5.1 updated - libgnutls30-3.7.3-150400.4.41.3 updated - libmaxminddb0-1.4.3-150000.1.8.1 updated - libmetalink3-0.1.3-150000.3.2.1 updated - libmount1-2.37.2-150400.8.26.1 updated - libncurses6-6.1-150000.5.20.1 updated - libopenssl1_1-1.1.1l-150400.7.63.1 updated - libprocps8-3.3.17-150000.7.37.1 added - libpython3_6m1_0-3.6.15-150300.10.54.1 updated - libsmartcols1-2.37.2-150400.8.26.1 updated - libsolv-tools-0.7.28-150400.3.16.2 updated - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - libsystemd0-249.17-150400.8.40.1 updated - libudev1-249.17-150400.8.40.1 updated - libuuid1-2.37.2-150400.8.26.1 updated - libxml2-2-2.9.14-150400.5.28.1 updated - libzypp-17.31.31-150400.3.52.2 updated - ncurses-utils-6.1-150000.5.20.1 updated - netcfg-11.6-150000.3.6.1 updated - openssh-clients-8.4p1-150300.3.30.1 updated - openssh-common-8.4p1-150300.3.30.1 updated - openssh-server-8.4p1-150300.3.30.1 updated - openssh-8.4p1-150300.3.30.1 updated - openssl-1_1-1.1.1l-150400.7.63.1 updated - pam-1.3.0-150000.6.66.1 updated - procps-3.3.17-150000.7.37.1 updated - python-instance-billing-flavor-check-0.0.6-150000.1.9.1 updated - python3-PyJWT-2.4.0-150200.3.8.1 updated - python3-attrs-19.3.0-150200.3.6.1 updated - python3-base-3.6.15-150300.10.54.1 updated - python3-bind-9.16.48-150400.5.40.1 updated - python3-blinker-1.4-150000.3.6.1 updated - python3-chardet-3.0.4-150000.5.3.1 updated - python3-cryptography-3.3.2-150400.23.1 updated - python3-cssselect-1.0.3-150000.3.5.1 updated - python3-importlib-metadata-1.5.0-150100.3.5.1 updated - python3-jsonpatch-1.23-150100.3.5.1 updated - python3-jsonpointer-1.14-150000.3.2.1 updated - python3-jsonschema-3.2.0-150200.9.5.1 updated - python3-lxml-4.7.1-150200.3.12.1 updated - python3-more-itertools-8.10.0-150400.7.1 updated - python3-netifaces-0.10.6-150000.3.2.1 updated - python3-oauthlib-2.0.6-150000.3.6.1 updated - python3-passlib-1.7.4-150300.3.2.1 added - python3-pyrsistent-0.14.4-150100.3.4.1 updated - python3-pyserial-3.4-150000.3.4.1 updated - python3-zipp-0.6.0-150100.3.5.1 updated - python3-3.6.15-150300.10.54.1 updated - rpm-ndb-4.14.3-150400.59.7.1 updated - rsyslog-module-relp-8.2306.0-150400.5.27.1 updated - rsyslog-8.2306.0-150400.5.27.1 updated - runc-1.1.12-150000.61.2 updated - samba-client-libs-4.15.13+git.710.7032820fcd-150400.3.34.2 updated - sudo-1.9.9-150400.4.33.1 updated - supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 updated - supportutils-3.1.28-150300.7.35.24.1 updated - suse-build-key-12.0-150000.8.43.1 updated - suse-module-tools-15.4.19-150400.3.17.1 updated - suseconnect-ng-1.7.0~git0.5338270-150400.3.25.1 updated - systemd-sysvinit-249.17-150400.8.40.1 updated - systemd-249.17-150400.8.40.1 updated - tar-1.34-150000.3.34.1 updated - terminfo-base-6.1-150000.5.20.1 updated - terminfo-6.1-150000.5.20.1 updated - timezone-2024a-150000.75.28.1 updated - udev-249.17-150400.8.40.1 updated - util-linux-systemd-2.37.2-150400.8.26.1 updated - util-linux-2.37.2-150400.8.26.1 updated - wget-1.20.3-150000.3.17.1 updated - wicked-service-0.6.74-150400.3.13.1 updated - wicked-0.6.74-150400.3.13.1 updated - xen-libs-4.16.5_12-150400.4.46.1 updated - xen-tools-domU-4.16.5_12-150400.4.46.1 updated - zypper-1.14.68-150400.3.40.2 updated - libprocps7-3.3.15-150000.7.34.1 removed From sle-container-updates at lists.suse.com Thu Mar 14 08:01:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Mar 2024 09:01:30 +0100 (CET) Subject: SUSE-IU-2024:284-1: Security update of sles-15-sp4-chost-byos-v20240312-arm64 Message-ID: <20240314080130.3EAA1F7A4@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20240312-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:284-1 Image Tags : sles-15-sp4-chost-byos-v20240312-arm64:20240312 Image Release : Severity : critical Type : security References : 1027519 1029961 1084909 1107342 1108281 1158830 1170415 1170446 1177529 1178760 1179610 1183045 1183663 1193173 1193285 1196293 1198533 1201384 1206798 1207987 1209122 1209834 1210141 1210447 1210638 1211162 1211188 1211190 1211226 1211547 1211886 1212091 1212160 1212584 1213229 1213500 1214076 1214169 1214286 1214668 1214747 1214788 1214823 1214976 1215124 1215229 1215237 1215241 1215275 1215292 1215294 1215323 1215420 1215434 1215458 1215496 1215692 1215696 1215698 1215710 1215885 1215885 1216016 1216049 1216057 1216058 1216105 1216259 1216388 1216390 1216412 1216522 1216546 1216547 1216548 1216559 1216584 1216693 1216702 1216750 1216751 1216752 1216759 1216776 1216827 1216844 1216853 1216861 1216909 1216959 1216965 1216976 1216987 1217000 1217036 1217036 1217068 1217086 1217124 1217140 1217195 1217200 1217205 1217217 1217217 1217237 1217250 1217277 1217287 1217292 1217332 1217366 1217460 1217513 1217515 1217592 1217593 1217598 1217599 1217602 1217609 1217670 1217687 1217692 1217695 1217696 1217731 1217775 1217780 1217790 1217801 1217873 1217895 1217933 1217938 1217946 1217947 1217950 1217952 1217961 1217969 1217980 1217981 1217982 1217987 1217988 1217989 1218014 1218056 1218126 1218139 1218184 1218186 1218201 1218209 1218215 1218234 1218253 1218258 1218282 1218291 1218335 1218357 1218364 1218447 1218475 1218515 1218559 1218561 1218569 1218571 1218571 1218649 1218659 1218689 1218713 1218730 1218739 1218752 1218757 1218762 1218763 1218765 1218768 1218782 1218799 1218804 1218831 1218832 1218836 1218851 1218862 1218865 1218894 1218894 1218916 1218926 1218927 1218929 1218930 1218952 1218968 1219026 1219053 1219120 1219123 1219123 1219128 1219189 1219189 1219238 1219243 1219265 1219267 1219268 1219349 1219412 1219425 1219429 1219434 1219438 1219442 1219490 1219576 1219608 1219642 1219751 1219823 1219826 1219851 1219852 1219853 1219854 1220117 1220385 1220389 CVE-2020-12912 CVE-2020-26555 CVE-2020-8694 CVE-2020-8695 CVE-2021-33631 CVE-2023-1667 CVE-2023-2006 CVE-2023-2283 CVE-2023-25775 CVE-2023-27043 CVE-2023-38472 CVE-2023-39197 CVE-2023-39198 CVE-2023-39804 CVE-2023-4244 CVE-2023-42465 CVE-2023-4408 CVE-2023-45863 CVE-2023-45871 CVE-2023-46838 CVE-2023-46839 CVE-2023-46862 CVE-2023-47233 CVE-2023-48795 CVE-2023-48795 CVE-2023-49083 CVE-2023-4921 CVE-2023-50387 CVE-2023-50495 CVE-2023-50868 CVE-2023-51042 CVE-2023-51043 CVE-2023-51385 CVE-2023-5158 CVE-2023-51779 CVE-2023-51780 CVE-2023-51782 CVE-2023-5517 CVE-2023-5679 CVE-2023-5717 CVE-2023-5981 CVE-2023-6004 CVE-2023-6039 CVE-2023-6040 CVE-2023-6121 CVE-2023-6176 CVE-2023-6356 CVE-2023-6516 CVE-2023-6531 CVE-2023-6535 CVE-2023-6536 CVE-2023-6546 CVE-2023-6606 CVE-2023-6610 CVE-2023-6622 CVE-2023-6915 CVE-2023-6918 CVE-2023-6931 CVE-2023-6932 CVE-2023-7207 CVE-2023-7207 CVE-2024-0340 CVE-2024-0553 CVE-2024-0565 CVE-2024-0567 CVE-2024-0641 CVE-2024-0727 CVE-2024-0775 CVE-2024-1085 CVE-2024-1086 CVE-2024-21626 CVE-2024-21626 CVE-2024-22365 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24860 CVE-2024-25062 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20240312-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4810-1 Released: Wed Dec 13 18:59:03 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1084909,1210447,1214286,1214976,1215124,1215292,1215420,1215458,1215710,1216058,1216105,1216259,1216584,1216693,1216759,1216844,1216861,1216909,1216959,1216965,1216976,1217036,1217068,1217086,1217124,1217140,1217195,1217200,1217205,1217332,1217366,1217515,1217598,1217599,1217609,1217687,1217731,1217780,CVE-2023-2006,CVE-2023-25775,CVE-2023-39197,CVE-2023-39198,CVE-2023-4244,CVE-2023-45863,CVE-2023-45871,CVE-2023-46862,CVE-2023-5158,CVE-2023-5717,CVE-2023-6039,CVE-2023-6176 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). - CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). The following non-security bugs were fixed: - ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes). - ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes). - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes). - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes). - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes). - ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes). - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes). - ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes). - ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes). - ALSA: info: Fix potential deadlock at disconnection (git-fixes). - ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes). - ASoC: ams-delta.c: use component after check (git-fixes). - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). - ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes). - ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes). - ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes). - ASoC: hdmi-codec: register hpd callback on component probe (git-fixes). - ASoC: rt5650: fix the wrong result of key button (git-fixes). - ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes). - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes). - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes). - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes). - Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes). - Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes). - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes). - HID: hyperv: Replace one-element array with flexible-array member (git-fixes). - HID: hyperv: avoid struct memcpy overrun warning (git-fixes). - HID: hyperv: remove unused struct synthhid_msg (git-fixes). - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). - HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes). - HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). - HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes). - HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes). - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes). - Input: xpad - add VID for Turtle Beach controllers (git-fixes). - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes). - PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes). - PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458). - PCI: Extract ATS disabling to a helper function (bsc#1215458). - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes). - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes). - PCI: Use FIELD_GET() to extract Link Width (git-fixes). - PCI: exynos: Do not discard .remove() callback (git-fixes). - PCI: keystone: Do not discard .probe() callback (git-fixes). - PCI: keystone: Do not discard .remove() callback (git-fixes). - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes). - PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes). - PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes). - USB: dwc2: write HCINT with INTMASK applied (bsc#1214286). - USB: dwc3: qcom: fix ACPI platform device leak (git-fixes). - USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). - USB: dwc3: qcom: fix software node leak on probe errors (git-fixes). - USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes). - USB: serial: option: add Fibocom L7xx modules (git-fixes). - USB: serial: option: add Luat Air72*U series products (git-fixes). - USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes). - USB: serial: option: fix FM101R-GL defines (git-fixes). - USB: usbip: fix stub_dev hub disconnect (git-fixes). - arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). - arm64: Add Cortex-A520 CPU part definition (git-fixes) - arm64: allow kprobes on EL0 handlers (git-fixes) - arm64: armv8_deprecated move emulation functions (git-fixes) - arm64: armv8_deprecated: fix unused-function error (git-fixes) - arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) - arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) - arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) - arm64: consistently pass ESR_ELx to die() (git-fixes) - arm64: die(): pass 'err' as long (git-fixes) - arm64: factor insn read out of call_undef_hook() (git-fixes) - arm64: factor out EL1 SSBS emulation hook (git-fixes) - arm64: report EL1 UNDEFs better (git-fixes) - arm64: rework BTI exception handling (git-fixes) - arm64: rework EL0 MRS emulation (git-fixes) - arm64: rework FPAC exception handling (git-fixes) - arm64: split EL0/EL1 UNDEF handlers (git-fixes) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes). - atl1c: Work around the DMA RX overflow issue (git-fixes). - atm: iphase: Do PCI error checks on own line (git-fixes). - blk-mq: Do not clear driver tags own mapping (bsc#1217366). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). - bluetooth: Add device 0bda:887b to device tables (git-fixes). - bluetooth: Add device 13d3:3571 to device tables (git-fixes). - can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). - can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes). - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). - can: isotp: add local echo tx processing for consecutive frames (git-fixes). - can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes). - can: isotp: fix tx state handling for echo tx processing (git-fixes). - can: isotp: handle wait_event_interruptible() return values (git-fixes). - can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes). - can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes). - can: isotp: remove re-binding of bound socket (git-fixes). - can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes). - can: isotp: set max PDU size to 64 kByte (git-fixes). - can: isotp: split tx timer into transmission and timeout (git-fixes). - can: sja1000: Fix comment (git-fixes). - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes). - clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes). - clk: imx: imx8mq: correct error handling path (git-fixes). - clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes). - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes). - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes). - clk: npcm7xx: Fix incorrect kfree (git-fixes). - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes). - clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes). - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes). - clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes). - clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes). - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). - clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes). - clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes). - clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes). - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes). - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes). - dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). - docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). - docs: net: reformat driver.rst from a list to sections (bsc#1215458). - docs: net: use C syntax highlight in driver.rst (bsc#1215458). - drm/amd/display: Avoid NULL dereference of timing generator (git-fixes). - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes). - drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). - drm/amd/display: use full update for clip size increase of large plane source (git-fixes). - drm/amd/pm: Handle non-terminated overdrive commands (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes). - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes). - drm/amdgpu: Fix potential null pointer derefernce (git-fixes). - drm/amdgpu: do not use ATRM for external devices (git-fixes). - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). - drm/amdgpu: fix software pci_unplug on some chips (git-fixes). - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes). - drm/amdkfd: Fix shift out-of-bounds issue (git-fixes). - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). - drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). - drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes). - drm/bridge: lt8912b: Fix bridge_detach (git-fixes). - drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes). - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes). - drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). - drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes). - drm/bridge: tc358768: Fix bit updates (git-fixes). - drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes). - drm/gud: Use size_add() in call to struct_size() (git-fixes). - drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). - drm/i915: Fix potential spectre vulnerability (git-fixes). - drm/komeda: drop all currently held locks if deadlock happens (git-fixes). - drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes). - drm/mediatek: Fix iommu fault during crtc enabling (git-fixes). - drm/mipi-dsi: Create devm device attachment (git-fixes). - drm/mipi-dsi: Create devm device registration (git-fixes). - drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes). - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes). - drm/panel: fix a possible null pointer dereference (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes). - drm/panel: st7703: Pick different reset sequence (git-fixes). - drm/qxl: prevent memory leak (git-fixes). - drm/radeon: possible buffer overflow (git-fixes). - drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes). - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes). - drm/rockchip: vop: Fix call to crtc reset helper (git-fixes). - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes). - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes). - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes). - drm/vc4: fix typo (git-fixes). - drm: vmwgfx_surface.c: copy user-array safely (git-fixes). - dt-bindings: usb: hcd: add missing phy name to example (git-fixes). - dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). - fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). - fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes). - fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes). - fbdev: imsttfb: fix a resource leak in probe (git-fixes). - fbdev: imsttfb: fix double free in probe() (git-fixes). - fbdev: omapfb: Drop unused remove function (git-fixes). - firewire: core: fix possible memory leak in create_units() (git-fixes). - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes). - gpio: mockup: fix kerneldoc (git-fixes). - gpio: mockup: remove unused field (git-fixes). - hid: cp2112: Fix duplicate workqueue initialization (git-fixes). - hv: simplify sysctl registration (git-fixes). - hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes). - hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes). - hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). - hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes). - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes). - i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). - i2c: core: Run atomic i2c xfer when !preemptible (git-fixes). - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes). - i2c: dev: copy userspace array safely (git-fixes). - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes). - i2c: iproc: handle invalid slave state (git-fixes). - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). - i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes). - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes). - i3c: master: cdns: Fix reading status register (git-fixes). - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes). - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes). - i3c: master: svc: fix check wrong status register in irq handler (git-fixes). - i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). - i3c: master: svc: fix race condition in ibi work thread (git-fixes). - i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes). - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes). - i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes). - idpf: add RX splitq napi poll support (bsc#1215458). - idpf: add SRIOV support and other ndo_ops (bsc#1215458). - idpf: add TX splitq napi poll support (bsc#1215458). - idpf: add controlq init and reset checks (bsc#1215458). - idpf: add core init and interrupt request (bsc#1215458). - idpf: add create vport and netdev configuration (bsc#1215458). - idpf: add ethtool callbacks (bsc#1215458). - idpf: add module register and probe functionality (bsc#1215458). - idpf: add ptypes and MAC filter support (bsc#1215458). - idpf: add singleq start_xmit and napi poll (bsc#1215458). - idpf: add splitq start_xmit (bsc#1215458). - idpf: cancel mailbox work in error path (bsc#1215458). - idpf: configure resources for RX queues (bsc#1215458). - idpf: configure resources for TX queues (bsc#1215458). - idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). - idpf: initialize interrupts and enable vport (bsc#1215458). - idpf: set scheduling mode for completion queue (bsc#1215458). - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes). - iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes). - iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). - irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes). - leds: pwm: Do not disable the PWM when the LED should be off (git-fixes). - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes). - leds: turris-omnia: Do not use SMBUS calls (git-fixes). - lsm: fix default return value for inode_getsecctx (git-fixes). - lsm: fix default return value for vm_enough_memory (git-fixes). - media: bttv: fix use after free error due to btv->timeout timer (git-fixes). - media: ccs: Correctly initialise try compose rectangle (git-fixes). - media: ccs: Fix driver quirk struct documentation (git-fixes). - media: cedrus: Fix clock/reset sequence (git-fixes). - media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes). - media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). - media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes). - media: imon: fix access to invalid resource for the second interface (git-fixes). - media: lirc: drop trailing space from scancode transmit (git-fixes). - media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes). - media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes). - media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes). - media: qcom: camss: Fix vfe_get() error jump (git-fixes). - media: sharp: fix sharp encoding (git-fixes). - media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes). - media: venus: hfi: add checks to handle capabilities from firmware (git-fixes). - media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes). - media: venus: hfi: fix the check to handle session buffer requirement (git-fixes). - media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes). - media: vidtv: mux: Add check and kfree for kstrdup (git-fixes). - media: vidtv: psi: Add check for kstrdup (git-fixes). - media: vivid: avoid integer overflow (git-fixes). - mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes). - mfd: core: Ensure disabled devices are skipped without aborting (git-fixes). - mfd: dln2: Fix double put in dln2_probe (git-fixes). - misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes). - mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes). - mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes). - mmc: block: Do not lose cache flush during CQE error recovery (git-fixes). - mmc: block: Retry commands in CQE error recovery (git-fixes). - mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes). - mmc: cqhci: Increase recovery halt timeout (git-fixes). - mmc: cqhci: Warn of halt or task clear failure (git-fixes). - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes). - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes). - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes). - mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes). - mmc: vub300: fix an error code (git-fixes). - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes). - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). - mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes). - mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes). - net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). - net: Avoid address overwrite in kernel_connect (bsc#1216861). - net: add macro netif_subqueue_completed_wake (bsc#1215458). - net: fix use-after-free in tw_timer_handler (bsc#1217195). - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). - net: mana: Fix return type of mana_start_xmit() (git-fixes). - net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). - net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). - net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes). - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes). - nvme: update firmware version after commit (bsc#1215292). - pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). - pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). - pinctrl: avoid reload of p state in list iteration (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes). - platform/x86: wmi: Fix opening of char device (git-fixes). - platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes). - platform/x86: wmi: remove unnecessary initializations (git-fixes). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). - pwm: Fix double shift bug (git-fixes). - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes). - pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes). - r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). - r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). - r8152: Check for unplug in rtl_phy_patch_request() (git-fixes). - r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). - r8152: Release firmware if we have an error in probe (git-fixes). - r8152: Run the unload routine if we have errors during probe (git-fixes). - regmap: Ensure range selector registers are updated after cache sync (git-fixes). - regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes). - regmap: prevent noinc writes from clobbering cache (git-fixes). - s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687). - s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). - s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086). - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086). - s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086). - s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). - s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). - s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086). - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086). - s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599). - sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731). - scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731). - scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). - scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731). - scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). - scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731). - scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124). - scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731). - scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124). - scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). - scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). - scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731). - scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124). - scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). - scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes). - selftests/efivarfs: create-read: fix a resource leak (git-fixes). - selftests/pidfd: Fix ksft print formats (git-fixes). - selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes). - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes). - selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes). - seq_buf: fix a misleading comment (git-fixes). - serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes). - serial: meson: Use platform_get_irq() to get the interrupt (git-fixes). - soc: qcom: llcc: Handle a second device without data corruption (git-fixes). - spi: nxp-fspi: use the correct ioremap function (git-fixes). - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). - spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes). - staging: media: ipu3: remove ftrace-like logging (git-fixes). - string.h: add array-wrappers for (v)memdup_user() (git-fixes). - supported.conf: marked idpf supported - thermal: core: prevent potential string overflow (git-fixes). - treewide: Spelling fix in comment (git-fixes). - tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). - tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes). - tty: 8250: Add support for Brainboxes UP cards (git-fixes). - tty: 8250: Add support for Intashield IS-100 (git-fixes). - tty: 8250: Add support for Intashield IX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes PX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes UC cards (git-fixes). - tty: 8250: Fix port count of PX-257 (git-fixes). - tty: 8250: Fix up PX-803/PX-857 (git-fixes). - tty: 8250: Remove UC-257 and UC-431 (git-fixes). - tty: Fix uninit-value access in ppp_sync_receive() (git-fixes). - tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). - tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes). - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). - tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes). - usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes). - usb: chipidea: Fix DMA overwrite for Tegra (git-fixes). - usb: chipidea: Simplify Tegra DMA alignment code (git-fixes). - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes). - usb: dwc3: Fix default mode initialization (git-fixes). - usb: dwc3: set the dma max_seg_size (git-fixes). - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes). - usb: raw-gadget: properly handle interrupted requests (git-fixes). - usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes). - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes). - usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes). - virtchnl: add virtchnl version 2 ops (bsc#1215458). - wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes). - wifi: ath10k: fix clang-specific fortify warning (git-fixes). - wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes). - wifi: ath11k: fix dfs radar event locking (git-fixes). - wifi: ath11k: fix htt pktlog locking (git-fixes). - wifi: ath11k: fix temperature event locking (git-fixes). - wifi: ath9k: fix clang-specific fortify warnings (git-fixes). - wifi: iwlwifi: Use FW rate for non-data frames (git-fixes). - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes). - wifi: iwlwifi: empty overflow queue during flush (git-fixes). - wifi: iwlwifi: honor the enable_ini value (git-fixes). - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes). - wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes). - wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes). - wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). - wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes). - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes). - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes). - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes). - x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes). - x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes). - x86/hyperv: Make hv_get_nmi_reason public (git-fixes). - x86/hyperv: fix a warning in mshyperv.h (git-fixes). - x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes). - x86/sev: Fix calculation of end address based on number of pages (git-fixes). - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: add attr state machine tracepoints (git-fixes). - xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). - xfs: constify btree function parameters that are not modified (git-fixes). - xfs: convert AGF log flags to unsigned (git-fixes). - xfs: convert AGI log flags to unsigned (git-fixes). - xfs: convert attr type flags to unsigned (git-fixes). - xfs: convert bmap extent type flags to unsigned (git-fixes). - xfs: convert bmapi flags to unsigned (git-fixes). - xfs: convert btree buffer log flags to unsigned (git-fixes). - xfs: convert buffer flags to unsigned (git-fixes). - xfs: convert buffer log item flags to unsigned (git-fixes). - xfs: convert da btree operations flags to unsigned (git-fixes). - xfs: convert dquot flags to unsigned (git-fixes). - xfs: convert inode lock flags to unsigned (git-fixes). - xfs: convert log item tracepoint flags to unsigned (git-fixes). - xfs: convert log ticket and iclog flags to unsigned (git-fixes). - xfs: convert quota options flags to unsigned (git-fixes). - xfs: convert scrub type flags to unsigned (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes). - xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes). - xfs: make the key parameters to all btree key comparison functions const (git-fixes). - xfs: make the key parameters to all btree query range functions const (git-fixes). - xfs: make the keys and records passed to btree inorder functions const (git-fixes). - xfs: make the pointer passed to btree set_root functions const (git-fixes). - xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). - xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). - xfs: mark the record passed into btree init_key functions as const (git-fixes). - xfs: mark the record passed into xchk_btree functions as const (git-fixes). - xfs: remove xfs_btree_cur_t typedef (git-fixes). - xfs: rename i_disk_size fields in ftrace output (git-fixes). - xfs: resolve fork names in trace output (git-fixes). - xfs: standardize AG block number formatting in ftrace output (git-fixes). - xfs: standardize AG number formatting in ftrace output (git-fixes). - xfs: standardize daddr formatting in ftrace output (git-fixes). - xfs: standardize inode generation formatting in ftrace output (git-fixes). - xfs: standardize inode number formatting in ftrace output (git-fixes). - xfs: standardize remaining xfs_buf length tracepoints (git-fixes). - xfs: standardize rmap owner number formatting in ftrace output (git-fixes). - xhci: Enable RPM on controllers that support low-power states (git-fixes). - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4843-1 Released: Thu Dec 14 12:22:44 2023 Summary: Security update for python3-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4880-1 Released: Fri Dec 15 10:43:44 2023 Summary: Recommended update for xen Type: recommended Severity: moderate References: 1027519 This update for xen fixes the following issues: - Upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4886-1 Released: Mon Dec 18 09:38:37 2023 Summary: Recommended update for google-guest-agent, google-guest-oslogin Type: recommended Severity: moderate References: 1216546,1216547,1216548,1216750,1216751 This update for google-guest-agent, google-guest-oslogin fixes the following issues: - Update to version 20231031.01 (bsc#1216547, bsc#1216751) - Bump the golang compiler version to 1.21 (bsc#1216546) - Update to version 20231101.00 (bsc#1216548, bsc#1216750) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4901-1 Released: Tue Dec 19 11:25:47 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1216853,CVE-2023-38472 This update for avahi fixes the following issues: - CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4902-1 Released: Tue Dec 19 13:09:42 2023 Summary: Security update for openssh Type: security Severity: important References: 1214788,1217950,CVE-2023-48795 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4916-1 Released: Wed Dec 20 08:49:04 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1215229 This update for lvm2 fixes the following issues: - Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4936-1 Released: Wed Dec 20 17:18:21 2023 Summary: Security update for docker, rootlesskit Type: security Severity: important References: 1170415,1170446,1178760,1210141,1213229,1213500,1215323,1217513,CVE-2020-12912,CVE-2020-8694,CVE-2020-8695 This update for docker, rootlesskit fixes the following issues: docker: - Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513 * Deny containers access to /sys/devices/virtual/powercap by default. - CVE-2020-8694 bsc#1170415 - CVE-2020-8695 bsc#1170446 - CVE-2020-12912 bsc#1178760 - Update to Docker 24.0.6-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323 - Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141 - Update to Docker 24.0.5-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229 This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180) rootlesskit: - new package, for docker rootless support. (jsc#PED-6180) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4983-1 Released: Thu Dec 28 14:21:40 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:8-1 Released: Tue Jan 2 13:18:50 2024 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1214076 This update for samba fixes the following issues: - Add 'net offlinejoin composeodj' command (bsc#1214076) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:50-1 Released: Mon Jan 8 03:20:25 2024 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1217695,1217696 This update for python-instance-billing-flavor-check fixes the following issues: - Run the command as sudo only (bsc#1217696, bsc#1217695) - Handle exception for Python 3.4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate References: 1215496 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:68-1 Released: Tue Jan 9 15:26:08 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1217292 This update for rsyslog fixes the following issues: - Restart daemon after modules packages have been updated (bsc#1217292) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:70-1 Released: Tue Jan 9 18:29:39 2024 Summary: Security update for tar Type: security Severity: low References: 1217969,CVE-2023-39804 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:88-1 Released: Thu Jan 11 10:08:20 2024 Summary: Recommended update for libsolv, zypper, libzypp Type: recommended Severity: moderate References: 1212160,1215294,1216412,1217593,1217873,1218291 This update for libsolv, zypper, libzypp fixes the following issues: - Expand RepoVars in URLs downloading a .repo file (bsc#1212160) - Fix search/info commands ignoring --ignore-unknown (bsc#1217593) - CheckAccessDeleted: fix 'running in container' filter (bsc#1218291) - Open rpmdb just once during execution of %posttrans scripts (bsc#1216412) - Make sure reboot-needed is remembered until next boot (bsc#1217873) - Stop using boost version 1 timer library (bsc#1215294) - Updated to version 0.7.27 - Add zstd support for the installcheck tool - Add putinowndirpool cache to make file list handling in repo_write much faster - Do not use deprecated headerUnload with newer rpm versions - Support complex deps in SOLVABLE_PREREQ_IGNOREINST - Fix minimization not prefering installed packages in some cases - Reduce memory usage in repo_updateinfoxml - Fix lock-step interfering with architecture selection - Fix choice rule handing for package downgrades - Fix complex dependencies with an 'else' part sometimes leading to unsolved dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:105-1 Released: Mon Jan 15 15:41:05 2024 Summary: Recommended update for grub2 and efibootmgr Type: recommended Severity: important References: 1217237 This update for grub2 and efibootmgr fixes the following issues: grub2: - Deliver missing grub2-arm64-efi and grub2-powerpc-ieee1275 to SUSE Manager 4.3 (no source changes) (bsc#1217237) efibootmgr: - Deliver missing efibootmgr to SUSE Manager 4.3 (no source changes) (bsc#1217237) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:125-1 Released: Tue Jan 16 13:46:56 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1218364 This update for suseconnect-ng fixes the following issues: - Update to version 1.5.0 - Configure docker credentials for registry authentication - Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364) - Add --json output option ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:140-1 Released: Thu Jan 18 11:34:58 2024 Summary: Security update for libssh Type: security Severity: important References: 1211188,1211190,1218126,1218186,1218209,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918 This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:156-1 Released: Thu Jan 18 17:01:26 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1179610,1183045,1193285,1211162,1211226,1212584,1214747,1214823,1215237,1215696,1215885,1216057,1216559,1216776,1217036,1217217,1217250,1217602,1217692,1217790,1217801,1217933,1217938,1217946,1217947,1217980,1217981,1217982,1218056,1218139,1218184,1218234,1218253,1218258,1218335,1218357,1218447,1218515,1218559,1218569,1218659,CVE-2020-26555,CVE-2023-51779,CVE-2023-6121,CVE-2023-6531,CVE-2023-6546,CVE-2023-6606,CVE-2023-6610,CVE-2023-6622,CVE-2023-6931,CVE-2023-6932 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). - CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335). - CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253). - CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938). - CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250). The following non-security bugs were fixed: - Reviewed and added more information to README.SUSE (jsc#PED-5021). - Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184). - Drop drm/bridge lt9611uxc patches that have been reverted on stable trees - KVM: s390/mm: Properly reset no-dat (bsc#1218056). - KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933). - KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322). - NFS: Fix O_DIRECT locking issues (bsc#1211162). - NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). - NFS: Fix a potential data corruption (bsc#1211162). - NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). - NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). - NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). - NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). - NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). - NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692). - Updated SPI patches for NVIDIA Grace enablement (bsc#1212584 jsc#PED-3459) - block: fix revalidate performance regression (bsc#1216057). - bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234). - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980). - ceph: fix type promotion bug on 32bit systems (bsc#1217982). - clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217). - clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217). - clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217). - clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217). - clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217). - clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217). - clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217). - clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217). - dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659). - libceph: use kernel_connect() (bsc#1217981). - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515). - net/smc: Fix pos miscalculation in statistics (bsc#1218139). - net/tg3: fix race condition in tg3_reset_task() (bsc#1217801). - nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). - remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569). - s390/vx: fix save/restore of fpu kernel context (bsc#1218357). - scsi: lpfc: use unsigned type for num_sge (bsc#1214747). - swiotlb: fix a braino in the alignment check fix (bsc#1216559). - swiotlb: fix slot alignment checks (bsc#1216559). - tracing: Disable preemption when using the filter buffer (bsc#1217036). - tracing: Fix a possible race when disabling buffered events (bsc#1217036). - tracing: Fix a warning when allocating buffered events fails (bsc#1217036). - tracing: Fix incomplete locking when disabling buffered events (bsc#1217036). - tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036). - tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036). - uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978). - vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). - x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790). - x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217). - x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217). - x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:187-1 Released: Tue Jan 23 13:38:00 2024 Summary: Recommended update for python-chardet Type: recommended Severity: moderate References: 1218765 This update for python-chardet fixes the following issues: - Fix update-alternative in %postun (bsc#1218765) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:188-1 Released: Tue Jan 23 13:53:14 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: critical References: 1217961,1218649 This update for suseconnect-ng contains the following fix: - Update to version 1.6.0: * Disable EULA display for addons. (bsc#1218649 and bsc#1217961) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:214-1 Released: Wed Jan 24 16:01:31 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1214668,1215241,1217460 This update for systemd fixes the following issues: - resolved: actually check authenticated flag of SOA transaction - core/mount: Make device deps from /proc/self/mountinfo and .mount unit file exclusive - core: Add trace logging to mount_add_device_dependencies() - core/mount: Remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460) - core/mount: Set Mount.from_proc_self_mountinfo flag before adding default dependencies - core: wrap some long comment - utmp-wtmp: Handle EINTR gracefully when waiting to write to tty - utmp-wtmp: Fix error in case isatty() fails - homed: Handle EINTR gracefully when waiting for device node - resolved: Handle EINTR returned from fd_wait_for_event() better - sd-netlink: Handle EINTR from poll() gracefully, as success - varlink: Handle EINTR gracefully when waiting for EIO via ppoll() - stdio-bridge: Don't be bothered with EINTR - sd-bus: Handle EINTR return from bus_poll() (bsc#1215241) - core: Replace slice dependencies as they get added (bsc#1214668) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:219-1 Released: Wed Jan 24 19:43:28 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1218799 This update for rsyslog fixes the following issues: - suppress installation errors when systemd is not running (bsc#1218799) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:233-1 Released: Thu Jan 25 11:58:47 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1217775 This update for suse-module-tools fixes the following issues: - Update to version 15.4.19 - Add symlink /boot/.vmlinuz.hmac (bsc#1217775) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:238-1 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:243-1 Released: Fri Jan 26 13:00:47 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1207987 This update for util-linux fixes the following issues: - Fix performance degradation (bsc#1207987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:254-1 Released: Fri Jan 26 17:19:30 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: 1217952 This update for containerd fixes the following issues: - Fix permissions of address file (bsc#1217952) - Update to version 1.7.10 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:268-1 Released: Tue Jan 30 14:19:42 2024 Summary: Security update for xen Type: security Severity: moderate References: 1218851,CVE-2023-46839 This update for xen fixes the following issues: - CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:295-1 Released: Thu Feb 1 08:23:17 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. (bsc#1218894) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:306-1 Released: Thu Feb 1 17:58:09 2024 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1218561,1218739 This update for python-instance-billing-flavor-check fixes the following issues: - Support proxy setup on the client to access the update infrastructure API (bsc#1218561) - Add IPv6 support (bsc#1218739) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:427-1 Released: Thu Feb 8 12:56:57 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1196293,1211547,1216049,1216388,1216390,1216522,1216827,1217287,1218201,1218282 This update for supportutils fixes the following issues: - Update to version 3.1.28 - Correctly detects Xen Dom0 (bsc#1218201) - Fixed smart disk error (bsc#1218282) - Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173) - Added missing klp information to kernel-livepatch.txt (bsc#1216390) - Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388) - Provides long listing for /etc/sssd/sssd.conf (bsc#1211547) - Optimize lsof usage (bsc#1183663) - Collects chrony or ntp as needed (bsc#1196293) - Fixed podman display issue (bsc#1217287) - Added nvme-stas configuration to nvme.txt (bsc#1216049) - Added timed command to fs-files.txt (bsc#1216827) - Collects zypp history file issue#166 (bsc#1216522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:444-1 Released: Fri Feb 9 16:39:32 2024 Summary: Security update for suse-build-key Type: security Severity: important References: 1219123,1219189 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:459-1 Released: Tue Feb 13 15:28:56 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:467-1 Released: Wed Feb 14 12:21:14 2024 Summary: Recommended update for google-guest-agent, google-guest-oslogin Type: recommended Severity: critical References: 1219642 This update for google-guest-agent, google-guest-oslogin contains the following fix: - Add explicit versioned dependency on google-guest-oslogin (bsc#1219642) - Add explicit versioned dependency on google-guest-agent (bsc#1219642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:480-1 Released: Thu Feb 15 12:35:51 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:515-1 Released: Thu Feb 15 15:45:38 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1108281,1177529,1209834,1212091,1215275,1215885,1216016,1216702,1217217,1217670,1217895,1217987,1217988,1217989,1218689,1218713,1218730,1218752,1218757,1218768,1218804,1218832,1218836,1218916,1218929,1218930,1218968,1219053,1219120,1219128,1219349,1219412,1219429,1219434,1219490,1219608,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-4921,CVE-2023-51042,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0340,CVE-2024-0565,CVE-2024-0641,CVE-2024-0775,CVE-2024-1085,CVE-2024-1086,CVE-2024-24860 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429). - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608). The following non-security bugs were fixed: - Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). - bcache: Remove unnecessary NULL point check in node allocations (git-fixes). - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). - bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). - bcache: avoid oversize memory allocation by small stripe_size (git-fixes). - bcache: check return value from btree_node_alloc_replacement() (git-fixes). - bcache: fixup btree_cache_wait list damage (git-fixes). - bcache: fixup init dirty data errors (git-fixes). - bcache: fixup lock c->root error (git-fixes). - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes). - bcache: prevent potential division by zero error (git-fixes). - bcache: remove redundant assignment to variable cur_idx (git-fixes). - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). - block: Fix kabi header include (bsc#1218929). - block: free the extended dev_t minor later (bsc#1218930). - clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217). - clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885). - dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). - dm cache: add cond_resched() to various workqueue loops (git-fixes). - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes). - dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). - dm crypt: avoid accessing uninitialized tasklet (git-fixes). - dm flakey: do not corrupt the zero page (git-fixes). - dm flakey: fix a crash with invalid table line (git-fixes). - dm flakey: fix logic when corrupting a bio (git-fixes). - dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). - dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes). - dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes). - dm stats: check for and propagate alloc_percpu failure (git-fixes). - dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes). - dm thin metadata: check fail_io before using data_sm (git-fixes). - dm thin: add cond_resched() to various workqueue loops (git-fixes). - dm thin: fix deadlock when swapping to thin device (bsc#1177529). - dm verity: do not perform FEC for failed readahead IO (git-fixes). - dm verity: fix error handling for check_at_most_once on FEC (git-fixes). - dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes). - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). - dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). - dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). - dm-verity: align struct dm_verity_fec_io properly (git-fixes). - dm: add cond_resched() to dm_wq_work() (git-fixes). - dm: do not lock fs when the map is NULL during suspend or resume (git-fixes). - dm: do not lock fs when the map is NULL in process of resume (git-fixes). - dm: remove flush_scheduled_work() during local_exit() (git-fixes). - dm: send just one event on resize, not two (git-fixes). - doc/README.KSYMS: Add to repo. - hv_netvsc: rndis_filter needs to select NLS (git-fixes). - intel_idle: add Emerald Rapids Xeon support (bsc#1216016). - kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - loop: suppress uevents while reconfiguring the device (git-fixes). - nbd: Fix debugfs_create_dir error checking (git-fixes). - nbd: fix incomplete validation of ioctl arg (git-fixes). - nbd: use the correct block_device in nbd_bdev_reset (git-fixes). - nfsd: fix RELEASE_LOCKOWNER (bsc#1218968). - nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349). - null_blk: Always check queue mode setting from configfs (git-fixes). - powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes). - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes). - rbd: decouple header read-in from updating rbd_dev->header (git-fixes). - rbd: decouple parent info read-in from updating rbd_dev (git-fixes). - rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes). - rbd: harden get_lock_owner_info() a bit (git-fixes). - rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes). - rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes). - rbd: move rbd_dev_refresh() definition (git-fixes). - rbd: prevent busy loop when requesting exclusive lock (git-fixes). - rbd: retrieve and check lock owner twice before blocklisting (git-fixes). - rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes). - sched/isolation: add cpu_is_isolated() API (bsc#1217895). - scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097). - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097). - trace,smp: Add tracepoints around remotelly called functions (bsc#1217895). - vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:534-1 Released: Tue Feb 20 08:48:52 2024 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1218762,1218763 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.9 (bsc#1218762, bsc#1218763) - Remove duplicate data collection for the plugin itself - Collect archive metering data when available - Query billing flavor status ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:565-1 Released: Wed Feb 21 07:18:46 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219425 This update for suseconnect-ng fixes the following issues: - Allow SUSEConnect on read write transactional systems (bsc#1219425) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:581-1 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Type: security Severity: moderate References: 1210638,CVE-2023-27043 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:586-1 Released: Thu Feb 22 09:54:21 2024 Summary: Security update for docker Type: security Severity: important References: 1219267,1219268,1219438,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438). * CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268). * CVE-2024-23651: Fixed race condition in mount (bsc#1219267). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:590-1 Released: Thu Feb 22 14:38:47 2024 Summary: Security update for bind Type: security Severity: important References: 1219823,1219826,1219851,1219852,1219853,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-5679,CVE-2023-6516 This update for bind fixes the following issues: Update to release 9.16.48: Feature Changes: * The IP addresses for B.ROOT-SERVERS.NET have been updated to 170.247.170.2 and 2801:1b8:10::b. Security Fixes: * Validating DNS messages containing a lot of DNSSEC signatures could cause excessive CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50387) [bsc#1219823] * Preparing an NSEC3 closest encloser proof could cause excessive CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50868) [bsc#1219826] * Parsing DNS messages with many different names could cause excessive CPU load. This has been fixed. (CVE-2023-4408) [bsc#1219851] * Specific queries could cause named to crash with an assertion failure when nxdomain-redirect was enabled. This has been fixed. (CVE-2023-5517) [bsc#1219852] * A bad interaction between DNS64 and serve-stale could cause named to crash with an assertion failure, when both of these features were enabled. This has been fixed. (CVE-2023-5679) [bsc#1219853] * Query patterns that continuously triggered cache database maintenance could cause an excessive amount of memory to be allocated, exceeding max-cache-size and potentially leading to all available memory on the host running named being exhausted. This has been fixed. (CVE-2023-6516) [bsc#1219854] Removed Features: * Support for using AES as the DNS COOKIE algorithm (cookie-algorithm aes;) has been deprecated and will be removed in a future release. Please use the current default, SipHash-2-4, instead. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:596-1 Released: Thu Feb 22 20:05:29 2024 Summary: Security update for openssh Type: security Severity: important References: 1218215,CVE-2023-51385 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:613-1 Released: Mon Feb 26 11:21:43 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:638-1 Released: Tue Feb 27 10:36:11 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1218862,1218865,CVE-2024-0553,CVE-2024-0567 This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862). - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:795-1 Released: Thu Mar 7 10:33:50 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:802-1 Released: Thu Mar 7 11:07:48 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1215692,1218926,1218927,1219265,1219751 This update for wicked fixes the following issues: - ifreload: VLAN changes require device deletion (bsc#1218927) - ifcheck: fix config changed check (bsc#1218926) - client: fix exit code for no-carrier status (bsc#1219265) - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) - duid: fix comment for v6time - rtnl: fix peer address parsing for non ptp-interfaces - system-updater: Parse updater format from XML configuration to ensure install calls can run - team: add new options like link_watch_policy (jsc#PED-7183) - Fix memory leaks in dbus variant destroy and fsm free - xpath: allow underscore in node identifier - vxlan: don't format unknown rtnl attrs (bsc#1219751) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:833-1 Released: Mon Mar 11 10:31:14 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Mon Mar 11 14:15:37 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:838-1 Released: Tue Mar 12 06:46:28 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1220117 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:34 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 updated - bind-utils-9.16.48-150400.5.40.1 updated - containerd-ctr-1.7.10-150000.106.1 updated - containerd-1.7.10-150000.106.1 updated - cpio-2.13-150400.3.6.1 updated - curl-8.0.1-150400.5.41.1 updated - docker-24.0.7_ce-150000.193.1 updated - efibootmgr-17-150400.3.2.2 updated - google-guest-agent-20231031.01-150000.1.43.1 updated - google-guest-oslogin-20231101.00-150000.1.38.1 updated - grub2-i386-pc-2.06-150400.11.43.2 updated - grub2-x86_64-efi-2.06-150400.11.43.2 updated - grub2-2.06-150400.11.43.2 updated - hwdata-0.378-150000.3.65.1 updated - kernel-default-5.14.21-150400.24.108.1 updated - libavahi-client3-0.8-150400.7.13.1 updated - libavahi-common3-0.8-150400.7.13.1 updated - libblkid1-2.37.2-150400.8.26.1 updated - libcrypt1-4.4.15-150300.4.7.1 updated - libcurl4-8.0.1-150400.5.41.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.191.1 updated - libfdisk1-2.37.2-150400.8.26.1 updated - libfstrm0-0.6.1-150300.9.5.1 updated - libgnutls30-3.7.3-150400.4.41.3 updated - libmaxminddb0-1.4.3-150000.1.8.1 updated - libmetalink3-0.1.3-150000.3.2.1 updated - libmount1-2.37.2-150400.8.26.1 updated - libncurses6-6.1-150000.5.20.1 updated - libopenssl1_1-1.1.1l-150400.7.63.1 updated - libprocps8-3.3.17-150000.7.37.1 added - libpython3_6m1_0-3.6.15-150300.10.54.1 updated - libsmartcols1-2.37.2-150400.8.26.1 updated - libsolv-tools-0.7.28-150400.3.16.2 updated - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - libsystemd0-249.17-150400.8.40.1 updated - libudev1-249.17-150400.8.40.1 updated - libuuid1-2.37.2-150400.8.26.1 updated - libxml2-2-2.9.14-150400.5.28.1 updated - libzypp-17.31.31-150400.3.52.2 updated - ncurses-utils-6.1-150000.5.20.1 updated - netcfg-11.6-150000.3.6.1 updated - openssh-clients-8.4p1-150300.3.30.1 updated - openssh-common-8.4p1-150300.3.30.1 updated - openssh-server-8.4p1-150300.3.30.1 updated - openssh-8.4p1-150300.3.30.1 updated - openssl-1_1-1.1.1l-150400.7.63.1 updated - pam-1.3.0-150000.6.66.1 updated - procps-3.3.17-150000.7.37.1 updated - python-instance-billing-flavor-check-0.0.6-150000.1.9.1 updated - python3-base-3.6.15-150300.10.54.1 updated - python3-bind-9.16.48-150400.5.40.1 updated - python3-chardet-3.0.4-150000.5.3.1 updated - python3-cryptography-3.3.2-150400.23.1 updated - python3-cssselect-1.0.3-150000.3.5.1 updated - python3-lxml-4.7.1-150200.3.12.1 updated - python3-3.6.15-150300.10.54.1 updated - rpm-ndb-4.14.3-150400.59.7.1 updated - rsyslog-module-relp-8.2306.0-150400.5.27.1 updated - rsyslog-8.2306.0-150400.5.27.1 updated - runc-1.1.12-150000.61.2 updated - samba-client-libs-4.15.13+git.710.7032820fcd-150400.3.34.2 updated - sudo-1.9.9-150400.4.33.1 updated - supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 updated - supportutils-3.1.28-150300.7.35.24.1 updated - suse-build-key-12.0-150000.8.43.1 updated - suse-module-tools-15.4.19-150400.3.17.1 updated - suseconnect-ng-1.7.0~git0.5338270-150400.3.25.1 updated - systemd-sysvinit-249.17-150400.8.40.1 updated - systemd-249.17-150400.8.40.1 updated - tar-1.34-150000.3.34.1 updated - terminfo-base-6.1-150000.5.20.1 updated - terminfo-6.1-150000.5.20.1 updated - timezone-2024a-150000.75.28.1 updated - udev-249.17-150400.8.40.1 updated - util-linux-systemd-2.37.2-150400.8.26.1 updated - util-linux-2.37.2-150400.8.26.1 updated - wget-1.20.3-150000.3.17.1 updated - wicked-service-0.6.74-150400.3.13.1 updated - wicked-0.6.74-150400.3.13.1 updated - xen-libs-4.16.5_12-150400.4.46.1 updated - zypper-1.14.68-150400.3.40.2 updated - libprocps7-3.3.15-150000.7.34.1 removed From sle-container-updates at lists.suse.com Fri Mar 15 14:49:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 15:49:15 +0100 (CET) Subject: SUSE-CU-2024:947-1: Security update of suse/sle15 Message-ID: <20240315144915.C8A4AF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:947-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.419 Container Release : 9.5.419 Severity : moderate Type : security References : 1218865 CVE-2023-5981 CVE-2024-0553 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:860-1 Released: Wed Mar 13 08:45:21 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1218865,CVE-2023-5981,CVE-2024-0553 This update for gnutls fixes the following issues: - CVE-2024-0553: Fixed insufficient mitigation for side channel attack in RSA-PSK, aka CVE-2023-5981 (bsc#1218865). The following package changes have been done: - libgnutls30-hmac-3.6.7-150200.14.31.1 updated - libgnutls30-3.6.7-150200.14.31.1 updated From sle-container-updates at lists.suse.com Fri Mar 15 14:49:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 15:49:17 +0100 (CET) Subject: SUSE-CU-2024:948-1: Security update of suse/ltss/sle15.3/bci-base-fips Message-ID: <20240315144917.BE493F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:948-1 Container Tags : suse/ltss/sle15.3/bci-base-fips:15.3 , suse/ltss/sle15.3/bci-base-fips:15.3.4.2 Container Release : 4.2 Severity : important Type : security References : 1215286 1215891 1216378 CVE-2023-45853 CVE-2023-4813 ----------------------------------------------------------------- The container suse/ltss/sle15.3/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4448-1 Released: Tue Dec 13 10:16:48 2022 Summary: Initial shipment of package sles-ltss-release Type: recommended Severity: important References: This patch ships the sles-ltss-release package to SUSE Linux Enterprise Server 15 SP3 customers ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - glibc-2.31-150300.63.1 updated - libz1-1.2.11-150000.3.48.1 updated - sles-ltss-release-15.3-150300.10.3.1 added - container:sles15-image-15.0.0-17.20.233 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 removed - bash-4.4-19.6.1 removed - cpio-2.12-3.9.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - grep-3.1-150000.4.6.1 removed - info-6.5-4.17 removed - krb5-1.19.2-150300.13.1 removed - libaudit1-2.8.5-3.43 removed - libblkid1-2.36.2-150300.4.35.1 removed - libbz2-1-1.0.6-5.11.1 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.43.8-150000.4.33.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.4.3 removed - libcurl4-7.66.0-150200.4.57.1 removed - libdw1-0.177-150300.11.6.1 removed - libebl-plugins-0.177-150300.11.6.1 removed - libeconf0-0.5.2-150300.3.11.1 removed - libelf1-0.177-150300.11.6.1 removed - libfdisk1-2.36.2-150300.4.35.1 removed - libgcc_s1-12.3.0+git1204-150000.1.16.1 removed - libgcrypt20-1.8.2-8.36.1 removed - libgcrypt20-hmac-1.8.2-8.36.1 removed - libgpg-error0-1.42-150300.9.3.1 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.2-3.3.1 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.36.2-150300.4.35.1 removed - libncurses6-6.1-150000.5.15.1 removed - libnghttp2-14-1.40.0-6.1 removed - libnsl2-1.2.0-2.44 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-19.6.1 removed - libsasl2-3-2.1.27-150300.4.6.1 removed - libsemanage1-3.0-1.27 removed - libsepol1-3.0-1.31 removed - libsmartcols1-2.36.2-150300.4.35.1 removed - libssh4-0.8.7-10.12.1 removed - libstdc++6-12.3.0+git1204-150000.1.16.1 removed - libsystemd0-246.16-150300.7.57.1 removed - libtirpc-netconfig-1.2.6-150300.3.17.1 removed - libtirpc3-1.2.6-150300.3.17.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.36.2-150300.4.35.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.9.7-150000.3.60.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.4.4-150000.1.9.1 removed - login_defs-4.8.1-150300.4.9.1 removed - ncurses-utils-6.1-150000.5.15.1 removed - pam-1.3.0-150000.6.61.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20181225-150200.23.23.1 removed - rpm-config-SUSE-1-5.6.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150300.4.9.1 removed - system-group-hardware-20170617-17.3.1 removed - sysuser-shadow-2.0-4.2.8 removed - terminfo-base-6.1-150000.5.15.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.36.2-150300.4.35.1 removed From sle-container-updates at lists.suse.com Fri Mar 15 14:49:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 15:49:24 +0100 (CET) Subject: SUSE-CU-2024:949-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240315144924.1FC22F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:949-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.21 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.21 Container Release : 4.21 Severity : moderate Type : security References : 1217445 1217589 1218232 1218866 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - glibc-2.31-150300.68.1 updated From sle-container-updates at lists.suse.com Fri Mar 15 14:49:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 15:49:32 +0100 (CET) Subject: SUSE-CU-2024:950-1: Security update of bci/bci-busybox Message-ID: <20240315144932.DA5BEF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:950-1 Container Tags : bci/bci-busybox:15.5 , bci/bci-busybox:15.5.16.2 , bci/bci-busybox:latest Container Release : 16.2 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated From sle-container-updates at lists.suse.com Fri Mar 15 14:49:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 15:49:40 +0100 (CET) Subject: SUSE-CU-2024:951-1: Security update of suse/git Message-ID: <20240315144940.09D8BF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:951-1 Container Tags : suse/git:2.35 , suse/git:2.35-9.5 , suse/git:latest Container Release : 9.5 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:micro-image-15.5.0-16.2 updated From sle-container-updates at lists.suse.com Fri Mar 15 14:49:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 15:49:47 +0100 (CET) Subject: SUSE-CU-2024:952-1: Security update of suse/helm Message-ID: <20240315144947.587D9F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:952-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-8.6 , suse/helm:latest Container Release : 8.6 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:micro-image-15.5.0-16.2 updated From sle-container-updates at lists.suse.com Fri Mar 15 14:49:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 15:49:54 +0100 (CET) Subject: SUSE-CU-2024:953-1: Security update of bci/bci-micro Message-ID: <20240315144954.1177AF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:953-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.16.2 , bci/bci-micro:latest Container Release : 16.2 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated From sle-container-updates at lists.suse.com Fri Mar 15 14:50:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 15:50:01 +0100 (CET) Subject: SUSE-CU-2024:954-1: Security update of bci/bci-minimal Message-ID: <20240315145001.39865F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:954-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.17.6 , bci/bci-minimal:latest Container Release : 17.6 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:micro-image-15.5.0-16.2 updated From sle-container-updates at lists.suse.com Fri Mar 15 15:58:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 16:58:23 +0100 (CET) Subject: SUSE-CU-2024:968-1: Recommended update of suse/sles/15.6/virt-handler Message-ID: <20240315155823.4EBB8F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:968-1 Container Tags : suse/sles/15.6/virt-handler:1.1.1 , suse/sles/15.6/virt-handler:1.1.1-150600.1.22 , suse/sles/15.6/virt-handler:1.1.1.24.346 Container Release : 24.346 Severity : moderate Type : recommended References : 1211886 1219253 ----------------------------------------------------------------- The container suse/sles/15.6/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:651-1 Released: Wed Feb 28 13:46:06 2024 Summary: Recommended update for nftables Type: recommended Severity: moderate References: 1219253 This update for nftables fixes the following issues: - Enable python311 module (bsc#1219253). The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - libldap-data-2.4.46-150600.23.6 updated - libsemanage-conf-3.5-150600.1.48 updated - libssh-config-0.9.8-150600.8.2 updated - glibc-2.38-150600.6.2 updated - libzstd1-1.5.5-150600.1.2 updated - libuuid1-2.39.3-150600.1.15 updated - libsmartcols1-2.39.3-150600.1.15 updated - libsepol2-3.5-150600.1.48 updated - libsasl2-3-2.1.28-150600.5.2 updated - libpcre2-8-0-10.42-150600.1.25 updated - libnghttp2-14-1.40.0-150600.22.2 updated - liblzma5-5.4.6-150600.1.16 updated - liblz4-1-1.9.4-150600.1.3 updated - libgpg-error0-1.47-150600.1.2 updated - libcom_err2-1.47.0-150600.2.25 updated - libblkid1-2.39.3-150600.1.15 updated - libselinux1-3.5-150600.1.45 updated - libglib-2_0-0-2.78.3-150600.1.6 updated - libgcrypt20-1.10.3-150600.1.9 updated - libfdisk1-2.39.3-150600.1.15 updated - libmount1-2.39.3-150600.1.15 updated - libopenssl3-3.1.4-150600.1.17 updated - libudev1-254.9-150600.2.9 updated - libsystemd0-254.9-150600.2.9 updated - libsemanage2-3.5-150600.1.48 updated - login_defs-4.8.1-150600.15.44 updated - libcrack2-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - libopenssl-3-fips-provider-3.1.4-150600.1.17 updated - libldap-2_4-2-2.4.46-150600.23.6 updated - krb5-1.20.1-150600.8.4 updated - patterns-base-fips-20200124-150600.29.2 updated - libssh4-0.9.8-150600.8.2 updated - sed-4.9-150600.1.3 updated - libcurl4-8.6.0-150600.1.1 updated - sles-release-15.6-150600.27.1 updated - shadow-4.8.1-150600.15.44 updated - util-linux-2.39.3-150600.1.15 updated - netcfg-11.6-150000.3.6.1 updated - curl-8.6.0-150600.1.1 updated - kubevirt-container-disk-1.1.1-150600.1.22 updated - kubevirt-virt-handler-1.1.1-150600.1.22 updated - libapparmor1-3.1.7-150600.2.2 updated - libgmodule-2_0-0-2.78.3-150600.1.6 updated - libkmod2-29-150600.11.3 updated - libnettle8-3.9.1-150600.1.33 updated - pam-config-1.1-150600.14.2 updated - systemd-presets-common-SUSE-15-150600.25.2 updated - libhogweed6-3.9.1-150600.1.33 updated - systemd-presets-branding-SLE-15.1-150600.32.2 updated - libnftables1-0.9.8-150400.6.3.1 updated - libgnutls30-3.8.3-150600.1.16 updated - systemd-254.9-150600.2.9 updated - nftables-0.9.8-150400.6.3.1 updated - qemu-img-8.2.1-150600.3.6 updated - util-linux-systemd-2.39.3-150600.1.7 updated - container:sles15-image-15.0.0-44.65 updated - gzip-1.10-150200.10.1 removed - libdw1-0.185-150400.5.3.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - libpopt0-1.16-3.22 removed - libxml2-2-2.10.3-150500.5.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - timezone-2023c-150000.75.23.1 removed From sle-container-updates at lists.suse.com Fri Mar 15 15:58:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 16:58:25 +0100 (CET) Subject: SUSE-CU-2024:969-1: Recommended update of suse/sles/15.6/virt-launcher Message-ID: <20240315155825.8BD05F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:969-1 Container Tags : suse/sles/15.6/virt-launcher:1.1.1 , suse/sles/15.6/virt-launcher:1.1.1-150600.1.22 , suse/sles/15.6/virt-launcher:1.1.1.26.263 Container Release : 26.263 Severity : moderate Type : recommended References : 1211886 1219253 ----------------------------------------------------------------- The container suse/sles/15.6/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:651-1 Released: Wed Feb 28 13:46:06 2024 Summary: Recommended update for nftables Type: recommended Severity: moderate References: 1219253 This update for nftables fixes the following issues: - Enable python311 module (bsc#1219253). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 The following package changes have been done: - ncat-7.92-150600.7.2 updated - cracklib-dict-small-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - libldap-data-2.4.46-150600.23.6 updated - libsemanage-conf-3.5-150600.1.48 updated - libssh-config-0.9.8-150600.8.2 updated - glibc-2.38-150600.6.2 updated - libzstd1-1.5.5-150600.1.2 updated - libuuid1-2.39.3-150600.1.15 updated - libsmartcols1-2.39.3-150600.1.15 updated - libsepol2-3.5-150600.1.48 updated - libsasl2-3-2.1.28-150600.5.2 updated - libpcre2-8-0-10.42-150600.1.25 updated - libnghttp2-14-1.40.0-150600.22.2 updated - liblzma5-5.4.6-150600.1.16 updated - liblz4-1-1.9.4-150600.1.3 updated - libgpg-error0-1.47-150600.1.2 updated - libfa1-1.14.1-150600.1.2 updated - libcom_err2-1.47.0-150600.2.25 updated - libblkid1-2.39.3-150600.1.15 updated - libselinux1-3.5-150600.1.45 updated - libglib-2_0-0-2.78.3-150600.1.6 updated - libgcrypt20-1.10.3-150600.1.9 updated - libfdisk1-2.39.3-150600.1.15 updated - libmount1-2.39.3-150600.1.15 updated - libopenssl3-3.1.4-150600.1.17 updated - libaugeas0-1.14.1-150600.1.2 updated - libudev1-254.9-150600.2.9 updated - libsystemd0-254.9-150600.2.9 updated - libsemanage2-3.5-150600.1.48 updated - login_defs-4.8.1-150600.15.44 updated - libcrack2-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - libopenssl-3-fips-provider-3.1.4-150600.1.17 updated - libldap-2_4-2-2.4.46-150600.23.6 updated - krb5-1.20.1-150600.8.4 updated - patterns-base-fips-20200124-150600.29.2 updated - libssh4-0.9.8-150600.8.2 updated - sed-4.9-150600.1.3 updated - libcurl4-8.6.0-150600.1.1 updated - sles-release-15.6-150600.27.1 updated - shadow-4.8.1-150600.15.44 updated - util-linux-2.39.3-150600.1.15 updated - netcfg-11.6-150000.3.6.1 updated - timezone-2024a-150000.75.28.1 updated - curl-8.6.0-150600.1.1 updated - augeas-lenses-1.14.1-150600.1.2 updated - augeas-1.14.1-150600.1.2 updated - kubevirt-container-disk-1.1.1-150600.1.22 updated - libapparmor1-3.1.7-150600.2.2 updated - libargon2-1-20190702-150600.1.3 updated - libbpf1-1.2.2-150600.1.3 updated - libburn4-1.5.6-150600.1.5 updated - libdevmapper1_03-2.03.22_1.02.196-150600.1.2 updated - libgmodule-2_0-0-2.78.3-150600.1.6 updated - libgobject-2_0-0-2.78.3-150600.1.6 updated - libisofs6-1.5.6-150600.1.5 updated - libjpeg8-8.2.2-150600.22.3 updated - libjson-c5-0.16-150600.1.3 updated - libkmod2-29-150600.11.3 updated - libnettle8-3.9.1-150600.1.33 updated - libpixman-1-0-0.42.2-150600.1.2 updated - libpng16-16-1.6.40-150600.1.2 updated - libssh2-1-1.11.0-150600.17.2 updated - libtextstyle0-0.21.1-150600.1.6 updated - libtpms0-0.9.6-150600.1.2 updated - libvdeplug3-2.3.2+svn587-150600.17.2 updated - pam-config-1.1-150600.14.2 updated - qemu-accel-tcg-x86-8.2.1-150600.3.6 updated - qemu-ipxe-8.2.1-150600.3.6 updated - qemu-seabios-8.2.11.16.3_3_ga95067eb-150600.3.6 updated - qemu-vgabios-8.2.11.16.3_3_ga95067eb-150600.3.6 updated - shared-mime-info-2.4-150600.1.2 updated - systemd-presets-common-SUSE-15-150600.25.2 updated - systemd-rpm-macros-15-150600.1.2 updated - trousers-0.3.15-150600.7.2 updated - xz-5.4.6-150600.1.16 updated - cyrus-sasl-2.1.28-150600.5.2 updated - libisoburn1-1.5.6-150600.1.5 updated - libcryptsetup12-2.7.0-150600.1.3 updated - libndctl6-78-150600.1.9 updated - libhogweed6-3.9.1-150600.1.33 updated - virtiofsd-1.10.1-150600.2.3 updated - gettext-runtime-0.21.1-150600.1.6 updated - qemu-hw-usb-redirect-8.2.1-150600.3.6 updated - socat-1.7.3.2-150600.18.3 updated - systemd-presets-branding-SLE-15.1-150600.32.2 updated - suse-module-tools-15.6.7-150600.1.24 updated - kmod-29-150600.11.3 updated - cyrus-sasl-digestmd5-2.1.28-150600.5.2 updated - xorriso-1.5.6-150600.1.5 updated - libnftables1-0.9.8-150400.6.3.1 updated - libgnutls30-3.8.3-150600.1.16 updated - xen-libs-4.18.0_06-150600.1.10 updated - libpcap1-1.10.4-150600.1.4 updated - systemd-254.9-150600.2.9 updated - gio-branding-SLE-15-150600.33.2 updated - libgio-2_0-0-2.78.3-150600.1.6 updated - glib2-tools-2.78.3-150600.1.6 updated - nftables-0.9.8-150400.6.3.1 updated - qemu-img-8.2.1-150600.3.6 updated - gnutls-3.8.3-150600.1.16 updated - udev-254.9-150600.2.9 updated - systemd-container-254.9-150600.2.9 updated - libvirt-libs-10.0.0-150600.3.3 updated - libjson-glib-1_0-0-1.8.0-150600.1.2 updated - rdma-core-49.1-150600.2.3 updated - libvirt-daemon-log-10.0.0-150600.3.3 updated - libvirt-client-10.0.0-150600.3.3 updated - kubevirt-virt-launcher-1.1.1-150600.1.22 updated - swtpm-0.7.3-150600.6.2 updated - libibverbs1-49.1-150600.2.3 updated - libmlx5-1-49.1-150600.2.3 updated - libvirt-daemon-common-10.0.0-150600.3.3 updated - libmlx4-1-49.1-150600.2.3 updated - libmana1-49.1-150600.2.3 updated - libefa1-49.1-150600.2.3 updated - libibverbs-49.1-150600.2.3 updated - librdmacm1-49.1-150600.2.3 updated - qemu-ovmf-x86_64-202308-150600.1.5 updated - qemu-x86-8.2.1-150600.3.6 updated - qemu-8.2.1-150600.3.6 updated - libvirt-daemon-driver-qemu-10.0.0-150600.3.3 updated - container:sles15-image-15.0.0-44.65 updated From sle-container-updates at lists.suse.com Fri Mar 15 15:58:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Mar 2024 16:58:27 +0100 (CET) Subject: SUSE-CU-2024:970-1: Recommended update of suse/sles/15.6/libguestfs-tools Message-ID: <20240315155827.D09DDF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:970-1 Container Tags : suse/sles/15.6/libguestfs-tools:1.1.1 , suse/sles/15.6/libguestfs-tools:1.1.1-150600.1.22 , suse/sles/15.6/libguestfs-tools:1.1.1.23.249 Container Release : 23.249 Severity : moderate Type : recommended References : 1211886 ----------------------------------------------------------------- The container suse/sles/15.6/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) The following package changes have been done: - gio-branding-SLE-15-150600.33.2 updated - cracklib-dict-small-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - libldap-data-2.4.46-150600.23.6 updated - libsemanage-conf-3.5-150600.1.48 updated - libssh-config-0.9.8-150600.8.2 updated - glibc-2.38-150600.6.2 updated - libzstd1-1.5.5-150600.1.2 updated - libuuid1-2.39.3-150600.1.15 updated - libsmartcols1-2.39.3-150600.1.15 updated - libsepol2-3.5-150600.1.48 updated - libsasl2-3-2.1.28-150600.5.2 updated - libpcre2-8-0-10.42-150600.1.25 updated - libnghttp2-14-1.40.0-150600.22.2 updated - liblzma5-5.4.6-150600.1.16 updated - liblz4-1-1.9.4-150600.1.3 updated - libgpg-error0-1.47-150600.1.2 updated - libfa1-1.14.1-150600.1.2 updated - libcom_err2-1.47.0-150600.2.25 updated - libblkid1-2.39.3-150600.1.15 updated - libselinux1-3.5-150600.1.45 updated - libglib-2_0-0-2.78.3-150600.1.6 updated - libksba8-1.6.4-150600.1.2 updated - libgcrypt20-1.10.3-150600.1.9 updated - libfdisk1-2.39.3-150600.1.15 updated - libmount1-2.39.3-150600.1.15 updated - libsigc-2_0-0-2.12.1-150600.1.2 updated - libopenssl3-3.1.4-150600.1.17 updated - libaugeas0-1.14.1-150600.1.2 updated - libudev1-254.9-150600.2.9 updated - libsystemd0-254.9-150600.2.9 updated - libsemanage2-3.5-150600.1.48 updated - login_defs-4.8.1-150600.15.44 updated - libcrack2-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - libzck1-1.1.16-150600.9.2 updated - libopenssl-3-fips-provider-3.1.4-150600.1.17 updated - libldap-2_4-2-2.4.46-150600.23.6 updated - krb5-1.20.1-150600.8.4 updated - patterns-base-fips-20200124-150600.29.2 updated - libssh4-0.9.8-150600.8.2 updated - sed-4.9-150600.1.3 updated - libcurl4-8.6.0-150600.1.1 updated - sles-release-15.6-150600.27.1 updated - gpg2-2.4.4-150600.1.3 updated - libgpgme11-1.23.0-150600.1.24 updated - libzypp-17.31.31-150600.8.5 updated - shadow-4.8.1-150600.15.44 updated - util-linux-2.39.3-150600.1.15 updated - netcfg-11.6-150000.3.6.1 updated - curl-8.6.0-150600.1.1 updated - augeas-lenses-1.14.1-150600.1.2 updated - augeas-1.14.1-150600.1.2 updated - btrfsprogs-udev-rules-6.5.1-150600.1.10 updated - gsettings-desktop-schemas-45.0-150600.3.1 updated - libguestfs-1.52.0-150600.1.12 updated - libguestfs-winsupport-1.52.0-150600.1.12 updated - libapparmor1-3.1.7-150600.2.2 updated - libargon2-1-20190702-150600.1.3 updated - libbpf1-1.2.2-150600.1.3 updated - libburn4-1.5.6-150600.1.5 updated - libdevmapper1_03-2.03.22_1.02.196-150600.1.2 updated - libext2fs2-1.47.0-150600.2.25 updated - libgmodule-2_0-0-2.78.3-150600.1.6 updated - libgobject-2_0-0-2.78.3-150600.1.6 updated - libhivex0-1.3.23-150600.1.3 updated - libisofs6-1.5.6-150600.1.5 updated - libjpeg8-8.2.2-150600.22.3 updated - libjson-c5-0.16-150600.1.3 updated - libkcapi-tools-0.13.0-150600.15.10 updated - libkmod2-29-150600.11.3 updated - libnettle8-3.9.1-150600.1.33 updated - libpixman-1-0-0.42.2-150600.1.2 updated - libpng16-16-1.6.40-150600.1.2 updated - libpwquality1-1.4.5-150600.2.2 updated - libssh2-1-1.11.0-150600.17.2 updated - libvdeplug3-2.3.2+svn587-150600.17.2 updated - mdadm-4.3-150600.1.9 updated - osinfo-db-20231215-150600.2.2 updated - pam-config-1.1-150600.14.2 updated - qemu-accel-tcg-x86-8.2.1-150600.3.6 updated - qemu-ipxe-8.2.1-150600.3.6 updated - qemu-seabios-8.2.11.16.3_3_ga95067eb-150600.3.6 updated - qemu-vgabios-8.2.11.16.3_3_ga95067eb-150600.3.6 updated - shared-mime-info-2.4-150600.1.2 updated - systemd-presets-common-SUSE-15-150600.25.2 updated - systemd-rpm-macros-15-150600.1.2 updated - xz-5.4.6-150600.1.16 updated - zstd-1.5.5-150600.1.2 updated - e2fsprogs-1.47.0-150600.2.25 updated - cyrus-sasl-2.1.28-150600.5.2 updated - libisoburn1-1.5.6-150600.1.5 updated - libopenssl1_1-1.1.1w-150600.1.8 updated - libcryptsetup12-2.7.0-150600.1.3 updated - libndctl6-78-150600.1.9 updated - libhogweed6-3.9.1-150600.1.33 updated - btrfsprogs-6.5.1-150600.1.10 updated - virtiofsd-1.10.1-150600.2.3 updated - xfsprogs-6.6.0-150600.1.2 updated - libmpath0-0.9.8~1+82+suse.dcd98a3-150600.1.3 updated - xkeyboard-config-2.40-150600.1.2 updated - systemd-presets-branding-SLE-15.1-150600.32.2 updated - cyrus-sasl-digestmd5-2.1.28-150600.5.2 updated - xorriso-1.5.6-150600.1.5 updated - cryptsetup-2.7.0-150600.1.3 updated - libgnutls30-3.8.3-150600.1.16 updated - xen-libs-4.18.0_06-150600.1.10 updated - libxkbcommon0-1.5.0-150600.1.4 updated - systemd-254.9-150600.2.9 updated - libgio-2_0-0-2.78.3-150600.1.6 updated - glib2-tools-2.78.3-150600.1.6 updated - qemu-pr-helper-8.2.1-150600.3.6 updated - qemu-img-8.2.1-150600.3.6 updated - util-linux-systemd-2.39.3-150600.1.7 updated - libvirt-libs-10.0.0-150600.3.3 updated - libjson-glib-1_0-0-1.8.0-150600.1.2 updated - glib-networking-2.78.0-150600.1.2 updated - qemu-tools-8.2.1-150600.3.6 updated - libsoup-2_4-1-2.74.3-150600.2.2 updated - suse-module-tools-15.6.7-150600.1.24 updated - kmod-29-150600.11.3 updated - udev-254.9-150600.2.9 updated - dracut-059+suse.506.gd33b6bef-150600.1.37 updated - supermin-5.3.3-150600.1.4 updated - libosinfo-1_0-0-1.11.0-150600.1.4 updated - libosinfo-1.11.0-150600.1.4 updated - rdma-core-49.1-150600.2.3 updated - dracut-fips-059+suse.506.gd33b6bef-150600.1.37 updated - libibverbs1-49.1-150600.2.3 updated - libmlx5-1-49.1-150600.2.3 updated - libmlx4-1-49.1-150600.2.3 updated - libmana1-49.1-150600.2.3 updated - libefa1-49.1-150600.2.3 updated - libibverbs-49.1-150600.2.3 updated - librdmacm1-49.1-150600.2.3 updated - qemu-x86-8.2.1-150600.3.6 updated - qemu-8.2.1-150600.3.6 updated - qemu-ovmf-x86_64-202308-150600.1.5 updated - libguestfs0-1.52.0-150600.1.12 updated - libguestfs-devel-1.52.0-150600.1.12 updated - libguestfs-appliance-1.52.0-150600.1.12 updated - guestfs-tools-1.52.0-150600.1.7 updated - container:sles15-image-15.0.0-44.65 updated - timezone-2023c-150000.75.23.1 removed From sle-container-updates at lists.suse.com Sat Mar 16 08:03:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:03:43 +0100 (CET) Subject: SUSE-CU-2024:974-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240316080343.31F65F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:974-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-5.2.323 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.323 Severity : important Type : security References : 1068950 1081527 1211052 1214691 1214713 1215005 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217432 1217445 1217589 1218632 1218812 1218814 1218866 1219241 1219581 1219639 1219666 1221134 1221151 CVE-2017-16829 CVE-2018-7208 CVE-2022-48064 CVE-2022-48566 CVE-2023-42465 CVE-2023-4750 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-6597 CVE-2024-22667 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:871-1 Released: Wed Mar 13 13:07:46 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: - CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321). - CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326). - CVE-2023-48236: Fixed overflow in get_number (bsc#1217329). - CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330). - CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005). Updated to version 9.1 with patch level 0111: https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:877-1 Released: Wed Mar 13 16:56:12 2024 Summary: Security update for sudo Type: security Severity: important References: 1221134,1221151,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:898-1 Released: Thu Mar 14 16:05:15 2024 Summary: Security update for gdb Type: security Severity: moderate References: 1068950,1081527,1211052,CVE-2017-16829,CVE-2018-7208,CVE-2022-48064 This update for gdb fixes the following issues: - Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency will take care of that requirement. gdb was released in 13.2: * This version of GDB includes the following changes and enhancements: * Support for the following new targets has been added in both GDB and GDBserver: * GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux* * GNU/Linux/CSKY (gdbserver) csky*-*linux* * The Windows native target now supports target async. * Floating-point support has now been added on LoongArch GNU/Linux. * New commands: * set print nibbles [on|off] * show print nibbles * This controls whether the 'print/t' command will display binary values in groups of four bits, known as 'nibbles'. The default is 'off'. Various styling-related commands. See the gdb/NEWS file for more details. Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. * Python API improvements: * New Python API for instruction disassembly. * The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee. * New Python type gdb.BreakpointLocation. * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address ' * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'. * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string. * New method gdb.Frame.language that returns the name of the frame's language. * gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation. * gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does. * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9]. * GDB/MI changes: * MI version 1 is deprecated, and will be removed in GDB 14. * The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno. * Miscellaneous improvements: * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF. * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior. * New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit. * The 'info breakpoints' now displays enabled breakpoint locations of disabled breakpoints as in the 'y-' state. * The format of 'disassemble /r' and 'record instruction-history /r' has changed to match the layout of GNU objdump when disassembling. * A new format '/b' has been introduce to provide the old behavior of '/r'. * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new 'set style tui-current-position' command. * It is now possible to use the 'document' command to document user-defined commands. * Support for memory tag data for AArch64 MTE. * Support Removal notices: * DBX mode has been removed. * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3. * Support for the following commands has been removed: * set debug aix-solib on|off * show debug aix-solib * set debug solib-frv on|off * show debug solib-frv * Use the 'set/show debug solib' commands instead. See the NEWS file for a more complete and detailed list of what this release includes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:904-1 Released: Fri Mar 15 08:42:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1214713,1218632,1218812,1218814,1219241,1219639 This update for supportutils fixes the following issues: - Update toversion 3.1.29 - Extended scaling for performance (bsc#1214713) - Fixed kdumptool output error (bsc#1218632) - Corrected podman ID errors (bsc#1218812) - Duplicate non root podman entries removed (bsc#1218814) - Corrected get_sles_ver for SLE Micro (bsc#1219241) - Check nvidida-persistenced state (bsc#1219639) The following package changes have been done: - gdb-13.2-150400.15.14.1 updated - glibc-locale-base-2.31-150300.68.1 updated - glibc-locale-2.31-150300.68.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - python3-base-3.6.15-150300.10.57.1 updated - sudo-1.9.9-150400.4.36.1 updated - supportutils-3.1.29-150300.7.35.27.1 updated - vim-data-common-9.1.0111-150000.5.60.1 updated - vim-9.1.0111-150000.5.60.1 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:05:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:05:21 +0100 (CET) Subject: SUSE-CU-2024:976-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240316080521.5DE40F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:976-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-4.2.221 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.221 Severity : important Type : security References : 1068950 1081527 1211052 1214691 1214713 1215005 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217432 1217445 1217589 1218632 1218812 1218814 1218866 1219241 1219581 1219639 1219666 1221134 1221151 CVE-2017-16829 CVE-2018-7208 CVE-2022-48064 CVE-2022-48566 CVE-2023-42465 CVE-2023-4750 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-6597 CVE-2024-22667 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:871-1 Released: Wed Mar 13 13:07:46 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: - CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321). - CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326). - CVE-2023-48236: Fixed overflow in get_number (bsc#1217329). - CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330). - CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005). Updated to version 9.1 with patch level 0111: https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:877-1 Released: Wed Mar 13 16:56:12 2024 Summary: Security update for sudo Type: security Severity: important References: 1221134,1221151,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:898-1 Released: Thu Mar 14 16:05:15 2024 Summary: Security update for gdb Type: security Severity: moderate References: 1068950,1081527,1211052,CVE-2017-16829,CVE-2018-7208,CVE-2022-48064 This update for gdb fixes the following issues: - Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency will take care of that requirement. gdb was released in 13.2: * This version of GDB includes the following changes and enhancements: * Support for the following new targets has been added in both GDB and GDBserver: * GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux* * GNU/Linux/CSKY (gdbserver) csky*-*linux* * The Windows native target now supports target async. * Floating-point support has now been added on LoongArch GNU/Linux. * New commands: * set print nibbles [on|off] * show print nibbles * This controls whether the 'print/t' command will display binary values in groups of four bits, known as 'nibbles'. The default is 'off'. Various styling-related commands. See the gdb/NEWS file for more details. Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. * Python API improvements: * New Python API for instruction disassembly. * The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee. * New Python type gdb.BreakpointLocation. * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address ' * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'. * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string. * New method gdb.Frame.language that returns the name of the frame's language. * gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation. * gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does. * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9]. * GDB/MI changes: * MI version 1 is deprecated, and will be removed in GDB 14. * The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno. * Miscellaneous improvements: * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF. * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior. * New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit. * The 'info breakpoints' now displays enabled breakpoint locations of disabled breakpoints as in the 'y-' state. * The format of 'disassemble /r' and 'record instruction-history /r' has changed to match the layout of GNU objdump when disassembling. * A new format '/b' has been introduce to provide the old behavior of '/r'. * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new 'set style tui-current-position' command. * It is now possible to use the 'document' command to document user-defined commands. * Support for memory tag data for AArch64 MTE. * Support Removal notices: * DBX mode has been removed. * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3. * Support for the following commands has been removed: * set debug aix-solib on|off * show debug aix-solib * set debug solib-frv on|off * show debug solib-frv * Use the 'set/show debug solib' commands instead. See the NEWS file for a more complete and detailed list of what this release includes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:904-1 Released: Fri Mar 15 08:42:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1214713,1218632,1218812,1218814,1219241,1219639 This update for supportutils fixes the following issues: - Update toversion 3.1.29 - Extended scaling for performance (bsc#1214713) - Fixed kdumptool output error (bsc#1218632) - Corrected podman ID errors (bsc#1218812) - Duplicate non root podman entries removed (bsc#1218814) - Corrected get_sles_ver for SLE Micro (bsc#1219241) - Check nvidida-persistenced state (bsc#1219639) The following package changes have been done: - gdb-13.2-150400.15.14.1 updated - glibc-locale-base-2.31-150300.68.1 updated - glibc-locale-2.31-150300.68.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - python3-base-3.6.15-150300.10.57.1 updated - sudo-1.9.9-150400.4.36.1 updated - supportutils-3.1.29-150300.7.35.27.1 updated - vim-data-common-9.1.0111-150000.5.60.1 updated - vim-9.1.0111-150000.5.60.1 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:05:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:05:47 +0100 (CET) Subject: SUSE-CU-2024:977-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240316080547.5705CF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:977-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.179 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.179 Severity : important Type : security References : 1068950 1081527 1211052 1214691 1214713 1217445 1217589 1218632 1218812 1218814 1218866 1219241 1219639 1219666 1221134 1221151 CVE-2017-16829 CVE-2018-7208 CVE-2022-48064 CVE-2022-48566 CVE-2023-42465 CVE-2023-6597 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:876-1 Released: Wed Mar 13 15:45:34 2024 Summary: Security update for sudo Type: security Severity: important References: 1221134,1221151,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:898-1 Released: Thu Mar 14 16:05:15 2024 Summary: Security update for gdb Type: security Severity: moderate References: 1068950,1081527,1211052,CVE-2017-16829,CVE-2018-7208,CVE-2022-48064 This update for gdb fixes the following issues: - Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency will take care of that requirement. gdb was released in 13.2: * This version of GDB includes the following changes and enhancements: * Support for the following new targets has been added in both GDB and GDBserver: * GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux* * GNU/Linux/CSKY (gdbserver) csky*-*linux* * The Windows native target now supports target async. * Floating-point support has now been added on LoongArch GNU/Linux. * New commands: * set print nibbles [on|off] * show print nibbles * This controls whether the 'print/t' command will display binary values in groups of four bits, known as 'nibbles'. The default is 'off'. Various styling-related commands. See the gdb/NEWS file for more details. Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. * Python API improvements: * New Python API for instruction disassembly. * The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee. * New Python type gdb.BreakpointLocation. * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address ' * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'. * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string. * New method gdb.Frame.language that returns the name of the frame's language. * gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation. * gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does. * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9]. * GDB/MI changes: * MI version 1 is deprecated, and will be removed in GDB 14. * The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno. * Miscellaneous improvements: * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF. * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior. * New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit. * The 'info breakpoints' now displays enabled breakpoint locations of disabled breakpoints as in the 'y-' state. * The format of 'disassemble /r' and 'record instruction-history /r' has changed to match the layout of GNU objdump when disassembling. * A new format '/b' has been introduce to provide the old behavior of '/r'. * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new 'set style tui-current-position' command. * It is now possible to use the 'document' command to document user-defined commands. * Support for memory tag data for AArch64 MTE. * Support Removal notices: * DBX mode has been removed. * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3. * Support for the following commands has been removed: * set debug aix-solib on|off * show debug aix-solib * set debug solib-frv on|off * show debug solib-frv * Use the 'set/show debug solib' commands instead. See the NEWS file for a more complete and detailed list of what this release includes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:904-1 Released: Fri Mar 15 08:42:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1214713,1218632,1218812,1218814,1219241,1219639 This update for supportutils fixes the following issues: - Update toversion 3.1.29 - Extended scaling for performance (bsc#1214713) - Fixed kdumptool output error (bsc#1218632) - Corrected podman ID errors (bsc#1218812) - Duplicate non root podman entries removed (bsc#1218814) - Corrected get_sles_ver for SLE Micro (bsc#1219241) - Check nvidida-persistenced state (bsc#1219639) The following package changes have been done: - gdb-13.2-150400.15.14.1 updated - glibc-locale-base-2.31-150300.68.1 updated - glibc-locale-2.31-150300.68.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - python3-base-3.6.15-150300.10.57.1 updated - sudo-1.9.12p1-150500.7.10.1 updated - supportutils-3.1.29-150300.7.35.27.1 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:06:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:06:28 +0100 (CET) Subject: SUSE-CU-2024:979-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240316080628.C089CFBA5@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:979-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.13 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.13 Container Release : 3.13 Severity : moderate Type : security References : 1215377 1217445 1217589 1218232 1218866 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:06:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:06:54 +0100 (CET) Subject: SUSE-CU-2024:980-1: Security update of suse/389-ds Message-ID: <20240316080654.690ECFBA5@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:980-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-20.34 , suse/389-ds:latest Container Release : 20.34 Severity : important Type : security References : 1214691 1215377 1217445 1217589 1218866 1219666 1219836 CVE-2022-48566 CVE-2023-6597 CVE-2024-1062 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:908-1 Released: Fri Mar 15 10:20:21 2024 Summary: Security update for 389-ds Type: security Severity: moderate References: 1219836,CVE-2024-1062 This update for 389-ds fixes the following issues: - CVE-2024-1062: Fixed possible denial of service when audit logging is enabled (bsc#1219836). The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - python3-base-3.6.15-150300.10.57.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - python3-3.6.15-150300.10.57.1 updated - libsvrcore0-2.2.8~git65.347aae6-150500.3.17.1 updated - lib389-2.2.8~git65.347aae6-150500.3.17.1 updated - 389-ds-2.2.8~git65.347aae6-150500.3.17.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:07:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:07:22 +0100 (CET) Subject: SUSE-CU-2024:981-1: Security update of bci/dotnet-aspnet Message-ID: <20240316080722.568DBFBA5@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:981-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-25.1 , bci/dotnet-aspnet:6.0.28 , bci/dotnet-aspnet:6.0.28-25.1 Container Release : 25.1 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:07:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:07:51 +0100 (CET) Subject: SUSE-CU-2024:982-1: Security update of bci/dotnet-aspnet Message-ID: <20240316080751.BDE10FBA5@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:982-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-25.1 , bci/dotnet-aspnet:7.0.17 , bci/dotnet-aspnet:7.0.17-25.1 Container Release : 25.1 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:07:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:07:57 +0100 (CET) Subject: SUSE-CU-2024:983-1: Security update of bci/dotnet-aspnet Message-ID: <20240316080757.1EA08FBA5@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:983-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-7.1 , bci/dotnet-aspnet:8.0.3 , bci/dotnet-aspnet:8.0.3-7.1 , bci/dotnet-aspnet:latest Container Release : 7.1 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:08:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:08:13 +0100 (CET) Subject: SUSE-CU-2024:984-1: Security update of suse/registry Message-ID: <20240316080813.6CB36FBA5@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:984-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-19.5 , suse/registry:latest Container Release : 19.5 Severity : moderate Type : security References : 1215377 1217445 1217589 1218866 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - container:micro-image-15.5.0-16.2 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:09:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:09:12 +0100 (CET) Subject: SUSE-CU-2024:986-1: Security update of bci/dotnet-runtime Message-ID: <20240316080912.8ED67FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:986-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-24.1 , bci/dotnet-runtime:6.0.28 , bci/dotnet-runtime:6.0.28-24.1 Container Release : 24.1 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:09:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:09:40 +0100 (CET) Subject: SUSE-CU-2024:987-1: Security update of bci/dotnet-runtime Message-ID: <20240316080940.0D344FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:987-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-26.1 , bci/dotnet-runtime:7.0.17 , bci/dotnet-runtime:7.0.17-26.1 Container Release : 26.1 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:09:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:09:44 +0100 (CET) Subject: SUSE-CU-2024:988-1: Security update of bci/dotnet-runtime Message-ID: <20240316080944.8DD07FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:988-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-7.1 , bci/dotnet-runtime:8.0.3 , bci/dotnet-runtime:8.0.3-7.1 , bci/dotnet-runtime:latest Container Release : 7.1 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:10:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:10:00 +0100 (CET) Subject: SUSE-CU-2024:989-1: Security update of bci/golang Message-ID: <20240316081000.87F60FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:989-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-12.27 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-12.27 Container Release : 12.27 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - glibc-devel-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:10:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:10:19 +0100 (CET) Subject: SUSE-CU-2024:990-1: Security update of suse/nginx Message-ID: <20240316081019.D3F2BFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:990-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-10.29 , suse/nginx:latest Container Release : 10.29 Severity : moderate Type : security References : 1215377 1217445 1217589 1218866 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - container:sles15-image-15.0.0-36.11.13 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libidn2-0-2.2.0-3.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.3.1 removed - libssh4-0.9.8-150400.3.3.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libzstd1-1.5.0-150400.3.3.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Sat Mar 16 08:10:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:10:45 +0100 (CET) Subject: SUSE-CU-2024:991-1: Security update of bci/nodejs Message-ID: <20240316081045.73106FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:991-1 Container Tags : bci/node:18 , bci/node:18-16.29 , bci/nodejs:18 , bci/nodejs:18-16.29 Container Release : 16.29 Severity : moderate Type : security References : 1215377 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:10:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:10:55 +0100 (CET) Subject: SUSE-CU-2024:992-1: Security update of bci/nodejs Message-ID: <20240316081055.8C20FFCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:992-1 Container Tags : bci/node:20 , bci/node:20-6.29 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-6.29 , bci/nodejs:latest Container Release : 6.29 Severity : moderate Type : security References : 1215377 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:11:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:11:28 +0100 (CET) Subject: SUSE-CU-2024:993-1: Security update of bci/openjdk-devel Message-ID: <20240316081128.60253FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:993-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.63 Container Release : 14.63 Severity : important Type : security References : 1198880 1200551 1215377 1217390 1217445 1217589 1218232 1218866 CVE-2021-40633 CVE-2022-28506 CVE-2023-48161 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:786-1 Released: Wed Mar 6 21:07:20 2024 Summary: Security update for giflib Type: security Severity: important References: 1198880,1200551,1217390,CVE-2021-40633,CVE-2022-28506,CVE-2023-48161 This update for giflib fixes the following issues: Update to version 5.2.2 * Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880) * #138 Documentation for obsolete utilities still installed * #139: Typo in 'LZW image data' page ('110_2 = 4_10') * #140: Typo in 'LZW image data' page ('LWZ') * #141: Typo in 'Bits and bytes' page ('filed') * Note as already fixed SF issue #143: cannot compile under mingw * #144: giflib-5.2.1 cannot be build on windows and other platforms using c89 * #145: Remove manual pages installation for binaries that are not installed too * #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7 * #147 [PATCH] Fixes to doc/whatsinagif/ content * #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB * Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1 * Declared Won't-fix on SF issue 149: Out of source builds no longer possible * #151: A heap-buffer-overflow in gif2rgb.c:294:45 * #152: Fix some typos on the html documentation and man pages * #153: Fix segmentation faults due to non correct checking for args * #154: Recover the giffilter manual page * #155: Add gifsponge docs * #157: An OutofMemory-Exception or Memory Leak in gif2rgb * #158: There is a null pointer problem in gif2rgb * #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45 * #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c * #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c * #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c * #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - libgif7-5.2.2-150000.4.13.1 updated - container:bci-openjdk-11-15.5.11-15.29 updated - gzip-1.10-150200.10.1 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libpopt0-1.16-3.22 removed - libsystemd0-249.17-150400.8.40.1 removed - libxml2-2-2.10.3-150500.5.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed From sle-container-updates at lists.suse.com Sat Mar 16 08:11:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:11:54 +0100 (CET) Subject: SUSE-CU-2024:994-1: Security update of bci/openjdk Message-ID: <20240316081154.CFF6AFCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:994-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-15.29 Container Release : 15.29 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:05:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:05:48 +0100 (CET) Subject: SUSE-CU-2024:978-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240316080548.0EA8DF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:978-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.180 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.180 Severity : moderate Type : recommended References : 1215377 1218232 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:12:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:12:21 +0100 (CET) Subject: SUSE-CU-2024:995-1: Security update of bci/openjdk Message-ID: <20240316081221.76D87F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:995-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-16.28 , bci/openjdk:latest Container Release : 16.28 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 08:08:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 09:08:44 +0100 (CET) Subject: SUSE-CU-2024:985-1: Security update of bci/dotnet-sdk Message-ID: <20240316080844.D2E32FBA5@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:985-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-26.1 , bci/dotnet-sdk:7.0.17 , bci/dotnet-sdk:7.0.17-26.1 Container Release : 26.1 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:19:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:19:07 +0100 (CET) Subject: SUSE-CU-2024:996-1: Security update of bci/dotnet-sdk Message-ID: <20240316161907.2C96DF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:996-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-24.1 , bci/dotnet-sdk:6.0.28 , bci/dotnet-sdk:6.0.28-24.1 Container Release : 24.1 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:19:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:19:13 +0100 (CET) Subject: SUSE-CU-2024:997-1: Security update of bci/dotnet-sdk Message-ID: <20240316161913.C00D5F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:997-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-7.1 , bci/dotnet-sdk:8.0.3 , bci/dotnet-sdk:8.0.3-7.1 , bci/dotnet-sdk:latest Container Release : 7.1 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:19:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:19:35 +0100 (CET) Subject: SUSE-CU-2024:998-1: Security update of bci/golang Message-ID: <20240316161935.8EA43F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:998-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.2.29 , bci/golang:oldstable , bci/golang:oldstable-2.2.29 Container Release : 2.29 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - glibc-devel-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:20:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:20:02 +0100 (CET) Subject: SUSE-CU-2024:999-1: Security update of bci/bci-init Message-ID: <20240316162002.D3FF9F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:999-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.14.30 , bci/bci-init:latest Container Release : 14.30 Severity : moderate Type : security References : 1200731 1215377 1217445 1217589 1218232 1218866 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:903-1 Released: Fri Mar 15 06:57:36 2024 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1200731 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731) - Support both the old and new service to avoid complex version interdependency ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - systemd-presets-common-SUSE-15-150500.20.6.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:20:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:20:29 +0100 (CET) Subject: SUSE-CU-2024:995-1: Security update of bci/openjdk Message-ID: <20240316162029.0F85CF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:995-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-16.28 , bci/openjdk:latest Container Release : 16.28 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:21:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:21:00 +0100 (CET) Subject: SUSE-CU-2024:1000-1: Security update of suse/pcp Message-ID: <20240316162100.D8C63F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1000-1 Container Tags : suse/pcp:5 , suse/pcp:5-22.54 , suse/pcp:5.2 , suse/pcp:5.2-22.54 , suse/pcp:5.2.5 , suse/pcp:5.2.5-22.54 , suse/pcp:latest Container Release : 22.54 Severity : moderate Type : security References : 1200731 1215377 1217445 1217589 1218232 1218866 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:903-1 Released: Fri Mar 15 06:57:36 2024 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1200731 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731) - Support both the old and new service to avoid complex version interdependency ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - systemd-presets-common-SUSE-15-150500.20.6.1 updated - container:bci-bci-init-15.5-15.5-14.30 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:21:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:21:28 +0100 (CET) Subject: SUSE-CU-2024:1001-1: Security update of bci/php-apache Message-ID: <20240316162128.71D2BF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1001-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-12.28 Container Release : 12.28 Severity : moderate Type : security References : 1215377 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:21:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:21:52 +0100 (CET) Subject: SUSE-CU-2024:1002-1: Security update of bci/php-fpm Message-ID: <20240316162152.BCDA9F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1002-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-12.28 Container Release : 12.28 Severity : moderate Type : security References : 1215377 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:22:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:22:19 +0100 (CET) Subject: SUSE-CU-2024:1003-1: Security update of bci/php Message-ID: <20240316162219.9A6BAF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1003-1 Container Tags : bci/php:8 , bci/php:8-12.29 Container Release : 12.29 Severity : moderate Type : security References : 1215377 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:22:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:22:42 +0100 (CET) Subject: SUSE-CU-2024:1004-1: Security update of suse/postgres Message-ID: <20240316162242.B4FA0F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1004-1 Container Tags : suse/postgres:15 , suse/postgres:15-17.27 , suse/postgres:15.6 , suse/postgres:15.6-17.27 Container Release : 17.27 Severity : moderate Type : security References : 1215377 1217445 1217589 1218866 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - glibc-locale-base-2.31-150300.68.1 updated - glibc-locale-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:22:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:22:50 +0100 (CET) Subject: SUSE-CU-2024:1005-1: Security update of suse/postgres Message-ID: <20240316162250.97D5CF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1005-1 Container Tags : suse/postgres:16 , suse/postgres:16-6.28 , suse/postgres:16.2 , suse/postgres:16.2-6.28 , suse/postgres:latest Container Release : 6.28 Severity : moderate Type : security References : 1215377 1217445 1217589 1218866 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - glibc-locale-base-2.31-150300.68.1 updated - glibc-locale-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:23:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:23:05 +0100 (CET) Subject: SUSE-CU-2024:1006-1: Security update of suse/rmt-server Message-ID: <20240316162305.3CE02F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1006-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-15.26 , suse/rmt-server:latest Container Release : 15.26 Severity : moderate Type : security References : 1215377 1217445 1217589 1218866 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:23:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:23:30 +0100 (CET) Subject: SUSE-CU-2024:1007-1: Security update of bci/ruby Message-ID: <20240316162330.174A4F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1007-1 Container Tags : bci/ruby:2 , bci/ruby:2-16.25 , bci/ruby:2.5 , bci/ruby:2.5-16.25 , bci/ruby:latest Container Release : 16.25 Severity : moderate Type : security References : 1215377 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - glibc-devel-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:23:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:23:59 +0100 (CET) Subject: SUSE-CU-2024:1008-1: Security update of bci/rust Message-ID: <20240316162359.616E9F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1008-1 Container Tags : bci/rust:1.75 , bci/rust:1.75-2.2.15 , bci/rust:oldstable , bci/rust:oldstable-2.2.15 Container Release : 2.15 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - glibc-devel-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:24:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:24:26 +0100 (CET) Subject: SUSE-CU-2024:1009-1: Security update of bci/rust Message-ID: <20240316162426.EDB04F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1009-1 Container Tags : bci/rust:1.76 , bci/rust:1.76-1.2.15 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.15 Container Release : 2.15 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - glibc-devel-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:24:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:24:45 +0100 (CET) Subject: SUSE-CU-2024:1010-1: Security update of suse/sle15 Message-ID: <20240316162445.F19AAF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1010-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.13 , suse/sle15:15.5 , suse/sle15:15.5.36.11.13 Container Release : 36.11.13 Severity : moderate Type : security References : 1215377 1217445 1217589 1218232 1218866 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:25:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:25:32 +0100 (CET) Subject: SUSE-CU-2024:1012-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240316162532.4C392F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1012-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-2.2.558 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.558 Severity : important Type : security References : 1068950 1081527 1211052 1214691 1214713 1215005 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217432 1217445 1217589 1218632 1218812 1218814 1218866 1219241 1219581 1219639 1219666 CVE-2017-16829 CVE-2018-7208 CVE-2022-48064 CVE-2022-48566 CVE-2023-4750 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-6597 CVE-2024-22667 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:871-1 Released: Wed Mar 13 13:07:46 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: - CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321). - CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326). - CVE-2023-48236: Fixed overflow in get_number (bsc#1217329). - CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330). - CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005). Updated to version 9.1 with patch level 0111: https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:899-1 Released: Thu Mar 14 16:09:41 2024 Summary: Security update for gdb Type: security Severity: moderate References: 1068950,1081527,1211052,CVE-2017-16829,CVE-2018-7208,CVE-2022-48064 This update for gdb fixes the following issues: - Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency will take care of that requirement. gdb was released in 13.2: * This version of GDB includes the following changes and enhancements: * Support for the following new targets has been added in both GDB and GDBserver: * GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux* * GNU/Linux/CSKY (gdbserver) csky*-*linux* * The Windows native target now supports target async. * Floating-point support has now been added on LoongArch GNU/Linux. * New commands: * set print nibbles [on|off] * show print nibbles * This controls whether the 'print/t' command will display binary values in groups of four bits, known as 'nibbles'. The default is 'off'. Various styling-related commands. See the gdb/NEWS file for more details. Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. * Python API improvements: * New Python API for instruction disassembly. * The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee. * New Python type gdb.BreakpointLocation. * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address ' * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'. * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string. * New method gdb.Frame.language that returns the name of the frame's language. * gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation. * gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does. * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9]. * GDB/MI changes: * MI version 1 is deprecated, and will be removed in GDB 14. * The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno. * Miscellaneous improvements: * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF. * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior. * New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit. * The 'info breakpoints' now displays enabled breakpoint locations of disabled breakpoints as in the 'y-' state. * The format of 'disassemble /r' and 'record instruction-history /r' has changed to match the layout of GNU objdump when disassembling. * A new format '/b' has been introduce to provide the old behavior of '/r'. * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new 'set style tui-current-position' command. * It is now possible to use the 'document' command to document user-defined commands. * Support for memory tag data for AArch64 MTE. * Support Removal notices: * DBX mode has been removed. * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3. * Support for the following commands has been removed: * set debug aix-solib on|off * show debug aix-solib * set debug solib-frv on|off * show debug solib-frv * Use the 'set/show debug solib' commands instead. See the NEWS file for a more complete and detailed list of what this release includes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:904-1 Released: Fri Mar 15 08:42:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1214713,1218632,1218812,1218814,1219241,1219639 This update for supportutils fixes the following issues: - Update toversion 3.1.29 - Extended scaling for performance (bsc#1214713) - Fixed kdumptool output error (bsc#1218632) - Corrected podman ID errors (bsc#1218812) - Duplicate non root podman entries removed (bsc#1218814) - Corrected get_sles_ver for SLE Micro (bsc#1219241) - Check nvidida-persistenced state (bsc#1219639) The following package changes have been done: - gdb-13.2-150100.8.39.1 updated - glibc-locale-base-2.31-150300.68.1 updated - glibc-locale-2.31-150300.68.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - python3-base-3.6.15-150300.10.57.1 updated - supportutils-3.1.29-150300.7.35.27.1 updated - vim-data-common-9.1.0111-150000.5.60.1 updated - vim-9.1.0111-150000.5.60.1 updated From sle-container-updates at lists.suse.com Sat Mar 16 16:26:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 16 Mar 2024 17:26:12 +0100 (CET) Subject: SUSE-CU-2024:1013-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240316162612.E31BFF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1013-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-6.2.380 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.380 Severity : important Type : security References : 1068950 1081527 1211052 1214691 1214713 1215005 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217432 1217445 1217589 1218632 1218812 1218814 1218866 1219241 1219581 1219639 1219666 CVE-2017-16829 CVE-2018-7208 CVE-2022-48064 CVE-2022-48566 CVE-2023-4750 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-6597 CVE-2024-22667 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:871-1 Released: Wed Mar 13 13:07:46 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: - CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321). - CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326). - CVE-2023-48236: Fixed overflow in get_number (bsc#1217329). - CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330). - CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005). Updated to version 9.1 with patch level 0111: https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:899-1 Released: Thu Mar 14 16:09:41 2024 Summary: Security update for gdb Type: security Severity: moderate References: 1068950,1081527,1211052,CVE-2017-16829,CVE-2018-7208,CVE-2022-48064 This update for gdb fixes the following issues: - Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency will take care of that requirement. gdb was released in 13.2: * This version of GDB includes the following changes and enhancements: * Support for the following new targets has been added in both GDB and GDBserver: * GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux* * GNU/Linux/CSKY (gdbserver) csky*-*linux* * The Windows native target now supports target async. * Floating-point support has now been added on LoongArch GNU/Linux. * New commands: * set print nibbles [on|off] * show print nibbles * This controls whether the 'print/t' command will display binary values in groups of four bits, known as 'nibbles'. The default is 'off'. Various styling-related commands. See the gdb/NEWS file for more details. Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. * Python API improvements: * New Python API for instruction disassembly. * The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee. * New Python type gdb.BreakpointLocation. * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address ' * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'. * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string. * New method gdb.Frame.language that returns the name of the frame's language. * gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation. * gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does. * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9]. * GDB/MI changes: * MI version 1 is deprecated, and will be removed in GDB 14. * The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno. * Miscellaneous improvements: * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF. * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior. * New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit. * The 'info breakpoints' now displays enabled breakpoint locations of disabled breakpoints as in the 'y-' state. * The format of 'disassemble /r' and 'record instruction-history /r' has changed to match the layout of GNU objdump when disassembling. * A new format '/b' has been introduce to provide the old behavior of '/r'. * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new 'set style tui-current-position' command. * It is now possible to use the 'document' command to document user-defined commands. * Support for memory tag data for AArch64 MTE. * Support Removal notices: * DBX mode has been removed. * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3. * Support for the following commands has been removed: * set debug aix-solib on|off * show debug aix-solib * set debug solib-frv on|off * show debug solib-frv * Use the 'set/show debug solib' commands instead. See the NEWS file for a more complete and detailed list of what this release includes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:904-1 Released: Fri Mar 15 08:42:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1214713,1218632,1218812,1218814,1219241,1219639 This update for supportutils fixes the following issues: - Update toversion 3.1.29 - Extended scaling for performance (bsc#1214713) - Fixed kdumptool output error (bsc#1218632) - Corrected podman ID errors (bsc#1218812) - Duplicate non root podman entries removed (bsc#1218814) - Corrected get_sles_ver for SLE Micro (bsc#1219241) - Check nvidida-persistenced state (bsc#1219639) The following package changes have been done: - gdb-13.2-150100.8.39.1 updated - glibc-locale-base-2.31-150300.68.1 updated - glibc-locale-2.31-150300.68.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - python3-base-3.6.15-150300.10.57.1 updated - supportutils-3.1.29-150300.7.35.27.1 updated - vim-data-common-9.1.0111-150000.5.60.1 updated - vim-9.1.0111-150000.5.60.1 updated From sle-container-updates at lists.suse.com Sun Mar 17 08:02:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 17 Mar 2024 09:02:04 +0100 (CET) Subject: SUSE-CU-2024:1014-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240317080204.7C26DFBA5@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1014-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.7.7 , bci/bci-sle15-kernel-module-devel:latest Container Release : 7.7 Severity : important Type : security References : 1194869 1206453 1209412 1213456 1214691 1215377 1216776 1217445 1217589 1217927 1218195 1218216 1218450 1218527 1218663 1218866 1218915 1219126 1219127 1219141 1219146 1219295 1219443 1219653 1219666 1219827 1219835 1219839 1219840 1219934 1220003 1220009 1220021 1220030 1220106 1220140 1220187 1220238 1220240 1220241 1220243 1220250 1220251 1220253 1220254 1220255 1220257 1220267 1220277 1220317 1220326 1220328 1220330 1220335 1220344 1220348 1220350 1220364 1220392 1220393 1220398 1220409 1220444 1220457 1220459 1220649 1220796 1220825 CVE-2019-25162 CVE-2021-46923 CVE-2021-46924 CVE-2021-46932 CVE-2022-48566 CVE-2023-28746 CVE-2023-5197 CVE-2023-52340 CVE-2023-52429 CVE-2023-52439 CVE-2023-52443 CVE-2023-52445 CVE-2023-52447 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52452 CVE-2023-52456 CVE-2023-52457 CVE-2023-52463 CVE-2023-52464 CVE-2023-52475 CVE-2023-52478 CVE-2023-6597 CVE-2023-6817 CVE-2024-0607 CVE-2024-1151 CVE-2024-23849 CVE-2024-23850 CVE-2024-23851 CVE-2024-25744 CVE-2024-26585 CVE-2024-26586 CVE-2024-26589 CVE-2024-26591 CVE-2024-26593 CVE-2024-26595 CVE-2024-26598 CVE-2024-26602 CVE-2024-26603 CVE-2024-26622 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:858-1 Released: Wed Mar 13 01:09:39 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1206453,1209412,1213456,1216776,1217927,1218195,1218216,1218450,1218527,1218663,1218915,1219126,1219127,1219141,1219146,1219295,1219443,1219653,1219827,1219835,1219839,1219840,1219934,1220003,1220009,1220021,1220030,1220106,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220251,1220253,1220254,1220255,1220257,1220267,1220277,1220317,1220326,1220328,1220330,1220335,1220344,1220348,1220350,1220364,1220392,1220393,1220398,1220409,1220444,1220457,1220459,1220649,1220796,1220825,CVE-2019-25162,CVE-2021-46923,CVE-2021-46924,CVE-2021-46932,CVE-2023-28746,CVE-2023-5197,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52447,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52452,CVE-2023-52456,CVE-2023-52457,CVE-2023-52463,CVE-2023-52464,CVE-2023-52475,CVE-2023-52478,CVE-2023-6817,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23850,CVE-2024-23851,CVE-2024-25744,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-2659 1,CVE-2024-26593,CVE-2024-26595,CVE-2024-26598,CVE-2024-26602,CVE-2024-26603,CVE-2024-26622 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). - CVE-2023-52340: Fixed ICMPv6 ???Packet Too Big??? packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). - CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). - CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146). - CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). The following non-security bugs were fixed: - acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes). - acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes). - acpi: extlog: fix null pointer dereference check (git-fixes). - acpi: resource: add asus model s5402za to quirks (git-fixes). - acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes). - acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes). - acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes). - acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes). - add reference to recently released cve - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes). - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes). - afs: hide silly-rename files from userspace (git-fixes). - afs: increase buffer size in afs_update_volume_status() (git-fixes). - ahci: asm1166: correct count of reported ports (git-fixes). - alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes). - alsa: firewire-lib: fix to check cycle continuity (git-fixes). - alsa: hda/conexant: add quirk for sws js201d (git-fixes). - alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes). - alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes). - alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes). - alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes). - alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes). - alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes). - alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes). - alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes). - alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes). - alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes). - alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes). - alsa: usb-audio: check presence of valid altsetting control (git-fixes). - alsa: usb-audio: ignore clock selector errors for single connection (git-fixes). - alsa: usb-audio: more relaxed check of midi jack names (git-fixes). - alsa: usb-audio: sort quirk table entries (git-fixes). - arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443) - arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443) - arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443) - arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround. - arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break. - arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break - arm64: irq: set the correct node for shadow call stack (git-fixes) - arm64: irq: set the correct node for vmap stack (git-fixes) - arm64: rename arm64_workaround_2966298 (bsc#1219443) - arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes) - asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes). - asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes). - asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes). - asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes). - atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes). - bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes). - bluetooth: enforce validation on max value of connection interval (git-fixes). - bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes). - bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes). - bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes). - bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes). - bluetooth: l2cap: fix possible multiple reject send (git-fixes). - bluetooth: qca: fix wrong event type for patch config command (git-fixes). - bpf: fix verification of indirect var-off stack access (git-fixes). - bpf: guard stack limits against 32bit overflow (git-fixes). - bpf: minor logging improvement (bsc#1220257). - bus: moxtet: add spi device table (git-fixes). - cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267). - can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes). - crypto: api - disallow identical driver names (git-fixes). - crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes). - crypto: octeontx2 - fix cptvf driver cleanup (git-fixes). - crypto: stm32/crc32 - fix parsing list of devices (git-fixes). - dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes). - dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes). - dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes). - dmaengine: fsl-qdma: init irq after reg initialization (git-fixes). - dmaengine: ptdma: use consistent dma masks (git-fixes). - dmaengine: shdma: increase size of 'dev_id' (git-fixes). - dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes). - driver core: fix device_link_flag_is_sync_state_only() (git-fixes). - drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes). - drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes). - drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes). - drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes). - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes). - drm/amd/display: preserve original aspect ratio in create stream (git-fixes). - drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes). - drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes). - drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes). - drm/buddy: fix range bias (git-fixes). - drm/crtc: fix uninitialized variable use even harder (git-fixes). - drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes). - drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes). - drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes). - drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes). - drm/prime: support page array >= 4gb (git-fixes). - drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes). - drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes). - drop bcm5974 input patch causing a regression (bsc#1220030) - efi/capsule-loader: fix incorrect allocation size (git-fixes). - efi: do not add memblocks for soft-reserved memory (git-fixes). - efi: runtime: fix potential overflow of soft-reserved region size (git-fixes). - fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes). - fbdev: savage: error out if pixclock equals zero (git-fixes). - fbdev: sis: error out if pixclock equals zero (git-fixes). - firewire: core: send bus reset promptly on gap count error (git-fixes). - fs: dlm: fix build with config_ipv6 disabled (git-fixes). - fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes). - gpio: 74x164: enable output pins after registers are reset (git-fixes). - gpio: fix resource unwinding order in error path (git-fixes). - gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes). - gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes). - hid: apple: add 2021 magic keyboard fn key mapping (git-fixes). - hid: apple: add support for the 2021 magic keyboard (git-fixes). - hid: wacom: do not register input devices until after hid_hw_start (git-fixes). - hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes). - hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes). - hwmon: (coretemp) enlarge per package core count limit (git-fixes). - hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes). - hwmon: (coretemp) fix out-of-bounds memory access (git-fixes). - i2c: i801: fix block process call transactions (git-fixes). - i2c: i801: remove i801_set_block_buffer_mode (git-fixes). - i2c: imx: add timer for handling the stop condition (git-fixes). - i2c: imx: when being a target, mark the last read as processed (git-fixes). - i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes). - ib/hfi1: fix a memleak in init_credit_return (git-fixes) - ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes) - iio: accel: bma400: fix a compilation problem (git-fixes). - iio: adc: ad7091r: set alert bit in config register (git-fixes). - iio: core: fix memleak in iio_device_register_sysfs (git-fixes). - iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes). - iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes). - input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes). - input: xpad - add lenovo legion go controllers (git-fixes). - irqchip/gic-v3-its: fix gicv4.1 vpe affinity update (git-fixes). - irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes). - jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes). - jfs: fix array-index-out-of-bounds in dinewext (git-fixes). - jfs: fix slab-out-of-bounds read in dtsearch (git-fixes). - jfs: fix uaf in jfs_evict_inode (git-fixes). - kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes). - kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839). - kvm: s390: fix setting of fpc register (git-fixes bsc#1220392). - kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393). - kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes). - kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes). - lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes). - leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes). - lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423). - lib/stackdepot: add refcount for records (jsc-ped#7423). - lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423). - lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423). - libsubcmd: fix memory leak in uniq() (git-fixes). - media: ddbridge: fix an error code problem in ddb_probe (git-fixes). - media: ir_toy: fix a memleak in irtoy_tx (git-fixes). - media: rc: bpf attach/detach requires write permission (git-fixes). - media: rockchip: rga: fix swizzling for rgb formats (git-fixes). - media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes). - mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes). - mm,page_owner: display all stacks and their count (jsc-ped#7423). - mm,page_owner: filter out stacks by a threshold (jsc-ped#7423). - mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423). - mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423). - mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423). - mm/hwpoison: fix unpoison_memory() (bsc#1218663). - mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663). - mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663). - mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes). - mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes). - mmc: core: use mrq.sbc in close-ended ffu (git-fixes). - mmc: mmc_spi: remove custom dma mapped buffers (git-fixes). - mmc: sdhci-xenon: add timeout for phy init complete (git-fixes). - mmc: sdhci-xenon: fix phy init clock stability (git-fixes). - mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes). - modpost: trim leading spaces when processing source files list (git-fixes). - mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003). - nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes). - nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes). - nouveau/svm: fix kvcalloc() argument order (git-fixes). - nouveau: fix function cast warnings (git-fixes). - ntfs: check overflow when iterating attr_records (git-fixes). - ntfs: fix use-after-free in ntfs_attr_find() (git-fixes). - nvme-fabrics: fix i/o connect error handling (git-fixes). - nvme-host: fix the updating of the firmware version (git-fixes). - pci/aer: decode requester id when no error info found (git-fixes). - pci: add no pm reset quirk for nvidia spectrum devices (git-fixes). - pci: add pci_header_type_mfd definition (bsc#1220021). - pci: fix 64gt/s effective data rate calculation (git-fixes). - pci: only override amd usb controller if required (git-fixes). - pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes). - platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes). - platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes). - platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes). - pm: core: remove unnecessary (void *) conversions (git-fixes). - pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes). - pnp: acpi: fix fortify warning (git-fixes). - power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes). - powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869). - powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869). - powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348). - powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869). - powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348). - powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869). - powerpc/watchpoints: annotate atomic context in more places (bsc#1194869). - powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869). - powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869). - powerpc: do not include lppaca.h in paca.h (bsc#1194869). - pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes). - ras/amd/atl: add mi300 row retirement support (jsc#ped-7618). - ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes). - ras: introduce a fru memory poison manager (jsc#ped-7618). - rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes) - rdma/bnxt_re: return error for srq resize (git-fixes) - rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934). - rdma/core: get ib width and speed from netdev (bsc#1219934). - rdma/irdma: add ae for too many rnrs (git-fixes) - rdma/irdma: fix kasan issue with tasklet (git-fixes) - rdma/irdma: set the cq read threshold for gen 1 (git-fixes) - rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes) - rdma/qedr: fix qedr_create_user_qp error flow (git-fixes) - rdma/srpt: fix function pointer cast warnings (git-fixes) - rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes) - refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io (bsc#1216776, bsc#1220277) - regulator: core: only increment use_count when enable_count changes (git-fixes). - regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes). - revert 'drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz' (git-fixes). - revert 'drm/amd/pm: resolve reboot exception for si oland' (git-fixes). - revert 'drm/amd: flush any delayed gfxoff on suspend entry' (git-fixes). - rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created. - s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840). - s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317). - sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes). - scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes). - scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes). - scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141). - scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes). - scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106). - scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106). - scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes). - scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021). - scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021). - scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021). - scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021). - scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021). - scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021). - scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021). - scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021). - scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021). - scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021). - scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021). - scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021). - scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021). - scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021). - scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021). - scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021). - scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021). - scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes). - scsi: revert 'scsi: fcoe: fix potential deadlock on &fip->ctlr_lock' (git-fixes bsc#1219141). - serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes). - spi-mxs: fix chipselect glitch (git-fixes). - spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes). - spi: ppc4xx: drop write-only variable (git-fixes). - spi: sh-msiof: avoid integer overflow in constants (git-fixes). - staging: iio: ad5933: fix type mismatch regression (git-fixes). - supported.conf: remove external flag from ibm supported modules. (bsc#1209412) - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450). - tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes). - topology/sysfs: add format parameter to macro defining 'show' functions for proc (jsc#ped-7618). - topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618). - tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes). - ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes). - usb: cdns3: fix memory double free when handle zero packet (git-fixes). - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes). - usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes). - usb: cdns3: put the cdns set active part outside the spin lock (git-fixes). - usb: cdns: readd old api (git-fixes). - usb: cdnsp: blocked some cdns3 specific code (git-fixes). - usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes). - usb: dwc3: gadget: do not disconnect if not started (git-fixes). - usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes). - usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes). - usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes). - usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes). - usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes). - usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes). - usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes). - usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: gadget: f_hid: fix report descriptor allocation (git-fixes). - usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes). - usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes). - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes). - usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes). - usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). - usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). - usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes). - usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527). - usb: hub: replace hardcoded quirk value with bit() macro (git-fixes). - usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes). - usb: roles: fix null pointer issue when put module's reference (git-fixes). - usb: serial: cp210x: add id for imst im871a-usb (git-fixes). - usb: serial: option: add fibocom fm101-gl variant (git-fixes). - usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes). - watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes). - wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes). - wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes). - wifi: cfg80211: fix missing interfaces when dumping (git-fixes). - wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes). - wifi: iwlwifi: fix some error codes (git-fixes). - wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes). - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes). - wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes). - wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes). - wifi: nl80211: reject iftype change with mesh id change (git-fixes). - wifi: rt2x00: restart beacon queue when hardware reset (git-fixes). - wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes). - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes). - wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes). - x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: add asm helpers for executing verw (git-fixes). - x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk. - x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618). - x86/entry_32: add verw just before userspace transition (git-fixes). - x86/entry_64: add verw just before userspace transition (git-fixes). - x86/mm: fix memory encryption features advertisement (bsc#1206453). - xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes). - xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - glibc-locale-base-2.31-150300.68.1 updated - kernel-macros-5.14.21-150500.55.52.1 updated - glibc-locale-2.31-150300.68.1 updated - kernel-devel-5.14.21-150500.55.52.1 updated - python3-base-3.6.15-150300.10.57.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - glibc-devel-2.31-150300.68.1 updated - kernel-default-devel-5.14.21-150500.55.52.1 updated - kernel-syms-5.14.21-150500.55.52.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Mon Mar 18 08:02:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Mar 2024 09:02:16 +0100 (CET) Subject: SUSE-CU-2024:1015-1: Security update of bci/golang Message-ID: <20240318080216.76E91F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1015-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-12.27 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-12.27 Container Release : 12.27 Severity : moderate Type : security References : 1217445 1217589 1218866 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) The following package changes have been done: - glibc-2.31-150300.68.1 updated - glibc-devel-2.31-150300.68.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Mon Mar 18 08:02:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Mar 2024 09:02:49 +0100 (CET) Subject: SUSE-CU-2024:1016-1: Security update of bci/openjdk-devel Message-ID: <20240318080249.7981AF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1016-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-16.63 , bci/openjdk-devel:latest Container Release : 16.63 Severity : moderate Type : security References : 1215377 1217445 1217589 1218232 1218866 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - container:bci-openjdk-17-15.5.17-16.28 updated From sle-container-updates at lists.suse.com Mon Mar 18 08:03:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Mar 2024 09:03:16 +0100 (CET) Subject: SUSE-CU-2024:1017-1: Security update of bci/python Message-ID: <20240318080316.208B6F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1017-1 Container Tags : bci/python:3 , bci/python:3-18.28 , bci/python:3.6 , bci/python:3.6-18.28 Container Release : 18.28 Severity : important Type : security References : 1214691 1217445 1217589 1218866 1219666 CVE-2022-48566 CVE-2023-6597 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). The following package changes have been done: - glibc-2.31-150300.68.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - python3-base-3.6.15-150300.10.57.1 updated - python3-3.6.15-150300.10.57.1 updated - python3-devel-3.6.15-150300.10.57.1 updated - container:sles15-image-15.0.0-36.11.13 updated From sle-container-updates at lists.suse.com Tue Mar 19 08:03:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Mar 2024 09:03:11 +0100 (CET) Subject: SUSE-CU-2024:1018-1: Recommended update of suse/sles12sp5 Message-ID: <20240319080311.C90DCF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1018-1 Container Tags : suse/sles12sp5:6.5.576 , suse/sles12sp5:latest Container Release : 6.5.576 Severity : important Type : recommended References : 1188307 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:913-1 Released: Mon Mar 18 06:38:50 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1188307 This update for shadow fixes the following issues: - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307) The following package changes have been done: - shadow-4.2.1-36.9.1 updated From sle-container-updates at lists.suse.com Tue Mar 19 08:06:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Mar 2024 09:06:24 +0100 (CET) Subject: SUSE-CU-2024:1024-1: Recommended update of bci/openjdk-devel Message-ID: <20240319080624.C5253F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1024-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-16.66 , bci/openjdk-devel:latest Container Release : 16.66 Severity : important Type : recommended References : 1176006 1188307 1203823 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:bci-openjdk-17-15.5.17-16.29 updated From sle-container-updates at lists.suse.com Tue Mar 19 08:06:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Mar 2024 09:06:52 +0100 (CET) Subject: SUSE-CU-2024:1025-1: Recommended update of bci/ruby Message-ID: <20240319080652.BC41AF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1025-1 Container Tags : bci/ruby:2 , bci/ruby:2-16.27 , bci/ruby:2.5 , bci/ruby:2.5-16.27 , bci/ruby:latest Container Release : 16.27 Severity : important Type : recommended References : 1176006 1188307 1203823 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.14 updated From sle-container-updates at lists.suse.com Tue Mar 19 08:06:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Mar 2024 09:06:56 +0100 (CET) Subject: SUSE-CU-2024:1026-1: Recommended update of suse/sle15 Message-ID: <20240319080656.487EAF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1026-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.45.2.76 , suse/sle15:15.6 , suse/sle15:15.6.45.2.76 Container Release : 45.2.76 Severity : moderate Type : recommended References : 1215377 1218232 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - glibc-2.38-150600.7.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libgcrypt20-1.10.3-150600.1.11 updated - libgpgme11-1.23.0-150600.1.26 updated - libldap-2_4-2-2.4.46-150600.23.8 updated - libldap-data-2.4.46-150600.23.8 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - libopenssl3-3.1.4-150600.2.5 updated - libsystemd0-254.9-150600.2.11 updated - libudev1-254.9-150600.2.11 updated - openssl-3-3.1.4-150600.2.5 updated - openssl-3.1.4-150600.2.1 updated - skelcd-EULA-bci-2023.03.06-150600.8.1 updated - sle-module-basesystem-release-15.6-150600.27.3 updated - sle-module-python3-release-15.6-150600.27.3 updated - sle-module-server-applications-release-15.6-150600.27.3 updated - sles-release-15.6-150600.27.5 updated From sle-container-updates at lists.suse.com Tue Mar 19 14:11:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Mar 2024 15:11:31 +0100 (CET) Subject: SUSE-CU-2024:1027-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240319141131.222B0F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1027-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-25.3 , bci/dotnet-aspnet:6.0.28 , bci/dotnet-aspnet:6.0.28-25.3 Container Release : 25.3 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Tue Mar 19 14:11:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Mar 2024 15:11:59 +0100 (CET) Subject: SUSE-CU-2024:1028-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240319141159.44E74F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1028-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-25.3 , bci/dotnet-aspnet:7.0.17 , bci/dotnet-aspnet:7.0.17-25.3 Container Release : 25.3 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Tue Mar 19 14:12:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Mar 2024 15:12:07 +0100 (CET) Subject: SUSE-CU-2024:1029-1: Recommended update of bci/dotnet-sdk Message-ID: <20240319141207.8C471F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1029-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-7.3 , bci/dotnet-sdk:8.0.3 , bci/dotnet-sdk:8.0.3-7.3 , bci/dotnet-sdk:latest Container Release : 7.3 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Tue Mar 19 14:12:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Mar 2024 15:12:36 +0100 (CET) Subject: SUSE-CU-2024:1030-1: Recommended update of bci/dotnet-runtime Message-ID: <20240319141236.51597F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1030-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-24.3 , bci/dotnet-runtime:6.0.28 , bci/dotnet-runtime:6.0.28-24.3 Container Release : 24.3 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Tue Mar 19 14:13:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Mar 2024 15:13:04 +0100 (CET) Subject: SUSE-CU-2024:1031-1: Recommended update of bci/dotnet-runtime Message-ID: <20240319141304.CAA51F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1031-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-26.3 , bci/dotnet-runtime:7.0.17 , bci/dotnet-runtime:7.0.17-26.3 Container Release : 26.3 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Tue Mar 19 14:13:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Mar 2024 15:13:09 +0100 (CET) Subject: SUSE-CU-2024:1032-1: Recommended update of bci/dotnet-runtime Message-ID: <20240319141309.8DC72F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1032-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-7.3 , bci/dotnet-runtime:8.0.3 , bci/dotnet-runtime:8.0.3-7.3 , bci/dotnet-runtime:latest Container Release : 7.3 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Tue Mar 19 14:13:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Mar 2024 15:13:36 +0100 (CET) Subject: SUSE-CU-2024:1033-1: Recommended update of bci/bci-init Message-ID: <20240319141336.60978F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1033-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.14.34 , bci/bci-init:latest Container Release : 14.34 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Tue Mar 19 14:13:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Mar 2024 15:13:44 +0100 (CET) Subject: SUSE-CU-2024:1034-1: Recommended update of bci/bci-micro Message-ID: <20240319141344.DD7C4F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1034-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.16.3 , bci/bci-micro:latest Container Release : 16.3 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated From sle-container-updates at lists.suse.com Tue Mar 19 14:13:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Mar 2024 15:13:55 +0100 (CET) Subject: SUSE-CU-2024:1035-1: Recommended update of bci/bci-minimal Message-ID: <20240319141355.834D1F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1035-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.17.8 , bci/bci-minimal:latest Container Release : 17.8 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:micro-image-15.5.0-16.3 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:01:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:01:56 +0100 (CET) Subject: SUSE-CU-2024:1041-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240320080156.07814F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1041-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.15 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.15 Container Release : 3.15 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - login_defs-4.8.1-150400.10.15.1 updated - shadow-4.8.1-150400.10.15.1 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:02:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:02:22 +0100 (CET) Subject: SUSE-CU-2024:1042-1: Recommended update of suse/389-ds Message-ID: <20240320080222.486A4F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1042-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-20.37 , suse/389-ds:latest Container Release : 20.37 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:02:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:02:27 +0100 (CET) Subject: SUSE-CU-2024:1043-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240320080227.8210DF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1043-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-7.3 , bci/dotnet-aspnet:8.0.3 , bci/dotnet-aspnet:8.0.3-7.3 , bci/dotnet-aspnet:latest Container Release : 7.3 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:02:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:02:42 +0100 (CET) Subject: SUSE-CU-2024:1044-1: Recommended update of suse/registry Message-ID: <20240320080242.CE484F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1044-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-19.8 , suse/registry:latest Container Release : 19.8 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - login_defs-4.8.1-150400.10.15.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:micro-image-15.5.0-16.3 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:03:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:03:19 +0100 (CET) Subject: SUSE-CU-2024:1045-1: Recommended update of bci/dotnet-sdk Message-ID: <20240320080319.C1C77F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1045-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-24.3 , bci/dotnet-sdk:6.0.28 , bci/dotnet-sdk:6.0.28-24.3 Container Release : 24.3 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:03:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:03:54 +0100 (CET) Subject: SUSE-CU-2024:1046-1: Recommended update of bci/dotnet-sdk Message-ID: <20240320080354.7BABEF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1046-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-26.3 , bci/dotnet-sdk:7.0.17 , bci/dotnet-sdk:7.0.17-26.3 Container Release : 26.3 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:04:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:04:15 +0100 (CET) Subject: SUSE-CU-2024:1047-1: Recommended update of bci/golang Message-ID: <20240320080415.16E48F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1047-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.2.32 , bci/golang:oldstable , bci/golang:oldstable-2.2.32 Container Release : 2.32 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:04:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:04:31 +0100 (CET) Subject: SUSE-CU-2024:1048-1: Recommended update of bci/golang Message-ID: <20240320080431.8C91BF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1048-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-12.30 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-12.30 Container Release : 12.30 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:04:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:04:48 +0100 (CET) Subject: SUSE-CU-2024:1049-1: Recommended update of bci/golang Message-ID: <20240320080448.BCE25F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1049-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-12.30 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-12.30 Container Release : 12.30 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:04:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:04:58 +0100 (CET) Subject: SUSE-CU-2024:1050-1: Recommended update of suse/helm Message-ID: <20240320080458.02F2DF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1050-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-8.8 , suse/helm:latest Container Release : 8.8 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:micro-image-15.5.0-16.3 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:05:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:05:25 +0100 (CET) Subject: SUSE-CU-2024:1051-1: Recommended update of bci/nodejs Message-ID: <20240320080525.BC143F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1051-1 Container Tags : bci/node:18 , bci/node:18-16.33 , bci/nodejs:18 , bci/nodejs:18-16.33 Container Release : 16.33 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:05:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:05:37 +0100 (CET) Subject: SUSE-CU-2024:1052-1: Recommended update of bci/nodejs Message-ID: <20240320080537.E138DF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1052-1 Container Tags : bci/node:20 , bci/node:20-6.33 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-6.33 , bci/nodejs:latest Container Release : 6.33 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:06:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:06:10 +0100 (CET) Subject: SUSE-CU-2024:1053-1: Recommended update of bci/openjdk-devel Message-ID: <20240320080610.C50F8F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1053-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.69 Container Release : 14.69 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:bci-openjdk-11-15.5.11-15.31 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:06:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:06:37 +0100 (CET) Subject: SUSE-CU-2024:1054-1: Recommended update of bci/openjdk Message-ID: <20240320080637.6D910F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1054-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-15.31 Container Release : 15.31 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:07:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:07:08 +0100 (CET) Subject: SUSE-CU-2024:1055-1: Recommended update of bci/openjdk-devel Message-ID: <20240320080708.766DBF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1055-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-16.69 , bci/openjdk-devel:latest Container Release : 16.69 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:bci-openjdk-17-15.5.17-16.31 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:07:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:07:35 +0100 (CET) Subject: SUSE-CU-2024:1056-1: Recommended update of bci/openjdk Message-ID: <20240320080735.4277FF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1056-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-16.31 , bci/openjdk:latest Container Release : 16.31 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:08:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:08:09 +0100 (CET) Subject: SUSE-CU-2024:1057-1: Recommended update of suse/pcp Message-ID: <20240320080809.4451AF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1057-1 Container Tags : suse/pcp:5 , suse/pcp:5-22.60 , suse/pcp:5.2 , suse/pcp:5.2-22.60 , suse/pcp:5.2.5 , suse/pcp:5.2.5-22.60 , suse/pcp:latest Container Release : 22.60 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:bci-bci-init-15.5-15.5-14.34 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:08:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:08:34 +0100 (CET) Subject: SUSE-CU-2024:1058-1: Recommended update of bci/php-apache Message-ID: <20240320080834.880A6F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1058-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-12.31 Container Release : 12.31 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:09:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:09:00 +0100 (CET) Subject: SUSE-CU-2024:1059-1: Recommended update of bci/php-fpm Message-ID: <20240320080900.B4390F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1059-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-12.31 Container Release : 12.31 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:09:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:09:26 +0100 (CET) Subject: SUSE-CU-2024:1060-1: Recommended update of bci/php Message-ID: <20240320080926.6B898F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1060-1 Container Tags : bci/php:8 , bci/php:8-12.32 Container Release : 12.32 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 08:09:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 09:09:53 +0100 (CET) Subject: SUSE-CU-2024:1061-1: Recommended update of suse/postgres Message-ID: <20240320080953.1D826F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1061-1 Container Tags : suse/postgres:15 , suse/postgres:15-17.30 , suse/postgres:15.6 , suse/postgres:15.6-17.30 Container Release : 17.30 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 10:42:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 11:42:42 +0100 (CET) Subject: SUSE-CU-2024:1061-1: Recommended update of suse/postgres Message-ID: <20240320104242.A9207F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1061-1 Container Tags : suse/postgres:15 , suse/postgres:15-17.30 , suse/postgres:15.6 , suse/postgres:15.6-17.30 Container Release : 17.30 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 10:42:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 11:42:51 +0100 (CET) Subject: SUSE-CU-2024:1062-1: Recommended update of suse/postgres Message-ID: <20240320104251.74B17F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1062-1 Container Tags : suse/postgres:16 , suse/postgres:16-6.31 , suse/postgres:16.2 , suse/postgres:16.2-6.31 , suse/postgres:latest Container Release : 6.31 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 10:43:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 11:43:14 +0100 (CET) Subject: SUSE-CU-2024:1063-1: Security update of bci/python Message-ID: <20240320104314.54E75F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1063-1 Container Tags : bci/python:3 , bci/python:3-17.29 , bci/python:3.11 , bci/python:3.11-17.29 , bci/python:latest Container Release : 17.29 Severity : moderate Type : security References : 1217445 1217589 1218866 1219321 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - glibc-2.31-150300.68.1 updated - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 10:43:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 11:43:35 +0100 (CET) Subject: SUSE-CU-2024:1064-1: Recommended update of bci/python Message-ID: <20240320104335.12506F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1064-1 Container Tags : bci/python:3 , bci/python:3-18.30 , bci/python:3.6 , bci/python:3.6-18.30 Container Release : 18.30 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 10:43:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 11:43:40 +0100 (CET) Subject: SUSE-CU-2024:1065-1: Security update of suse/rmt-mariadb-client Message-ID: <20240320104340.ADD30F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1065-1 Container Tags : suse/mariadb-client:10.6 , suse/mariadb-client:10.6-15.28 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.6 , suse/rmt-mariadb-client:10.6-15.28 , suse/rmt-mariadb-client:latest Container Release : 15.28 Severity : important Type : security References : 1176006 1188307 1203823 1215377 1217445 1217589 1218866 1219321 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 10:43:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 11:43:47 +0100 (CET) Subject: SUSE-CU-2024:1066-1: Security update of suse/rmt-mariadb Message-ID: <20240320104347.3A6D1F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1066-1 Container Tags : suse/mariadb:10.6 , suse/mariadb:10.6-19.14 , suse/mariadb:latest , suse/rmt-mariadb:10.6 , suse/rmt-mariadb:10.6-19.14 , suse/rmt-mariadb:latest Container Release : 19.14 Severity : important Type : security References : 1176006 1188307 1203823 1214691 1215377 1217445 1217589 1218866 1219321 1219666 CVE-2022-48566 CVE-2023-6597 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - glibc-2.31-150300.68.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - python3-base-3.6.15-150300.10.57.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 10:44:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 11:44:01 +0100 (CET) Subject: SUSE-CU-2024:1067-1: Recommended update of suse/rmt-server Message-ID: <20240320104401.D172DF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1067-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-15.29 , suse/rmt-server:latest Container Release : 15.29 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 10:44:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 11:44:27 +0100 (CET) Subject: SUSE-CU-2024:1068-1: Recommended update of bci/ruby Message-ID: <20240320104427.15D9DF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1068-1 Container Tags : bci/ruby:2 , bci/ruby:2-16.28 , bci/ruby:2.5 , bci/ruby:2.5-16.28 , bci/ruby:latest Container Release : 16.28 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 10:44:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 11:44:51 +0100 (CET) Subject: SUSE-CU-2024:1069-1: Recommended update of bci/rust Message-ID: <20240320104451.C7E67F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1069-1 Container Tags : bci/rust:1.76 , bci/rust:1.76-1.2.17 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.17 Container Release : 2.17 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 10:45:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 11:45:00 +0100 (CET) Subject: SUSE-CU-2024:1070-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240320104500.46A75F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1070-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.7.10 , bci/bci-sle15-kernel-module-devel:latest Container Release : 7.10 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 20 10:45:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Mar 2024 11:45:18 +0100 (CET) Subject: SUSE-CU-2024:1071-1: Recommended update of suse/sle15 Message-ID: <20240320104518.A219BF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1071-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.15 , suse/sle15:15.5 , suse/sle15:15.5.36.11.15 Container Release : 36.11.15 Severity : important Type : recommended References : 1176006 1188307 1203823 1219321 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - login_defs-4.8.1-150400.10.15.1 updated - shadow-4.8.1-150400.10.15.1 updated From sle-container-updates at lists.suse.com Thu Mar 21 08:02:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Mar 2024 09:02:21 +0100 (CET) Subject: SUSE-CU-2024:1072-1: Recommended update of bci/rust Message-ID: <20240321080221.7FA1DF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1072-1 Container Tags : bci/rust:1.75 , bci/rust:1.75-2.2.17 , bci/rust:oldstable , bci/rust:oldstable-2.2.17 Container Release : 2.17 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Fri Mar 22 08:02:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Mar 2024 09:02:15 +0100 (CET) Subject: SUSE-CU-2024:1073-1: Recommended update of bci/golang Message-ID: <20240322080215.DD7AAF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1073-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.2.33 , bci/golang:oldstable , bci/golang:oldstable-2.2.33 Container Release : 2.33 Severity : moderate Type : recommended References : 1216545 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) The following package changes have been done: - git-core-2.35.3-150300.10.36.1 updated From sle-container-updates at lists.suse.com Fri Mar 22 08:02:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Mar 2024 09:02:34 +0100 (CET) Subject: SUSE-CU-2024:1074-1: Recommended update of bci/golang Message-ID: <20240322080234.50CD3F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1074-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-12.31 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-12.31 Container Release : 12.31 Severity : moderate Type : recommended References : 1216545 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) The following package changes have been done: - git-core-2.35.3-150300.10.36.1 updated From sle-container-updates at lists.suse.com Fri Mar 22 08:02:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Mar 2024 09:02:55 +0100 (CET) Subject: SUSE-CU-2024:1075-1: Security update of bci/golang Message-ID: <20240322080255.6D464F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1075-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.2.31 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.2.31 Container Release : 2.31 Severity : moderate Type : security References : 1216545 1217445 1217589 1218866 1219321 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) The following package changes have been done: - glibc-2.31-150300.68.1 updated - coreutils-8.32-150400.9.3.1 updated - glibc-devel-2.31-150300.68.1 updated - git-core-2.35.3-150300.10.36.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Fri Mar 22 08:03:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Mar 2024 09:03:12 +0100 (CET) Subject: SUSE-CU-2024:1076-1: Recommended update of bci/golang Message-ID: <20240322080312.16DA5F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1076-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-12.31 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-12.31 Container Release : 12.31 Severity : moderate Type : recommended References : 1216545 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) The following package changes have been done: - git-core-2.35.3-150300.10.36.1 updated From sle-container-updates at lists.suse.com Fri Mar 22 08:03:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Mar 2024 09:03:40 +0100 (CET) Subject: SUSE-CU-2024:1077-1: Recommended update of bci/nodejs Message-ID: <20240322080340.98E3DF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1077-1 Container Tags : bci/node:18 , bci/node:18-16.34 , bci/nodejs:18 , bci/nodejs:18-16.34 Container Release : 16.34 Severity : moderate Type : recommended References : 1216545 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) The following package changes have been done: - git-core-2.35.3-150300.10.36.1 updated From sle-container-updates at lists.suse.com Fri Mar 22 08:03:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Mar 2024 09:03:52 +0100 (CET) Subject: SUSE-CU-2024:1078-1: Recommended update of bci/nodejs Message-ID: <20240322080352.F1939F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1078-1 Container Tags : bci/node:20 , bci/node:20-6.34 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-6.34 , bci/nodejs:latest Container Release : 6.34 Severity : moderate Type : recommended References : 1216545 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) The following package changes have been done: - git-core-2.35.3-150300.10.36.1 updated From sle-container-updates at lists.suse.com Fri Mar 22 08:04:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Mar 2024 09:04:27 +0100 (CET) Subject: SUSE-CU-2024:1079-1: Recommended update of bci/openjdk-devel Message-ID: <20240322080427.523E3F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1079-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.70 Container Release : 14.70 Severity : moderate Type : recommended References : 1216545 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) The following package changes have been done: - git-core-2.35.3-150300.10.36.1 updated From sle-container-updates at lists.suse.com Fri Mar 22 08:04:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Mar 2024 09:04:53 +0100 (CET) Subject: SUSE-CU-2024:1080-1: Recommended update of bci/python Message-ID: <20240322080453.6BEBCF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1080-1 Container Tags : bci/python:3 , bci/python:3-17.30 , bci/python:3.11 , bci/python:3.11-17.30 , bci/python:latest Container Release : 17.30 Severity : moderate Type : recommended References : 1216545 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) The following package changes have been done: - git-core-2.35.3-150300.10.36.1 updated From sle-container-updates at lists.suse.com Fri Mar 22 08:05:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Mar 2024 09:05:19 +0100 (CET) Subject: SUSE-CU-2024:1081-1: Recommended update of bci/python Message-ID: <20240322080519.EFE62F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1081-1 Container Tags : bci/python:3 , bci/python:3-18.31 , bci/python:3.6 , bci/python:3.6-18.31 Container Release : 18.31 Severity : moderate Type : recommended References : 1216545 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) The following package changes have been done: - git-core-2.35.3-150300.10.36.1 updated From sle-container-updates at lists.suse.com Fri Mar 22 08:05:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Mar 2024 09:05:36 +0100 (CET) Subject: SUSE-CU-2024:1082-1: Recommended update of suse/rmt-server Message-ID: <20240322080536.3C032F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1082-1 Container Tags : suse/rmt-server:2.15 , suse/rmt-server:2.15-15.30 , suse/rmt-server:latest Container Release : 15.30 Severity : moderate Type : recommended References : 1215176 1216389 1218775 1219153 1219540 1221223 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:955-1 Released: Thu Mar 21 08:56:45 2024 Summary: Recommended update for rmt-server Type: recommended Severity: moderate References: 1215176,1216389,1218775,1219153,1219540,1221223 This update for rmt-server fixes the following issues: - Version 2.15: * Moving system hardware information to systems database table to allow transmitting system information dynamically. (jsc#PED-3734) * Dropping Rails Secrets facilities and related config files (bsc#1215176) * Updated supportconfig script (bsc#1216389) * Support zstd compression for repository metadata (bsc#1218775) * Do not add credential handling to normal repository URLs (bsc#1219153) * Fix for SUSE Liberty registration script to allow RHEL7/SLL7/CentOS7 clients to register to RMT servers * make sure yum that can read repomd.xml correctly is installed (bsc#1221223) * Provide user/group symbol for user created during pre (bsc#1219540) * Disable authentication for license files in pubcloud context * Higher registration sharing timeout * rmt-server-pubcloud: * Extend cache expiration time for BYOS systems (PAYG: 20 min, BYOS: 24 hours) * Include byos parameter when checking subscription validity for BYOS systems with SCC The following package changes have been done: - rmt-server-config-2.15-150500.3.9.2 updated - rmt-server-2.15-150500.3.9.2 updated From sle-container-updates at lists.suse.com Fri Mar 22 08:06:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Mar 2024 09:06:02 +0100 (CET) Subject: SUSE-CU-2024:1083-1: Recommended update of bci/ruby Message-ID: <20240322080602.54A34F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1083-1 Container Tags : bci/ruby:2 , bci/ruby:2-16.29 , bci/ruby:2.5 , bci/ruby:2.5-16.29 , bci/ruby:latest Container Release : 16.29 Severity : moderate Type : recommended References : 1216545 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) The following package changes have been done: - git-core-2.35.3-150300.10.36.1 updated From sle-container-updates at lists.suse.com Tue Mar 26 08:04:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Mar 2024 09:04:36 +0100 (CET) Subject: SUSE-CU-2024:1086-1: Recommended update of bci/bci-init Message-ID: <20240326080436.788ECF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1086-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.14.35 , bci/bci-init:latest Container Release : 14.35 Severity : moderate Type : recommended References : 1219767 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) The following package changes have been done: - pam-config-1.1-150200.3.6.1 updated From sle-container-updates at lists.suse.com Tue Mar 26 08:04:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Mar 2024 09:04:56 +0100 (CET) Subject: SUSE-CU-2024:1087-1: Security update of suse/nginx Message-ID: <20240326080456.157CDF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1087-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-10.34 , suse/nginx:latest Container Release : 10.34 Severity : important Type : security References : 1176006 1188307 1203823 1213590 1214686 1214687 1219321 1221187 CVE-2023-38288 CVE-2023-40745 CVE-2023-41175 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:973-1 Released: Fri Mar 22 11:23:15 2024 Summary: Security update for tiff Type: security Severity: moderate References: 1213590,1214686,1214687,1221187,CVE-2023-38288,CVE-2023-40745,CVE-2023-41175 This update for tiff fixes the following issues: - CVE-2023-41175: Fixed potential integer overflow in raw2tiff.c (bsc#1214686). - CVE-2023-38288: Fixed potential integer overflow in raw2tiff.c (bsc#1213590). - CVE-2023-40745: Fixed integer overflow in tiffcp.c (bsc#1214687). The following package changes have been done: - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - libtiff5-4.0.9-150000.45.41.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Tue Mar 26 08:05:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Mar 2024 09:05:31 +0100 (CET) Subject: SUSE-CU-2024:1088-1: Recommended update of bci/openjdk-devel Message-ID: <20240326080531.4B025F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1088-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-16.72 , bci/openjdk-devel:latest Container Release : 16.72 Severity : moderate Type : recommended References : 1216545 1219662 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:948-1 Released: Wed Mar 20 15:36:58 2024 Summary: Recommended update for java-17-openjdk Type: recommended Severity: moderate References: 1219662 This update for java-17-openjdk fixes the following issues: - Recommend mozilla-nss-sysinit in order to have available the /etc/pki/nssdb directory and its content, required in fips mode (bsc#1219662). - Do not install our crafted nss.fips.cfg file, but use the one that the build produces with our fips.patch applied. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) The following package changes have been done: - java-17-openjdk-headless-17.0.10.0-150400.3.39.2 updated - java-17-openjdk-17.0.10.0-150400.3.39.2 updated - java-17-openjdk-devel-17.0.10.0-150400.3.39.2 updated - git-core-2.35.3-150300.10.36.1 updated - container:bci-openjdk-17-15.5.17-16.32 updated From sle-container-updates at lists.suse.com Tue Mar 26 08:06:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Mar 2024 09:06:03 +0100 (CET) Subject: SUSE-CU-2024:1089-1: Recommended update of suse/pcp Message-ID: <20240326080603.C2534F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1089-1 Container Tags : suse/pcp:5 , suse/pcp:5-22.62 , suse/pcp:5.2 , suse/pcp:5.2-22.62 , suse/pcp:5.2.5 , suse/pcp:5.2.5-22.62 , suse/pcp:latest Container Release : 22.62 Severity : moderate Type : recommended References : 1219767 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) The following package changes have been done: - pam-config-1.1-150200.3.6.1 updated - container:bci-bci-init-15.5-15.5-14.35 updated From sle-container-updates at lists.suse.com Tue Mar 26 08:06:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Mar 2024 09:06:14 +0100 (CET) Subject: SUSE-CU-2024:1090-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240326080614.9C9A8F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1090-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.7.11 , bci/bci-sle15-kernel-module-devel:latest Container Release : 7.11 Severity : moderate Type : recommended References : 1217964 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:982-1 Released: Mon Mar 25 12:56:33 2024 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1217964 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) The following package changes have been done: - systemd-rpm-macros-15-150000.7.39.1 updated From sle-container-updates at lists.suse.com Tue Mar 26 08:06:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Mar 2024 09:06:17 +0100 (CET) Subject: SUSE-CU-2024:1092-1: Recommended update of bci/bci-init Message-ID: <20240326080617.4CF71F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1092-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.5.223 Container Release : 5.223 Severity : moderate Type : recommended References : 1215377 1218232 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.38-150600.7.1 updated - libgcrypt20-1.10.3-150600.1.11 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libsystemd0-254.9-150600.2.14 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - sles-release-15.6-150600.28.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - libapparmor1-3.1.7-150600.3.1 updated - systemd-254.9-150600.2.14 updated - container:sles15-image-15.0.0-45.2.80 updated From sle-container-updates at lists.suse.com Tue Mar 26 08:06:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Mar 2024 09:06:22 +0100 (CET) Subject: SUSE-CU-2024:1097-1: Security update of suse/sle15 Message-ID: <20240326080622.E17FBF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1097-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.45.2.80 , suse/sle15:15.6 , suse/sle15:15.6.45.2.80 Container Release : 45.2.80 Severity : important Type : security References : 1087072 1195654 1196025 1196026 1196168 1196169 1196171 1196784 1199944 1203438 1204111 1204112 1204113 1204708 1212126 1216296 CVE-2022-1664 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-40674 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-43680 CVE-2023-34969 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4973-1 Released: Tue Dec 26 04:44:10 2023 Summary: Recommended update for duktape Type: recommended Severity: moderate References: 1216296 This update of duktape fixes the following issue: - duktape-devel is shipped to Basesystem module (bsc#1216296). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:637-1 Released: Tue Feb 27 10:06:55 2024 Summary: Recommended update for duktape Type: recommended Severity: moderate References: This update for duktape fixes the following issues: - Ship libduktape206-32bit: needed by libproxy since version 0.5. The following package changes have been done: - dbus-1-1.12.2-150400.18.8.1 added - gio-branding-SLE-15-150600.33.2 added - glib2-tools-2.78.3-150600.1.6 added - libdbus-1-3-1.12.2-150400.18.8.1 added - libduktape206-2.6.0-150500.4.5.1 added - libexpat1-2.4.4-150400.3.12.1 added - libgio-2_0-0-2.78.3-150600.1.6 added - libgmodule-2_0-0-2.78.3-150600.1.6 added - libgobject-2_0-0-2.78.3-150600.1.6 added - libgpgme11-1.23.0-150600.1.27 updated - libproxy1-0.5.3-150600.1.1 updated - libpxbackend-1_0-0.5.3-150600.1.1 added - libssh-config-0.9.8-150600.8.3 updated - libssh4-0.9.8-150600.8.3 updated - libsystemd0-254.9-150600.2.14 updated - libudev1-254.9-150600.2.14 updated - libzypp-17.31.31-150600.8.6 updated - shared-mime-info-2.4-150600.1.2 added - sle-module-basesystem-release-15.6-150600.28.1 updated - sle-module-python3-release-15.6-150600.28.1 updated - sle-module-server-applications-release-15.6-150600.28.1 updated - sles-release-15.6-150600.28.2 updated - update-alternatives-1.19.0.4-150000.4.4.1 added From sle-container-updates at lists.suse.com Tue Mar 26 08:06:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Mar 2024 09:06:45 +0100 (CET) Subject: SUSE-CU-2024:1098-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240326080645.EE6F3F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1098-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.18 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.49.18 Severity : moderate Type : recommended References : 1219767 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) The following package changes have been done: - pam-config-1.1-150200.3.6.1 updated From sle-container-updates at lists.suse.com Wed Mar 27 08:01:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Mar 2024 09:01:46 +0100 (CET) Subject: SUSE-CU-2024:1100-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240327080146.D1266F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1100-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.185 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.185 Severity : moderate Type : recommended References : 1219321 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - login_defs-4.8.1-150400.10.15.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-image-15.0.0-36.11.15 updated From sle-container-updates at lists.suse.com Wed Mar 27 08:03:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Mar 2024 09:03:52 +0100 (CET) Subject: SUSE-CU-2024:1101-1: Recommended update of suse/sles12sp5 Message-ID: <20240327080352.E5A48F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1101-1 Container Tags : suse/sles12sp5:6.5.577 , suse/sles12sp5:latest Container Release : 6.5.577 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:996-1 Released: Tue Mar 26 10:44:23 2024 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: This update for krb5 fixes the following issues: This update updates krb5 to 1.16.3 (jsc#PED-7884). Most relevant changes: * Remove the triple-DES and RC4 encryption types from the default value of supported_enctypes, which determines the default key and salt types for new password-derived keys. By default, keys will only created only for AES128 and AES256. This mitigates some types of password guessing attacks. * Add support for the AES-SHA2 enctypes, which allows sites to conform to Suite B crypto requirements. The following package changes have been done: - krb5-1.16.3-46.3.1 updated From sle-container-updates at lists.suse.com Wed Mar 27 08:06:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Mar 2024 09:06:31 +0100 (CET) Subject: SUSE-CU-2024:1102-1: Security update of suse/sle15 Message-ID: <20240327080631.106E2F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1102-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.424 Container Release : 9.5.424 Severity : important Type : security References : 1220770 1220771 CVE-2024-26458 CVE-2024-26461 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:999-1 Released: Tue Mar 26 14:03:42 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). The following package changes have been done: - krb5-1.16.3-150100.3.33.1 updated From sle-container-updates at lists.suse.com Wed Mar 27 08:09:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Mar 2024 09:09:19 +0100 (CET) Subject: SUSE-CU-2024:1108-1: Security update of suse/nginx Message-ID: <20240327080919.4A07EF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1108-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-10.36 , suse/nginx:latest Container Release : 10.36 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Wed Mar 27 08:09:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Mar 2024 09:09:56 +0100 (CET) Subject: SUSE-CU-2024:1109-1: Security update of suse/pcp Message-ID: <20240327080956.77C0FF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1109-1 Container Tags : suse/pcp:5 , suse/pcp:5-22.65 , suse/pcp:5.2 , suse/pcp:5.2-22.65 , suse/pcp:5.2.5 , suse/pcp:5.2.5-22.65 , suse/pcp:latest Container Release : 22.65 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:bci-bci-init-15.5-15.5-14.36 updated From sle-container-updates at lists.suse.com Wed Mar 27 08:10:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Mar 2024 09:10:28 +0100 (CET) Subject: SUSE-CU-2024:1110-1: Security update of suse/postgres Message-ID: <20240327081028.F1EC1F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1110-1 Container Tags : suse/postgres:15 , suse/postgres:15-17.31 , suse/postgres:15.6 , suse/postgres:15.6-17.31 Container Release : 17.31 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:04:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:04:32 +0100 (CET) Subject: SUSE-CU-2024:1113-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240328080432.75B74F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1113-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.188 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.188 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:05:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:05:05 +0100 (CET) Subject: SUSE-CU-2024:1114-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240328080505.C6BCEF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1114-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.25 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.25 Container Release : 4.25 Severity : important Type : security References : 1220770 1220771 CVE-2024-26458 CVE-2024-26461 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1001-1 Released: Wed Mar 27 01:48:30 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). The following package changes have been done: - krb5-1.19.2-150300.16.1 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:05:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:05:15 +0100 (CET) Subject: SUSE-CU-2024:1115-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240328080515.47F7DF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1115-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.16 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.16 Container Release : 3.16 Severity : important Type : security References : 1220770 1220771 CVE-2024-26458 CVE-2024-26461 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1006-1 Released: Wed Mar 27 10:48:38 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). The following package changes have been done: - krb5-1.19.2-150400.3.9.1 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:05:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:05:41 +0100 (CET) Subject: SUSE-CU-2024:1116-1: Security update of suse/389-ds Message-ID: <20240328080541.28525F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1116-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-20.39 , suse/389-ds:latest Container Release : 20.39 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - krb5-client-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:05:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:05:57 +0100 (CET) Subject: SUSE-CU-2024:1117-1: Security update of suse/registry Message-ID: <20240328080558.006E3F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1117-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-19.9 , suse/registry:latest Container Release : 19.9 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:07:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:07:26 +0100 (CET) Subject: SUSE-CU-2024:1122-1: Security update of suse/git Message-ID: <20240328080726.D2580F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1122-1 Container Tags : suse/git:2.35 , suse/git:2.35-9.8 , suse/git:latest Container Release : 9.8 Severity : important Type : security References : 1216545 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - git-core-2.35.3-150300.10.36.1 updated - krb5-1.20.1-150500.3.6.1 updated - container:micro-image-15.5.0-16.3 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:07:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:07:46 +0100 (CET) Subject: SUSE-CU-2024:1123-1: Security update of bci/golang Message-ID: <20240328080746.5611AF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1123-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.2.35 , bci/golang:oldstable , bci/golang:oldstable-2.2.35 Container Release : 2.35 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:08:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:08:04 +0100 (CET) Subject: SUSE-CU-2024:1124-1: Security update of bci/golang Message-ID: <20240328080804.A2937F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1124-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-12.33 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-12.33 Container Release : 12.33 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:08:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:08:27 +0100 (CET) Subject: SUSE-CU-2024:1125-1: Security update of bci/golang Message-ID: <20240328080827.48236F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1125-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.2.33 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.2.33 Container Release : 2.33 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:08:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:08:45 +0100 (CET) Subject: SUSE-CU-2024:1126-1: Security update of bci/golang Message-ID: <20240328080845.8E879F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1126-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-12.33 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-12.33 Container Release : 12.33 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:09:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:09:11 +0100 (CET) Subject: SUSE-CU-2024:1127-1: Security update of bci/bci-init Message-ID: <20240328080911.89926F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1127-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.14.36 , bci/bci-init:latest Container Release : 14.36 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:09:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:09:35 +0100 (CET) Subject: SUSE-CU-2024:1128-1: Security update of bci/nodejs Message-ID: <20240328080935.906FAF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1128-1 Container Tags : bci/node:18 , bci/node:18-16.36 , bci/nodejs:18 , bci/nodejs:18-16.36 Container Release : 16.36 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:09:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:09:47 +0100 (CET) Subject: SUSE-CU-2024:1129-1: Security update of bci/nodejs Message-ID: <20240328080947.E2E26F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1129-1 Container Tags : bci/node:20 , bci/node:20-6.36 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-6.36 , bci/nodejs:latest Container Release : 6.36 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:10:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:10:22 +0100 (CET) Subject: SUSE-CU-2024:1130-1: Security update of bci/openjdk-devel Message-ID: <20240328081022.74C60F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1130-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.73 Container Release : 14.73 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:bci-openjdk-11-15.5.11-15.32 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:11:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:11:24 +0100 (CET) Subject: SUSE-CU-2024:1132-1: Security update of bci/openjdk-devel Message-ID: <20240328081124.2C92CF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1132-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-16.76 , bci/openjdk-devel:latest Container Release : 16.76 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:bci-openjdk-17-15.5.17-16.33 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:11:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:11:50 +0100 (CET) Subject: SUSE-CU-2024:1133-1: Recommended update of bci/openjdk Message-ID: <20240328081150.1EE62F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1133-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-16.33 , bci/openjdk:latest Container Release : 16.33 Severity : moderate Type : recommended References : 1219662 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:948-1 Released: Wed Mar 20 15:36:58 2024 Summary: Recommended update for java-17-openjdk Type: recommended Severity: moderate References: 1219662 This update for java-17-openjdk fixes the following issues: - Recommend mozilla-nss-sysinit in order to have available the /etc/pki/nssdb directory and its content, required in fips mode (bsc#1219662). - Do not install our crafted nss.fips.cfg file, but use the one that the build produces with our fips.patch applied. The following package changes have been done: - java-17-openjdk-headless-17.0.10.0-150400.3.39.2 updated - java-17-openjdk-17.0.10.0-150400.3.39.2 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:12:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:12:20 +0100 (CET) Subject: SUSE-CU-2024:1134-1: Security update of bci/php-apache Message-ID: <20240328081220.94B47F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1134-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-12.32 Container Release : 12.32 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:12:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:12:46 +0100 (CET) Subject: SUSE-CU-2024:1135-1: Security update of bci/php-fpm Message-ID: <20240328081246.78507F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1135-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-12.32 Container Release : 12.32 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:13:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:13:14 +0100 (CET) Subject: SUSE-CU-2024:1136-1: Security update of bci/php Message-ID: <20240328081314.4AD71F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1136-1 Container Tags : bci/php:8 , bci/php:8-12.33 Container Release : 12.33 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:13:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:13:26 +0100 (CET) Subject: SUSE-CU-2024:1137-1: Security update of suse/postgres Message-ID: <20240328081326.05F5BF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1137-1 Container Tags : suse/postgres:16 , suse/postgres:16-6.32 , suse/postgres:16.2 , suse/postgres:16.2-6.32 , suse/postgres:latest Container Release : 6.32 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Thu Mar 28 08:13:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Mar 2024 09:13:51 +0100 (CET) Subject: SUSE-CU-2024:1138-1: Security update of bci/python Message-ID: <20240328081351.86092F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1138-1 Container Tags : bci/python:3 , bci/python:3-17.31 , bci/python:3.11 , bci/python:3.11-17.31 , bci/python:latest Container Release : 17.31 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:03:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:03:19 +0100 (CET) Subject: SUSE-CU-2024:1142-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240329080319.22B44F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1142-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.190 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.190 Severity : important Type : recommended References : 1221218 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) The following package changes have been done: - sed-4.4-150300.13.3.1 updated - container:sles15-image-15.0.0-36.11.17 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:03:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:03:48 +0100 (CET) Subject: SUSE-CU-2024:1143-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240329080348.9432AF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1143-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.26 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.26 Container Release : 4.26 Severity : important Type : recommended References : 1221218 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) The following package changes have been done: - sed-4.4-150300.13.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:03:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:03:55 +0100 (CET) Subject: SUSE-CU-2024:1144-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240329080355.667F2F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1144-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.17 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.17 Container Release : 3.17 Severity : important Type : recommended References : 1221218 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) The following package changes have been done: - sed-4.4-150300.13.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:06:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:06:59 +0100 (CET) Subject: SUSE-CU-2024:1156-1: Recommended update of bci/openjdk-devel Message-ID: <20240329080659.82309F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1156-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-16.79 , bci/openjdk-devel:latest Container Release : 16.79 Severity : important Type : recommended References : 1221218 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) The following package changes have been done: - sed-4.4-150300.13.3.1 updated - container:bci-openjdk-17-15.5.17-16.35 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:07:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:07:20 +0100 (CET) Subject: SUSE-CU-2024:1157-1: Security update of suse/pcp Message-ID: <20240329080720.83AE3F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1157-1 Container Tags : suse/pcp:5 , suse/pcp:5-22.70 , suse/pcp:5.2 , suse/pcp:5.2-22.70 , suse/pcp:5.2.5 , suse/pcp:5.2.5-22.70 , suse/pcp:latest Container Release : 22.70 Severity : important Type : security References : 1216594 1216598 1221218 CVE-2023-38469 CVE-2023-38471 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1014-1 Released: Wed Mar 27 18:33:55 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216594,1216598,CVE-2023-38469,CVE-2023-38471 This update for avahi fixes the following issues: - CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594). - CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) The following package changes have been done: - sed-4.4-150300.13.3.1 updated - libavahi-common3-0.8-150400.7.16.1 updated - libavahi-client3-0.8-150400.7.16.1 updated - container:bci-bci-init-15.5-15.5-15.1 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:08:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:08:00 +0100 (CET) Subject: SUSE-CU-2024:1138-1: Security update of bci/python Message-ID: <20240329080800.68C7BF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1138-1 Container Tags : bci/python:3 , bci/python:3-17.31 , bci/python:3.11 , bci/python:3.11-17.31 , bci/python:latest Container Release : 17.31 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:08:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:08:16 +0100 (CET) Subject: SUSE-CU-2024:1161-1: Security update of bci/python Message-ID: <20240329080816.C693CF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1161-1 Container Tags : bci/python:3 , bci/python:3-18.32 , bci/python:3.6 , bci/python:3.6-18.32 Container Release : 18.32 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:08:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:08:20 +0100 (CET) Subject: SUSE-CU-2024:1162-1: Security update of suse/rmt-mariadb-client Message-ID: <20240329080820.3D0D1F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1162-1 Container Tags : suse/mariadb-client:10.6 , suse/mariadb-client:10.6-15.29 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.6 , suse/rmt-mariadb-client:10.6-15.29 , suse/rmt-mariadb-client:latest Container Release : 15.29 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:08:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:08:24 +0100 (CET) Subject: SUSE-CU-2024:1164-1: Security update of suse/rmt-mariadb Message-ID: <20240329080824.D4EE6F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1164-1 Container Tags : suse/mariadb:10.6 , suse/mariadb:10.6-20.2 , suse/mariadb:latest , suse/rmt-mariadb:10.6 , suse/rmt-mariadb:10.6-20.2 , suse/rmt-mariadb:latest Container Release : 20.2 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:08:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:08:35 +0100 (CET) Subject: SUSE-CU-2024:1166-1: Security update of suse/rmt-server Message-ID: <20240329080835.692D0F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1166-1 Container Tags : suse/rmt-server:2.15 , suse/rmt-server:2.15-15.31 , suse/rmt-server:latest Container Release : 15.31 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:08:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:08:52 +0100 (CET) Subject: SUSE-CU-2024:1167-1: Security update of bci/ruby Message-ID: <20240329080852.9B6D9F7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1167-1 Container Tags : bci/ruby:2 , bci/ruby:2-16.30 , bci/ruby:2.5 , bci/ruby:2.5-16.30 , bci/ruby:latest Container Release : 16.30 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:09:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:09:09 +0100 (CET) Subject: SUSE-CU-2024:1169-1: Security update of bci/rust Message-ID: <20240329080909.6B53EF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1169-1 Container Tags : bci/rust:1.75 , bci/rust:1.75-2.2.18 , bci/rust:oldstable , bci/rust:oldstable-2.2.18 Container Release : 2.18 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:09:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:09:25 +0100 (CET) Subject: SUSE-CU-2024:1170-1: Security update of bci/rust Message-ID: <20240329080925.D4F2DF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1170-1 Container Tags : bci/rust:1.76 , bci/rust:1.76-1.2.18 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.18 Container Release : 2.18 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:09:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:09:32 +0100 (CET) Subject: SUSE-CU-2024:1172-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240329080932.6750EF7A4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1172-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.7.12 , bci/bci-sle15-kernel-module-devel:latest Container Release : 7.12 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated - container:sles15-image-15.0.0-36.11.16 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:09:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:09:46 +0100 (CET) Subject: SUSE-CU-2024:1173-1: Security update of suse/sle15 Message-ID: <20240329080946.3620CF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1173-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.16 , suse/sle15:15.5 , suse/sle15:15.5.36.11.16 Container Release : 36.11.16 Severity : important Type : security References : 1220770 1220771 1220772 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). The following package changes have been done: - krb5-1.20.1-150500.3.6.1 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:09:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:09:46 +0100 (CET) Subject: SUSE-CU-2024:1174-1: Recommended update of suse/sle15 Message-ID: <20240329080946.99FE9F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1174-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.17 , suse/sle15:15.5 , suse/sle15:15.5.36.11.17 Container Release : 36.11.17 Severity : important Type : recommended References : 1221218 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) The following package changes have been done: - sed-4.4-150300.13.3.1 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:09:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:09:48 +0100 (CET) Subject: SUSE-CU-2024:1176-1: Recommended update of suse/sles/15.6/cdi-apiserver Message-ID: <20240329080948.92DFFF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1176-1 Container Tags : suse/sles/15.6/cdi-apiserver:1.58.0 , suse/sles/15.6/cdi-apiserver:1.58.0-150600.1.41 , suse/sles/15.6/cdi-apiserver:1.58.0.22.300 Container Release : 22.300 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.38-150600.7.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - containerized-data-importer-api-1.58.0-150600.1.41 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:09:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:09:49 +0100 (CET) Subject: SUSE-CU-2024:1177-1: Recommended update of suse/sles/15.6/cdi-cloner Message-ID: <20240329080949.88D3BF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1177-1 Container Tags : suse/sles/15.6/cdi-cloner:1.58.0 , suse/sles/15.6/cdi-cloner:1.58.0-150600.1.41 , suse/sles/15.6/cdi-cloner:1.58.0.23.303 Container Release : 23.303 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - libldap-data-2.4.46-150600.23.8 updated - libssh-config-0.9.8-150600.8.3 updated - glibc-2.38-150600.7.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - libldap-2_4-2-2.4.46-150600.23.8 updated - libssh4-0.9.8-150600.8.3 updated - containerized-data-importer-cloner-1.58.0-150600.1.41 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:09:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:09:50 +0100 (CET) Subject: SUSE-CU-2024:1178-1: Recommended update of suse/sles/15.6/cdi-controller Message-ID: <20240329080950.7FB54F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1178-1 Container Tags : suse/sles/15.6/cdi-controller:1.58.0 , suse/sles/15.6/cdi-controller:1.58.0-150600.1.41 , suse/sles/15.6/cdi-controller:1.58.0.22.300 Container Release : 22.300 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.38-150600.7.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - containerized-data-importer-controller-1.58.0-150600.1.41 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:09:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:09:51 +0100 (CET) Subject: SUSE-CU-2024:1179-1: Recommended update of suse/sles/15.6/cdi-importer Message-ID: <20240329080951.5B7E8F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1179-1 Container Tags : suse/sles/15.6/cdi-importer:1.58.0 , suse/sles/15.6/cdi-importer:1.58.0-150600.1.41 , suse/sles/15.6/cdi-importer:1.58.0.23.373 Container Release : 23.373 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - libldap-data-2.4.46-150600.23.8 updated - libssh-config-0.9.8-150600.8.3 updated - glibc-2.38-150600.7.1 updated - libgcrypt20-1.10.3-150600.1.11 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - libldap-2_4-2-2.4.46-150600.23.8 updated - libssh4-0.9.8-150600.8.3 updated - libnettle8-3.9.1-150600.1.35 updated - libhogweed6-3.9.1-150600.1.35 updated - libgnutls30-3.8.3-150600.1.19 updated - qemu-img-8.2.1-150600.3.15 updated - libnbd0-1.18.1-150600.16.4 updated - containerized-data-importer-importer-1.58.0-150600.1.41 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Fri Mar 29 08:09:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Mar 2024 09:09:52 +0100 (CET) Subject: SUSE-CU-2024:1180-1: Recommended update of suse/sles/15.6/cdi-operator Message-ID: <20240329080952.354C3F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1180-1 Container Tags : suse/sles/15.6/cdi-operator:1.58.0 , suse/sles/15.6/cdi-operator:1.58.0-150600.1.41 , suse/sles/15.6/cdi-operator:1.58.0.22.300 Container Release : 22.300 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.38-150600.7.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - containerized-data-importer-operator-1.58.0-150600.1.41 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Sat Mar 30 08:01:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 30 Mar 2024 09:01:48 +0100 (CET) Subject: SUSE-CU-2024:1180-1: Recommended update of suse/sles/15.6/cdi-operator Message-ID: <20240330080148.110C0F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1180-1 Container Tags : suse/sles/15.6/cdi-operator:1.58.0 , suse/sles/15.6/cdi-operator:1.58.0-150600.1.41 , suse/sles/15.6/cdi-operator:1.58.0.22.300 Container Release : 22.300 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.38-150600.7.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - containerized-data-importer-operator-1.58.0-150600.1.41 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Sat Mar 30 08:01:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 30 Mar 2024 09:01:49 +0100 (CET) Subject: SUSE-CU-2024:1182-1: Recommended update of suse/sles/15.6/cdi-uploadproxy Message-ID: <20240330080149.1F26DF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1182-1 Container Tags : suse/sles/15.6/cdi-uploadproxy:1.58.0 , suse/sles/15.6/cdi-uploadproxy:1.58.0-150600.1.41 , suse/sles/15.6/cdi-uploadproxy:1.58.0.22.301 Container Release : 22.301 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.38-150600.7.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - containerized-data-importer-uploadproxy-1.58.0-150600.1.41 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Sat Mar 30 08:01:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 30 Mar 2024 09:01:50 +0100 (CET) Subject: SUSE-CU-2024:1183-1: Recommended update of suse/sles/15.6/cdi-uploadserver Message-ID: <20240330080150.2AAE8F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1183-1 Container Tags : suse/sles/15.6/cdi-uploadserver:1.58.0 , suse/sles/15.6/cdi-uploadserver:1.58.0-150600.1.41 , suse/sles/15.6/cdi-uploadserver:1.58.0.23.307 Container Release : 23.307 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - libldap-data-2.4.46-150600.23.8 updated - libssh-config-0.9.8-150600.8.3 updated - glibc-2.38-150600.7.1 updated - libgcrypt20-1.10.3-150600.1.11 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - libldap-2_4-2-2.4.46-150600.23.8 updated - libssh4-0.9.8-150600.8.3 updated - libnettle8-3.9.1-150600.1.35 updated - libhogweed6-3.9.1-150600.1.35 updated - libgnutls30-3.8.3-150600.1.19 updated - qemu-img-8.2.1-150600.3.15 updated - libnbd0-1.18.1-150600.16.4 updated - libnbd-1.18.1-150600.16.4 updated - containerized-data-importer-uploadserver-1.58.0-150600.1.41 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Sat Mar 30 08:01:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 30 Mar 2024 09:01:59 +0100 (CET) Subject: SUSE-CU-2024:1194-1: Recommended update of suse/sles/15.6/virt-api Message-ID: <20240330080159.6E656F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1194-1 Container Tags : suse/sles/15.6/virt-api:1.1.1 , suse/sles/15.6/virt-api:1.1.1-150600.1.27 , suse/sles/15.6/virt-api:1.1.1.22.317 Container Release : 22.317 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.38-150600.7.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - kubevirt-virt-api-1.1.1-150600.1.27 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Sat Mar 30 08:02:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 30 Mar 2024 09:02:00 +0100 (CET) Subject: SUSE-CU-2024:1195-1: Recommended update of suse/sles/15.6/virt-controller Message-ID: <20240330080200.C1E56F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1195-1 Container Tags : suse/sles/15.6/virt-controller:1.1.1 , suse/sles/15.6/virt-controller:1.1.1-150600.1.27 , suse/sles/15.6/virt-controller:1.1.1.22.316 Container Release : 22.316 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.38-150600.7.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - kubevirt-virt-controller-1.1.1-150600.1.27 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Sat Mar 30 08:02:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 30 Mar 2024 09:02:02 +0100 (CET) Subject: SUSE-CU-2024:1196-1: Recommended update of suse/sles/15.6/virt-exportproxy Message-ID: <20240330080202.21A67F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1196-1 Container Tags : suse/sles/15.6/virt-exportproxy:1.1.1 , suse/sles/15.6/virt-exportproxy:1.1.1-150600.1.27 , suse/sles/15.6/virt-exportproxy:1.1.1.6.317 Container Release : 6.317 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.38-150600.7.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - kubevirt-virt-exportproxy-1.1.1-150600.1.27 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Sat Mar 30 08:02:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 30 Mar 2024 09:02:03 +0100 (CET) Subject: SUSE-CU-2024:1197-1: Recommended update of suse/sles/15.6/virt-exportserver Message-ID: <20240330080203.7C3F2F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1197-1 Container Tags : suse/sles/15.6/virt-exportserver:1.1.1 , suse/sles/15.6/virt-exportserver:1.1.1-150600.1.27 , suse/sles/15.6/virt-exportserver:1.1.1.7.318 Container Release : 7.318 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.38-150600.7.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - kubevirt-virt-exportserver-1.1.1-150600.1.27 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Sat Mar 30 08:02:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 30 Mar 2024 09:02:04 +0100 (CET) Subject: SUSE-CU-2024:1198-1: Recommended update of suse/sles/15.6/virt-handler Message-ID: <20240330080204.E2EA4F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1198-1 Container Tags : suse/sles/15.6/virt-handler:1.1.1 , suse/sles/15.6/virt-handler:1.1.1-150600.1.27 , suse/sles/15.6/virt-handler:1.1.1.24.375 Container Release : 24.375 Severity : moderate Type : recommended References : 1215377 1218232 ----------------------------------------------------------------- The container suse/sles/15.6/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - libldap-data-2.4.46-150600.23.8 updated - libssh-config-0.9.8-150600.8.3 updated - glibc-2.38-150600.7.1 updated - libgcrypt20-1.10.3-150600.1.11 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libudev1-254.9-150600.2.14 updated - libsystemd0-254.9-150600.2.14 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - libldap-2_4-2-2.4.46-150600.23.8 updated - libssh4-0.9.8-150600.8.3 updated - sles-release-15.6-150600.28.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - kubevirt-container-disk-1.1.1-150600.1.27 updated - kubevirt-virt-handler-1.1.1-150600.1.27 updated - libapparmor1-3.1.7-150600.3.1 updated - libnettle8-3.9.1-150600.1.35 updated - libhogweed6-3.9.1-150600.1.35 updated - libgnutls30-3.8.3-150600.1.19 updated - systemd-254.9-150600.2.14 updated - qemu-img-8.2.1-150600.3.15 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Sat Mar 30 08:02:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 30 Mar 2024 09:02:06 +0100 (CET) Subject: SUSE-CU-2024:1199-1: Recommended update of suse/sles/15.6/virt-launcher Message-ID: <20240330080206.5DC94F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1199-1 Container Tags : suse/sles/15.6/virt-launcher:1.1.1 , suse/sles/15.6/virt-launcher:1.1.1-150600.1.27 , suse/sles/15.6/virt-launcher:1.1.1.27.5 Container Release : 27.5 Severity : moderate Type : recommended References : 1215377 1218232 ----------------------------------------------------------------- The container suse/sles/15.6/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - libldap-data-2.4.46-150600.23.8 updated - libssh-config-0.9.8-150600.8.3 updated - glibc-2.38-150600.7.1 updated - libgcrypt20-1.10.3-150600.1.11 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libudev1-254.9-150600.2.14 updated - libsystemd0-254.9-150600.2.14 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - libldap-2_4-2-2.4.46-150600.23.8 updated - libssh4-0.9.8-150600.8.3 updated - sles-release-15.6-150600.28.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - kubevirt-container-disk-1.1.1-150600.1.27 updated - libapparmor1-3.1.7-150600.3.1 updated - libjpeg8-8.2.2-150600.22.4 updated - libjson-c5-0.16-150600.1.4 updated - libnettle8-3.9.1-150600.1.35 updated - qemu-accel-tcg-x86-8.2.1-150600.3.15 updated - qemu-ipxe-8.2.1-150600.3.15 updated - qemu-seabios-8.2.11.16.3_3_ga95067eb-150600.3.15 updated - qemu-vgabios-8.2.11.16.3_3_ga95067eb-150600.3.15 updated - libhogweed6-3.9.1-150600.1.35 updated - qemu-hw-usb-redirect-8.2.1-150600.3.15 updated - libgnutls30-3.8.3-150600.1.19 updated - xen-libs-4.18.0_06-150600.1.13 updated - systemd-254.9-150600.2.14 updated - qemu-img-8.2.1-150600.3.15 updated - libvirt-libs-10.0.0-150600.5.1 updated - gnutls-3.8.3-150600.1.19 updated - udev-254.9-150600.2.14 updated - systemd-container-254.9-150600.2.14 updated - libvirt-daemon-log-10.0.0-150600.5.1 updated - kubevirt-virt-launcher-1.1.1-150600.1.27 updated - libvirt-client-10.0.0-150600.5.1 updated - rdma-core-49.1-150600.2.4 updated - libvirt-daemon-common-10.0.0-150600.5.1 updated - libibverbs1-49.1-150600.2.4 updated - libmlx5-1-49.1-150600.2.4 updated - libmlx4-1-49.1-150600.2.4 updated - libmana1-49.1-150600.2.4 updated - libefa1-49.1-150600.2.4 updated - libibverbs-49.1-150600.2.4 updated - librdmacm1-49.1-150600.2.4 updated - qemu-ovmf-x86_64-202308-150600.2.1 updated - qemu-x86-8.2.1-150600.3.15 updated - qemu-8.2.1-150600.3.15 updated - libvirt-daemon-driver-qemu-10.0.0-150600.5.1 updated - container:sles15-image-15.0.0-44.71 updated - augeas-1.14.1-150600.1.2 removed - augeas-lenses-1.14.1-150600.1.2 removed From sle-container-updates at lists.suse.com Sat Mar 30 08:02:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 30 Mar 2024 09:02:07 +0100 (CET) Subject: SUSE-CU-2024:1200-1: Security update of suse/sles/15.6/libguestfs-tools Message-ID: <20240330080207.8DAE7F7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1200-1 Container Tags : suse/sles/15.6/libguestfs-tools:1.1.1 , suse/sles/15.6/libguestfs-tools:1.1.1-150600.1.27 , suse/sles/15.6/libguestfs-tools:1.1.1.23.271 Container Release : 23.271 Severity : important Type : security References : 1214691 1215377 1216296 1218232 1219666 CVE-2022-48566 CVE-2023-6597 ----------------------------------------------------------------- The container suse/sles/15.6/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4973-1 Released: Tue Dec 26 04:44:10 2023 Summary: Recommended update for duktape Type: recommended Severity: moderate References: 1216296 This update of duktape fixes the following issue: - duktape-devel is shipped to Basesystem module (bsc#1216296). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:637-1 Released: Tue Feb 27 10:06:55 2024 Summary: Recommended update for duktape Type: recommended Severity: moderate References: This update for duktape fixes the following issues: - Ship libduktape206-32bit: needed by libproxy since version 0.5. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - libldap-data-2.4.46-150600.23.8 updated - libssh-config-0.9.8-150600.8.3 updated - glibc-2.38-150600.7.1 updated - libgcrypt20-1.10.3-150600.1.11 updated - libduktape206-2.6.0-150500.4.5.1 added - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libudev1-254.9-150600.2.14 updated - libsystemd0-254.9-150600.2.14 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - libldap-2_4-2-2.4.46-150600.23.8 updated - libssh4-0.9.8-150600.8.3 updated - sles-release-15.6-150600.28.2 updated - libgpgme11-1.23.0-150600.1.27 updated - libpxbackend-1_0-0.5.3-150600.1.1 added - libproxy1-0.5.3-150600.1.1 updated - libzypp-17.31.31-150600.8.6 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - libguestfs-1.52.0-150600.1.14 updated - libguestfs-winsupport-1.52.0-150600.1.14 updated - libapparmor1-3.1.7-150600.3.1 updated - libhivex0-1.3.23-150600.1.4 updated - libjpeg8-8.2.2-150600.22.4 updated - libjson-c5-0.16-150600.1.4 updated - libkcapi-tools-0.13.0-150600.15.15 updated - libnettle8-3.9.1-150600.1.35 updated - mdadm-4.3-150600.1.14 updated - qemu-accel-tcg-x86-8.2.1-150600.3.15 updated - qemu-ipxe-8.2.1-150600.3.15 updated - qemu-seabios-8.2.11.16.3_3_ga95067eb-150600.3.15 updated - qemu-vgabios-8.2.11.16.3_3_ga95067eb-150600.3.15 updated - libopenssl1_1-1.1.1w-150600.2.1 updated - libhogweed6-3.9.1-150600.1.35 updated - python3-base-3.6.15-150300.10.57.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - libgnutls30-3.8.3-150600.1.19 updated - xen-libs-4.18.0_06-150600.1.13 updated - systemd-254.9-150600.2.14 updated - qemu-pr-helper-8.2.1-150600.3.15 updated - qemu-img-8.2.1-150600.3.15 updated - libvirt-libs-10.0.0-150600.5.1 updated - glib-networking-2.78.0-150600.1.3 updated - qemu-tools-8.2.1-150600.3.15 updated - libsoup-3_0-0-3.4.4-150600.1.3 added - wicked-0.6.74-150600.8.1 updated - wicked-service-0.6.74-150600.8.1 updated - libosinfo-1_0-0-1.11.0-150600.2.1 updated - libosinfo-1.11.0-150600.2.1 updated - udev-254.9-150600.2.14 updated - dracut-059+suse.515.g83296e6f-150600.1.1 updated - supermin-5.3.3-150600.1.5 updated - rdma-core-49.1-150600.2.4 updated - dracut-fips-059+suse.515.g83296e6f-150600.1.1 updated - libibverbs1-49.1-150600.2.4 updated - libmlx5-1-49.1-150600.2.4 updated - libmlx4-1-49.1-150600.2.4 updated - libmana1-49.1-150600.2.4 updated - libefa1-49.1-150600.2.4 updated - libibverbs-49.1-150600.2.4 updated - librdmacm1-49.1-150600.2.4 updated - qemu-x86-8.2.1-150600.3.15 updated - qemu-8.2.1-150600.3.15 updated - qemu-ovmf-x86_64-202308-150600.2.1 updated - libguestfs0-1.52.0-150600.1.14 updated - libguestfs-devel-1.52.0-150600.1.14 updated - libguestfs-appliance-1.52.0-150600.1.14 updated - guestfs-tools-1.52.0-150600.1.9 updated - container:sles15-image-15.0.0-44.71 updated - libsoup-2_4-1-2.74.3-150600.2.2 removed From sle-container-updates at lists.suse.com Sat Mar 30 08:02:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 30 Mar 2024 09:02:08 +0100 (CET) Subject: SUSE-CU-2024:1201-1: Recommended update of suse/sles/15.6/virt-operator Message-ID: <20240330080208.D767BF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1201-1 Container Tags : suse/sles/15.6/virt-operator:1.1.1 , suse/sles/15.6/virt-operator:1.1.1-150600.1.27 , suse/sles/15.6/virt-operator:1.1.1.22.317 Container Release : 22.317 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.38-150600.7.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - kubevirt-virt-operator-1.1.1-150600.1.27 updated - container:sles15-image-15.0.0-44.71 updated From sle-container-updates at lists.suse.com Sat Mar 30 08:02:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 30 Mar 2024 09:02:10 +0100 (CET) Subject: SUSE-CU-2024:1202-1: Recommended update of suse/sles/15.6/pr-helper Message-ID: <20240330080210.423BCF7A4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/pr-helper ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1202-1 Container Tags : suse/sles/15.6/pr-helper:1.1.1 , suse/sles/15.6/pr-helper:1.1.1-150600.1.27 , suse/sles/15.6/pr-helper:1.1.1.16.398 Container Release : 16.398 Severity : moderate Type : recommended References : 1215377 ----------------------------------------------------------------- The container suse/sles/15.6/pr-helper was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) The following package changes have been done: - glibc-2.38-150600.7.1 updated - libgcrypt20-1.10.3-150600.1.11 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.5 updated - libudev1-254.9-150600.2.14 updated - libsystemd0-254.9-150600.2.14 updated - libopenssl-3-fips-provider-3.1.4-150600.2.5 updated - kubevirt-pr-helper-conf-1.1.1-150600.1.27 updated - libnettle8-3.9.1-150600.1.35 updated - libhogweed6-3.9.1-150600.1.35 updated - libgnutls30-3.8.3-150600.1.19 updated - qemu-pr-helper-8.2.1-150600.3.15 updated - container:sles15-image-15.0.0-44.71 updated