SUSE-CU-2024:2290-1: Security update of suse/manager/5.0/x86_64/server
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed May 29 16:14:01 UTC 2024
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:2290-1
Container Tags : suse/manager/5.0/x86_64/server:5.0.0-rc , suse/manager/5.0/x86_64/server:5.0.0-rc.4.56 , suse/manager/5.0/x86_64/server:latest
Container Release : 4.56
Severity : important
Type : security
References : 1024309 1082216 1082233 1125306 1159006 1175678 1178882 1178882
1188500 1188881 1189495 1190225 1191175 1198101 1201684 1201685
1201692 1201694 1202647 1203476 1204468 1204472 1204473 1204475
1204480 1205588 1205855 1205916 1205916 1206549 1207246 1207248
1207922 1208067 1209333 1210382 1210392 1210628 1210631 1210632
1210634 1210635 1210636 1210637 1211259 1211604 1211605 1211606
1211607 1211649 1211679 1211721 1211888 1213470 1213470 1213473
1213474 1213475 1213479 1213481 1213482 1213638 1213945 1214076
1214790 1215098 1215099 1215100 1215101 1215102 1215103 1215520
1216339 1216374 1216850 1218171 1218482 1218686 1218903 1218905
1218907 1218908 1218909 1218911 1219001 1219460 1219662 1219912
1220279 1220763 1221184 1221361 1221385 1221386 1221407 1221525
1221632 1222086 1222155 1222547 1222842 1222979 1222979 1222983
1222983 1222984 1222986 1222986 1222987 1222987 1223694 CVE-2018-6798
CVE-2018-6913 CVE-2020-8277 CVE-2021-3521 CVE-2021-3672 CVE-2022-21540
CVE-2022-21541 CVE-2022-21549 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624
CVE-2022-21628 CVE-2022-28737 CVE-2022-34169 CVE-2022-39399 CVE-2022-4904
CVE-2023-21835 CVE-2023-21843 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938
CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-22006
CVE-2023-22025 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045
CVE-2023-22049 CVE-2023-22081 CVE-2023-25193 CVE-2023-31124 CVE-2023-31130
CVE-2023-31147 CVE-2023-32067 CVE-2023-40546 CVE-2023-40547 CVE-2023-40548
CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 CVE-2023-6152 CVE-2024-1313
CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20932 CVE-2024-20945
CVE-2024-20952 CVE-2024-21011 CVE-2024-21011 CVE-2024-21012 CVE-2024-21012
CVE-2024-21068 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 CVE-2024-21094
CVE-2024-23672 CVE-2024-24549 CVE-2024-25629 CVE-2024-3651
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:314-1
Released: Tue Feb 4 14:13:27 2020
Summary: Recommended update for gssproxy
Type: recommended
Severity: moderate
References: 1024309
This update for gssproxy fixes the following issues:
- Fix paths in tests and replace python's f-string usage
- Initial check-in of gssproxy is needed on the NFS server if krb5 is used for NFS authentication using an AD directory server. (bsc#1024309)(FATE#322526)
- 'krb5' may need 'auth_to_local = RULE:[1:$1@$0]' on the 'realms' section when 'winbind' is used for nsswitch.conf. (bsc#1024309)(FATE#322526)
Also ding-libs was updated from 0.6.0 to 0.6.1 (jsc#ECO-248):
- libini now supports validators that check for well-formed INI files.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:521-1
Released: Thu Feb 27 18:08:56 2020
Summary: Recommended update for c-ares
Type: recommended
Severity: moderate
References: 1125306,1159006
This update for c-ares fixes the following issues:
c-ares version update to 1.15.0:
* Add ares_init_options() configurability for path to resolv.conf file
* Ability to exclude building of tools (adig, ahost, acountry) in CMake
* Report ARES_ENOTFOUND for .onion domain names as per RFC7686
(bsc#1125306)
* Apply the IPv6 server blacklist to all nameserver sources
* Prevent changing name servers while queries are outstanding
* ares_set_servers_csv() on failure should not leave channel in a
bad state
* getaddrinfo - avoid infinite loop in case of NXDOMAIN
* ares_getenv - return NULL in all cases
* implement ares_getaddrinfo
- Fixed a regression in DNS results that contain both A and AAAA answers.
- Add netcfg as the build requirement and runtime requirement.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3478-1
Released: Mon Nov 23 09:33:17 2020
Summary: Security update for c-ares
Type: security
Severity: moderate
References: 1178882,CVE-2020-8277
This update for c-ares fixes the following issues:
- Version update to 1.17.0
* CVE-2020-8277: Fixed a Denial of Service through DNS request (bsc#1178882)
* For further details see https://c-ares.haxx.se/changelog.html
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3616-1
Released: Thu Dec 3 10:56:12 2020
Summary: Recommended update for c-ares
Type: recommended
Severity: moderate
References: 1178882
- Fixed incomplete c-ares-devel dependencies introduced by the privous update (bsc#1178882).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2760-1
Released: Tue Aug 17 17:11:14 2021
Summary: Security update for c-ares
Type: security
Severity: important
References: 1188881,CVE-2021-3672
This update for c-ares fixes the following issues:
Version update to git snapshot 1.17.1+20200724:
- CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881)
- If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash
- Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response
- Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing
- Use unbuffered /dev/urandom for random data to prevent early startup performance issues
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3022-1
Released: Mon Sep 13 10:48:16 2021
Summary: Recommended update for c-ares
Type: recommended
Severity: important
References: 1190225
This update for c-ares fixes the following issue:
- Allow '_' as part of DNS response. (bsc#1190225)
- 'c-ares' 1.17.2 introduced response validation to prevent a security issue, however it was not listing '_' as a
valid character for domain name responses which caused issues when a 'CNAME' referenced a 'SRV' record which
contained underscores.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2660-1
Released: Wed Aug 3 21:06:01 2022
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1201684,1201685,1201692,1201694,CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-34169
This update for java-17-openjdk fixes the following issues:
Update to upstream tag jdk-17.0.4+8 (July 2022 CPU)
- CVE-2022-21540: Improve class compilation (bsc#1201694)
- CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692)
- CVE-2022-34169: Improve Xalan supports (bsc#1201684)
- CVE-2022-21549: java.util.random does not correctly sample exponential or Gaussian distributions (bsc#1201685)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3822-1
Released: Mon Oct 31 23:53:38 2022
Summary: Recommended update for adcli
Type: recommended
Severity: moderate
References: 1202647
This update for adcli fixes the following issues:
- Remove errx() calls on error conditions to execute the cleanup
function and delete the krb5 snippets created in /tmp (bsc#1202647)
- Set umask before calling mkdtemp (bsc#1202647)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4079-1
Released: Fri Nov 18 15:36:28 2022
Summary: Security update for java-17-openjdk
Type: security
Severity: moderate
References: 1203476,1204468,1204472,1204473,1204475,1204480,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21628,CVE-2022-39399
This update for java-17-openjdk fixes the following issues:
- Update to jdk-17.0.5+8 (October 2022 CPU)
- CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480)
- CVE-2022-21628: Better HttpServer service (bsc#1204472)
- CVE-2022-21624: Enhance icon presentations (bsc#1204475)
- CVE-2022-21619: Improve NTLM support (bsc#1204473)
- CVE-2022-21618: Wider MultiByte (bsc#1204468)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:297-1
Released: Tue Feb 7 13:17:47 2023
Summary: Recommended update for java-17-openjdk
Type: recommended
Severity: moderate
References: 1205916
This update for java-17-openjdk fixes the following issues:
- Modified patches:
Revert fips patch to a version used with 17.0.4.0 (bsc#1205916)
Apply nss-security-provider patch after the fips patch, thus rediff the hunk to changed context.
- Fix jconsole.desktop icon
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:435-1
Released: Thu Feb 16 11:06:29 2023
Summary: Security update for java-17-openjdk
Type: security
Severity: moderate
References: 1205916,1207246,1207248,CVE-2023-21835,CVE-2023-21843
This update for java-17-openjdk fixes the following issues:
Updated to version jdk-17.0.6.0+10:
- CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246).
- CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).
Bugfixes:
- Avoid calling C_GetInfo() too early, before cryptoki is initialized (bsc#1205916).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:486-1
Released: Thu Feb 23 10:38:13 2023
Summary: Security update for c-ares
Type: security
Severity: important
References: 1208067,CVE-2022-4904
This update for c-ares fixes the following issues:
Updated to version 1.19.0:
- CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1632-1
Released: Tue Mar 28 12:53:57 2023
Summary: Recommended update for java-17-openjdk
Type: recommended
Severity: important
References: 1206549
This update for java-17-openjdk fixes the following issues:
- Remove the accessibility RPM sub-package because it causes problems (bsc#1206549)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2110-1
Released: Fri May 5 14:10:21 2023
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1209333,1210628,1210631,1210632,1210634,1210635,1210636,1210637,CVE-2023-21930,CVE-2023-21937,CVE-2023-21938,CVE-2023-21939,CVE-2023-21954,CVE-2023-21967,CVE-2023-21968
This update for java-17-openjdk fixes the following issues:
Update to upstrem tag jdk-17.0.7+7 (April 2023 CPU)
Security fixes:
- CVE-2023-21930: Fixed AES support (bsc#1210628).
- CVE-2023-21937: Fixed String platform support (bsc#1210631).
- CVE-2023-21938: Fixed runtime support (bsc#1210632).
- CVE-2023-21939: Fixed Swing platform support (bsc#1210634).
- CVE-2023-21954: Fixed object reclamation process (bsc#1210635).
- CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636).
- CVE-2023-21968: Fixed path handling (bsc#1210637).
Other fixes:
- Fixed socket setTrafficClass not working for IPv4 connections when IPv6 is enabled (bsc#1209333).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2313-1
Released: Tue May 30 09:29:25 2023
Summary: Security update for c-ares
Type: security
Severity: important
References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067
This update for c-ares fixes the following issues:
Update to version 1.19.1:
- CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604)
- CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605)
- CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606)
- CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607)
- Fix uninitialized memory warning in test
- ares_getaddrinfo() should allow a port of 0
- Fix memory leak in ares_send() on error
- Fix comment style in ares_data.h
- Fix typo in ares_init_options.3
- Sync ax_pthread.m4 with upstream
- Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2340-1
Released: Thu Jun 1 09:46:52 2023
Summary: Recommended update for java-17-openjdk
Type: recommended
Severity: moderate
References: 1210392,1211259
This update for java-17-openjdk fixes the following issues:
- In SSLSessionImpl, interpret length of SNIServerName as an unsigned byte so that it can have length up to 255 rather
than 127 (SG#65673, bsc#1210392)
- Do not install separate nss.fips.cfg file, since there is now one in the tree and the install happens automatically
- Enable system property file by default, without which the FIPS mode would never get enabled (bsc#1211259)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2825-1
Released: Fri Jul 14 11:21:46 2023
Summary: Recommended update for java-17-openjdk
Type: recommended
Severity: moderate
References: 1211679
This update for java-17-openjdk fixes the following issues:
- Bring back our nss.fips.cfg file, as the variable expansion
in the upstream file does not work (bsc#1211679)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3023-1
Released: Fri Jul 28 21:59:48 2023
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1207922,1213473,1213474,1213475,1213479,1213481,1213482,CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193
This update for java-17-openjdk fixes the following issues:
Updated to version jdk-17.0.8+7 (July 2023 CPU):
- CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473).
- CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474).
- CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475).
- CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479).
- CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481).
- CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482).
- CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922).
- JDK-8294323: Improve Shared Class Data
- JDK-8296565: Enhanced archival support
- JDK-8298676, JDK-8300891: Enhanced Look and Feel
- JDK-8300285: Enhance TLS data handling
- JDK-8300596: Enhance Jar Signature validation
- JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1
- JDK-8302475: Enhance HTTP client file downloading
- JDK-8302483: Enhance ZIP performance
- JDK-8303376: Better launching of JDI
- JDK-8304460: Improve array usages
- JDK-8304468: Better array usages
- JDK-8305312: Enhanced path handling
- JDK-8308682: Enhance AES performance
Bugfixes:
- JDK-8178806: Better exception logging in crypto code
- JDK-8201516: DebugNonSafepoints generates incorrect
information
- JDK-8224768: Test ActalisCA.java fails
- JDK-8227060: Optimize safepoint cleanup subtask order
- JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java
fails with AssertionError
- JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel
- JDK-8244976: vmTestbase/nsk/jdi/Event/request/request001.java
doesn' initialize eName
- JDK-8245877: assert(_value != __null) failed: resolving NULL
_value in JvmtiExport::post_compiled_method_load
- JDK-8248001: javadoc generates invalid HTML pages whose
ftp:// links are broken
- JDK-8252990: Intrinsify Unsafe.storeStoreFence
- JDK-8254711: Add java.security.Provider.getService JFR Event
- JDK-8257856: Make ClassFileVersionsTest.java robust to JDK
version updates
- JDK-8261495: Shenandoah: reconsider update references memory
ordering
- JDK-8268288: jdk/jfr/api/consumer/streaming/
/TestOutOfProcessMigration.java fails with 'Error:
ShouldNotReachHere()'
- JDK-8268298: jdk/jfr/api/consumer/log/TestVerbosity.java
fails: unexpected log message
- JDK-8268582: javadoc throws NPE with --ignore-source-errors
option
- JDK-8269821: Remove is-queue-active check in inner loop of
write_ref_array_pre_work
- JDK-8270434: JDI+UT: Unexpected event in JDI tests
- JDK-8270859: Post JEP 411 refactoring: client libs with
maximum covering > 10K
- JDK-8270869: G1ServiceThread may not terminate
- JDK-8271519: java/awt/event/SequencedEvent/
/MultipleContextsFunctionalTest.java failed with 'Total [200]
- Expected [400]'
- JDK-8273909: vmTestbase/nsk/jdi/Event/request/request001 can
still fail with 'ERROR: new event is not ThreadStartEvent'
- JDK-8274243: Implement fast-path for ASCII-compatible
CharsetEncoders on aarch64
- JDK-8274615: Support relaxed atomic add for linux-aarch64
- JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile
- JDK-8275233: Incorrect line number reported in exception
stack trace thrown from a lambda expression
- JDK-8275287: Relax memory ordering constraints on updating
instance class and array class counters
- JDK-8275721: Name of UTC timezone in a locale changes
depending on previous code
- JDK-8275735: [linux] Remove deprecated Metrics api (kernel
memory limit)
- JDK-8276058: Some swing test fails on specific CI macos system
- JDK-8277407: javax/swing/plaf/synth/SynthButtonUI/6276188/
/bug6276188.java fails to compile after JDK-8276058
- JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java -
add 4357905
- JDK-8278146: G1: Rework VM_G1Concurrent VMOp to clearly
identify it as pause
- JDK-8278434: timeouts in test java/time/test/java/time/
/format/TestZoneTextPrinterParser.java
- JDK-8278834: Error 'Cannot read field 'sym' because
'this.lvar[od]' is null' when compiling
- JDK-8282077: PKCS11 provider C_sign() impl should handle
CKR_BUFFER_TOO_SMALL error
- JDK-8282201: Consider removal of expiry check in
VerifyCACerts.java test
- JDK-8282227: Locale information for nb is not working properly
- JDK-8282704: runtime/Thread/StopAtExit.java may leak memory
- JDK-8283057: Update GCC to version 11.2.0 for Oracle builds
on Linux
- JDK-8283062: Uninitialized warnings in libgtest with GCC 11.2
- JDK-8283520: JFR: Memory leak in dcmd_arena
- JDK-8283566: G1: Improve G1BarrierSet::enqueue performance
- JDK-8284331: Add sanity check for signal handler modification
warning.
- JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java
failed with Default Button not pressed for L&F:
com.sun.java.swing.plaf.motif.MotifLookAndFeel
- JDK-8285987: executing shell scripts without #! fails on
Alpine linux
- JDK-8286191: misc tests fail due to JDK-8285987
- JDK-8286287: Reading file as UTF-16 causes Error which
'shouldn't happen'
- JDK-8286331: jni_GetStringUTFChars() uses wrong heap allocator
- JDK-8286346: 3-parameter version of AllocateHeap should not
ignore AllocFailType
- JDK-8286398: Address possibly lossy conversions in
jdk.internal.le
- JDK-8287007: [cgroups] Consistently use stringStream
throughout parsing code
- JDK-8287246: DSAKeyValue should check for missing params
instead of relying on KeyFactory provider
- JDK-8287541: Files.writeString fails to throw IOException for
charset 'windows-1252'
- JDK-8287854: Dangling reference in ClassVerifier::verify_class
- JDK-8287876: The recently de-problemlisted
TestTitledBorderLeak test is unstable
- JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md
with information on 4th party dependencies
- JDK-8288589: Files.readString ignores encoding errors for
UTF-16
- JDK-8289509: Improve test coverage for XPath Axes:
descendant, descendant-or-self, following, following-sibling
- JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space
- JDK-8289949: Improve test coverage for XPath: operators
- JDK-8290822: C2: assert in PhaseIdealLoop::do_unroll() is
subject to undefined behavior
- JDK-8291226: Create Test Cases to cover scenarios for
JDK-8278067
- JDK-8291637: HttpClient default keep alive timeout not
followed if server sends invalid value
- JDK-8291638: Keep-Alive timeout of 0 should close connection
immediately
- JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage()
is lower than expected
- JDK-8292301: [REDO v2] C2 crash when allocating array of size
too large
- JDK-8292407: Improve Weak CAS VarHandle/Unsafe tests
resilience under spurious failures
- JDK-8292713: Unsafe.allocateInstance should be intrinsified
without UseUnalignedAccesses
- JDK-8292755: Non-default method in interface leads to a stack
overflow in JShell
- JDK-8292990: Improve test coverage for XPath Axes: parent
- JDK-8293295: Add type check asserts to
java_lang_ref_Reference accessors
- JDK-8293492: ShenandoahControlThread missing from hs-err log
and thread dump
- JDK-8293858: Change PKCS7 code to use default SecureRandom
impl instead of SHA1PRNG
- JDK-8293887: AArch64 build failure with GCC 12 due to
maybe-uninitialized warning in libfdlibm k_rem_pio2.c
- JDK-8294183: AArch64: Wrong macro check in
SharedRuntime::generate_deopt_blob
- JDK-8294281: Allow warnings to be disabled on a per-file basis
- JDK-8294673: JFR: Add SecurityProviderService#threshold to
TestActiveSettingEvent.java
- JDK-8294717: (bf) DirectByteBuffer constructor will leak if
allocating Deallocator or Cleaner fails with OOME
- JDK-8294906: Memory leak in PKCS11 NSS TLS server
- JDK-8295564: Norwegian Nynorsk Locale is missing formatting
- JDK-8295974: jni_FatalError and Xcheck:jni warnings should
print the native stack when there are no Java frames
- JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java
fails intermittently on a VM
- JDK-8296318: use-def assert: special case undetected loops
nested in infinite loops
- JDK-8296343: CPVE thrown on missing content-length in OCSP
response
- JDK-8296412: Special case infinite loops with unmerged
backedges in IdealLoopTree::check_safepts
- JDK-8296545: C2 Blackholes should allow load optimizations
- JDK-8296934: Write a test to verify whether Undecorated Frame
can be iconified or not
- JDK-8297000: [jib] Add more friendly warning for proxy issues
- JDK-8297154: Improve safepoint cleanup logging
- JDK-8297450: ScaledTextFieldBorderTest.java fails when run
with -show parameter
- JDK-8297587: Upgrade JLine to 3.22.0
- JDK-8297730: C2: Arraycopy intrinsic throws incorrect
exception
- JDK-8297955: LDAP CertStore should use LdapName and not
String for DNs
- JDK-8298488: [macos13] tools/jpackage tests failing with
'Exit code: 137' on macOS
- JDK-8298887: On the latest macOS+XCode the Robot API may
report wrong colors
- JDK-8299179: ArrayFill with store on backedge needs to reduce
length by 1
- JDK-8299259: C2: Div/Mod nodes without zero check could be
split through iv phi of loop resulting in SIGFPE
- JDK-8299544: Improve performance of CRC32C intrinsics
(non-AVX-512) for small inputs
- JDK-8299570: [JVMCI] Insufficient error handling when
CodeBuffer is exhausted
- JDK-8299959: C2: CmpU::Value must filter overflow computation
against local sub computation
- JDK-8300042: Improve CPU related JFR events descriptions
- JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy
due to constant NULL src argument
- JDK-8300823: UB: Compile::_phase_optimize_finished is
initialized too late
- JDK-8300939: sun/security/provider/certpath/OCSP/
/OCSPNoContentLength.java fails due to network errors
- JDK-8301050: Detect Xen Virtualization on Linux aarch64
- JDK-8301119: Support for GB18030-2022
- JDK-8301123: Enable Symbol refcounting underflow checks in
PRODUCT
- JDK-8301190: [vectorapi] The typeChar of LaneType is
incorrect when default locale is tr
- JDK-8301216: ForkJoinPool invokeAll() ignores timeout
- JDK-8301338: Identical branch conditions in
CompileBroker::print_heapinfo
- JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic
called with negative character argument
- JDK-8301637: ThreadLocalRandom.current().doubles().parallel()
contention
- JDK-8301661: Enhance os::pd_print_cpu_info on macOS and
Windows
- JDK-8302151: BMPImageReader throws an exception reading BMP
images
- JDK-8302172: [JVMCI] HotSpotResolvedJavaMethodImpl.canBeInlined
must respect ForceInline
- JDK-8302320: AsyncGetCallTrace obtains too few frames in
sanity test
- JDK-8302491: NoClassDefFoundError omits the original cause of
an error
- JDK-8302508: Add timestamp to the output TraceCompilerThreads
- JDK-8302594: use-after-free in Node::destruct
- JDK-8302595: use-after-free related to GraphKit::clone_map
- JDK-8302791: Add specific ClassLoader object to Proxy
IllegalArgumentException message
- JDK-8302849: SurfaceManager might expose partially
constructed object
- JDK-8303069: Memory leak in CompilerOracle::parse_from_line
- JDK-8303102: jcmd: ManagementAgent.status truncates the text
longer than O_BUFLEN
- JDK-8303130: Document required Accessibility permissions on
macOS
- JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m
needs CFRelease call in early potential CHECK_NULL return
- JDK-8303433: Bump update version for OpenJDK: jdk-17.0.8
- JDK-8303440: The 'ZonedDateTime.parse' may not accept the
'UTC+XX' zone id
- JDK-8303465: KeyStore of type KeychainStore, provider Apple
does not show all trusted certificates
- JDK-8303476: Add the runtime version in the release file of a
JDK image
- JDK-8303482: Update LCMS to 2.15
- JDK-8303508: Vector.lane() gets wrong value on x86
- JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during
unrolling
- JDK-8303564: C2: 'Bad graph detected in build_loop_late'
after a CMove is wrongly split thru phi
- JDK-8303575: adjust Xen handling on Linux aarch64
- JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs
CFRelease call in early potential CHECK_NULL return
- JDK-8303588: [JVMCI] make JVMCI source directories conform
with standard layout
- JDK-8303809: Dispose context in SPNEGO NegotiatorImpl
- JDK-8303822: gtestMain should give more helpful output
- JDK-8303861: Error handling step timeouts should never be
blocked by OnError and others
- JDK-8303937: Corrupted heap dumps due to missing retries for
os::write()
- JDK-8303949: gcc10 warning Linux ppc64le - note: the layout
of aggregates containing vectors with 8-byte alignment has
changed in GCC 5
- JDK-8304054: Linux: NullPointerException from
FontConfiguration.getVersion in case no fonts are installed
- JDK-8304063: tools/jpackage/share/AppLauncherEnvTest.java
fails when checking LD_LIBRARY_PATH
- JDK-8304134: jib bootstrapper fails to quote filename when
checking download filetype
- JDK-8304291: [AIX] Broken build after JDK-8301998
- JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998
- JDK-8304350: Font.getStringBounds calculates wrong width for
TextAttribute.TRACKING other than 0.0
- JDK-8304671: javac regression: Compilation with --release 8
fails on underscore in enum identifiers
- JDK-8304683: Memory leak in WB_IsMethodCompatible
- JDK-8304760: Add 2 Microsoft TLS roots
- JDK-8304867: Explicitly disable dtrace for ppc builds
- JDK-8304880: [PPC64] VerifyOops code in C1 doesn't work with
ZGC
- JDK-8305088: SIGSEGV in Method::is_method_handle_intrinsic
- JDK-8305113: (tz) Update Timezone Data to 2023c
- JDK-8305400: ISO 4217 Amendment 175 Update
- JDK-8305403: Shenandoah evacuation workers may deadlock
- JDK-8305481: gtest is_first_C_frame failing on ARM
- JDK-8305690: [X86] Do not emit two REX prefixes in
Assembler::prefix
- JDK-8305711: Arm: C2 always enters slowpath for monitorexit
- JDK-8305721: add `make compile-commands` artifacts to
.gitignore
- JDK-8305975: Add TWCA Global Root CA
- JDK-8305993: Add handleSocketErrorWithMessage to extend nio
Net.c exception message
- JDK-8305994: Guarantee eventual async monitor deflation
- JDK-8306072: Open source several AWT MouseInfo related tests
- JDK-8306133: Open source few AWT Drag & Drop related tests
- JDK-8306409: Open source AWT KeyBoardFocusManger,
LightWeightComponent related tests
- JDK-8306432: Open source several AWT Text Component related
tests
- JDK-8306466: Open source more AWT Drag & Drop related tests
- JDK-8306489: Open source AWT List related tests
- JDK-8306543: GHA: MSVC installation is failing
- JDK-8306640: Open source several AWT TextArea related tests
- JDK-8306652: Open source AWT MenuItem related tests
- JDK-8306658: GHA: MSVC installation could be optional since
it might already be pre-installed
- JDK-8306664: GHA: Update MSVC version to latest stepping
- JDK-8306681: Open source more AWT DnD related tests
- JDK-8306683: Open source several clipboard and color AWT tests
- JDK-8306752: Open source several container and component AWT
tests
- JDK-8306753: Open source several container AWT tests
- JDK-8306755: Open source few Swing JComponent and
AbstractButton tests
- JDK-8306768: CodeCache Analytics reports wrong threshold
- JDK-8306774: Make runtime/Monitor/
/GuaranteedAsyncDeflationIntervalTest.java more reliable
- JDK-8306825: Monitor deflation might be accidentally disabled
by zero intervals
- JDK-8306850: Open source AWT Modal related tests
- JDK-8306871: Open source more AWT Drag & Drop tests
- JDK-8306883: Thread stacksize is reported with wrong units in
os::create_thread logging
- JDK-8306941: Open source several datatransfer and dnd AWT
tests
- JDK-8306943: Open source several dnd AWT tests
- JDK-8306954: Open source five Focus related tests
- JDK-8306955: Open source several JComboBox jtreg tests
- JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep
- JDK-8306996: Open source Swing MenuItem related tests
- JDK-8307080: Open source some more JComboBox jtreg tests
- JDK-8307128: Open source some drag and drop tests 4
- JDK-8307130: Open source few Swing JMenu tests
- JDK-8307133: Open source some JTable jtreg tests
- JDK-8307134: Add GTS root CAs
- JDK-8307135: java/awt/dnd/NotReallySerializableTest/
/NotReallySerializableTest.java failed
- JDK-8307331: Correctly update line maps when class redefine
rewrites bytecodes
- JDK-8307346: Add missing gc+phases logging for
ObjectCount(AfterGC) JFR event collection code
- JDK-8307347: serviceability/sa/ClhsdbDumpclass.java could
leave files owned by root on macOS
- JDK-8307378: Allow collectors to provide specific values for
GC notifications' actions
- JDK-8307381: Open Source JFrame, JIF related Swing Tests
- JDK-8307425: Socket input stream read burns CPU cycles with
back-to-back poll(0) calls
- JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has
invalid jtreg `@requires` clause
- JDK-8308554: [17u] Fix commit of 8286191. vm.musl was not
removed from ExternalEditorTest
- JDK-8308880: [17u] micro bench ZoneStrings missed in backport
of 8278434
- JDK-8308884: [17u/11u] Backout JDK-8297951
- JDK-8311467: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.8
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3649-1
Released: Mon Sep 18 15:45:04 2023
Summary: Recommended update for java-17-openjdk
Type: recommended
Severity: important
References:
This update for java-17-openjdk fixes the following issues:
- Fix a regression where the validation would reject valid zip64 (zip with 64-bit offset extensions)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4289-1
Released: Tue Oct 31 09:15:08 2023
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1214790,1216339,1216374,CVE-2023-22025,CVE-2023-22081
This update for java-17-openjdk fixes the following issues:
- Updated to JDK 17.0.9+9 (October 2023 CPU):
- CVE-2023-22081: Fixed a partial denial of service issue that could
be triggered via HTTPS (bsc#1216374).
- CVE-2023-22025: Fixed a memory corruption issue in applications
using AVX-512 (bsc#1216339).
Please visit the Oracle Release Notes page for the full changelog:
https://www.oracle.com/java/technologies/javase/17all-relnotes.html
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:230-1
Released: Thu Jan 25 11:11:27 2024
Summary: Recommended update for adcli
Type: recommended
Severity: moderate
References: 1214076
This update for adcli fixes the following issues:
- Populate Samba's secrets database using offline domain join (bsc#1214076)
- Write SID before secret to Samba's db (bsc#1214076)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:325-1
Released: Mon Feb 5 11:39:10 2024
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1218903,1218905,1218907,1218908,1218909,1218911,CVE-2024-20918,CVE-2024-20919,CVE-2024-20921,CVE-2024-20932,CVE-2024-20945,CVE-2024-20952
This update for java-17-openjdk fixes the following issues:
Updated to version 17.0.10 (January 2024 CPU):
- CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM
due to a missing bounds check (bsc#1218907).
- CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class
file verifier (bsc#1218903).
- CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM
that could lead to corruption of JVM memory (bsc#1218905).
- CVE-2024-20932: Fixed an incorrect handling of ZIP files with
duplicate entries (bsc#1218908).
- CVE-2024-20945: Fixed a potential private key leak through debug
logs (bsc#1218909).
- CVE-2024-20952: Fixed an RSA padding issue and timing side-channel
attack against TLS (bsc#1218911).
Find the full release notes at:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029089.html
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:948-1
Released: Wed Mar 20 15:36:58 2024
Summary: Recommended update for java-17-openjdk
Type: recommended
Severity: moderate
References: 1219662
This update for java-17-openjdk fixes the following issues:
- Recommend mozilla-nss-sysinit in order to have available the /etc/pki/nssdb directory and its content, required in
fips mode (bsc#1219662).
- Do not install our crafted nss.fips.cfg file, but use the one that the build produces with our fips.patch applied.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1136-1
Released: Mon Apr 8 11:30:15 2024
Summary: Security update for c-ares
Type: security
Severity: moderate
References: 1220279,CVE-2024-25629
This update for c-ares fixes the following issues:
- CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1341-1
Released: Thu Apr 18 15:29:45 2024
Summary: Recommended update for tftp
Type: recommended
Severity: moderate
References: 1215520
This update for tftp fixes the following issue:
- Allow enabling the service via `systemctl enable tftp` to create the tftp.socket symlink (bsc#1215520)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1344-1
Released: Thu Apr 18 18:50:37 2024
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1175678,1218171,1221525,1222086
This update for libzypp, zypper fixes the following issues:
- Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398)
- Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086)
- TmpFile: Don't call chmod if makeSibling failed
- Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525)
- New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- Add default stripe minimum
- Don't expose std::optional where YAST/PK explicitly use c++11.
- Digest: Avoid using the deprecated OPENSSL_config
- version 17.32.0
- ProblemSolution::skipsPatchesOnly overload to handout the patches
- Show active dry-run/download-only at the commit propmpt
- Add --skip-not-applicable-patches option
- Fix printing detailed solver problem description
- Fix bash-completion to work with right adjusted numbers in the 1st column too
- Set libzypp shutdown request signal on Ctrl+C
- In the detailed view show all baseurls not just the first one (bsc#1218171)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1345-1
Released: Thu Apr 18 19:15:51 2024
Summary: Security update for tomcat
Type: security
Severity: important
References: 1221385,1221386,CVE-2024-23672,CVE-2024-24549
This update for tomcat fixes the following issues:
- CVE-2024-24549: Fixed denial of service during header validation for HTTP/2 stream (bsc#1221386)
- CVE-2024-23672: Fixed denial of service due to malicious WebSocket client keeping connection open (bsc#1221385)
Other fixes:
- Update to Tomcat 9.0.87
* Catalina
+ Fix: Minor performance improvement for building filter chains. Based
on ideas from #702 by Luke Miao. (remm)
+ Fix: Align error handling for Writer and OutputStream. Ensure use of
either once the response has been recycled triggers a
NullPointerException provided that discardFacades is configured with
the default value of true. (markt)
+ Fix: 68692: The standard thread pool implementations that are configured
using the Executor element now implement ExecutorService for better
support NIO2. (remm)
+ Fix: 68495: When restoring a saved POST request after a successful FORM
authentication, ensure that neither the URI, the query string nor the
protocol are corrupted when restoring the request body. (markt)
+ Fix: 68721: Workaround a possible cause of duplicate class definitions
when using ClassFileTransformers and the transformation of a class also
triggers the loading of the same class. (markt)
+ Fix: The rewrite valve should not do a rewrite if the output is
identical to the input. (remm)
+ Update: Add a new valveSkip (or VS) rule flag to the rewrite valve to
allow skipping over the next valve in the Catalina pipeline. (remm)
+ Fix: Correct JPMS and OSGi meta-data for tomcat-enbed-core.jar by
removing reference to org.apache.catalina.ssi package that is no longer
included in the JAR. Based on pull request #684 by Jendrik Johannes.
(markt)
+ Fix: Fix ServiceBindingPropertySource so that trailing \r\n sequences
are correctly removed from files containing property values when
configured to do so. Bug identified by Coverity Scan. (markt)
+ Add: Add improvements to the CSRF prevention filter including the
ability to skip adding nonces for resource name and subtree URL patterns.
(schultz)
+ Fix: Review usage of debug logging and downgrade trace or data dumping
operations from debug level to trace. (remm)
+ Fix: 68089: Further improve the performance of request attribute
access for ApplicationHttpRequest and ApplicationRequest. (markt)
+ Fix: 68559: Allow asynchronous error handling to write to the
response after an error during asynchronous processing. (markt)
* Coyote
+ Fix: Improve the HTTP/2 stream prioritisation process. If a stream
uses all of the connection windows and still has content to write, it
will now be added to the backlog immediately rather than waiting until
the write attempt for the remaining content. (markt)
+ Fix: Make asynchronous error handling more robust. Ensure that once
a connection is marked to be closed, further asynchronous processing
cannot change that. (markt)
+ Fix: Make asynchronous error handling more robust. Ensure that once
the call to AsyncListener.onError() has returned to the container, only
container threads can access the AsyncContext. This protects against
various race conditions that woudl otherwise occur if application threads
continued to access the AsyncContext.
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. In particular, most of the
HTTP/2 debug logging has been changed to trace level. (remm)
+ Fix: Add support for user provided SSLContext instances configured
on SSLHostConfigCertificate instances. Based on pull request #673
provided by Hakan Altındağ. (markt)
+ Fix: Improve the Tomcat Native shutdown process to reduce the likelihood
of a JVM crash during Tomcat shutdown. (markt)
+ Fix: Partial fix for 68558: Cache the result of converting to String
for request URI, HTTP header names and the request Content-Type value to
improve performance by reducing repeated byte[] to String conversions.
(markt)
+ Fix: Improve error reporting to HTTP/2 clients for header processing
errors by reporting problems at the end of the frame where the error was
detected rather than at the end of the headers. (markt)
+ Fix: Remove the remaining reference to a stream once the stream has
been recycled. This makes the stream eligible for garbage collection
earlier and thereby improves scalability. (markt)
* Jasper
+ Add: Add support for specifying Java 22 (with the value 22) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the default will used. (markt)
+ Fix: 68546: Generate optimal size and types for JSP imports maps, as
suggested by John Engebretson. (remm)
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. (remm)
* Cluster
+ Fix: Avoid updating request count stats on async. (remm)
* WebSocket
+ Fix: Correct a regression in the fix for 66508 that could cause an
UpgradeProcessor leak in some circumstances. (markt)
+ Fix: Review usage of debug logging and downgrade trace or data dumping
operations from debug level to trace. (remm)
+ Fix: Ensure that WebSocket connection closure completes if the
connection is closed when the server side has used the proprietary
suspend/resume feature to suspend the connection. (markt)
* Web applications
+ Add: Add support for responses in JSON format from the examples
application RequestHeaderExample. (schultz)
* Other
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Update: Update Checkstyle to 10.13.0. (markt)
+ Update: Update JSign to 6.0. (markt)
+ Update: Add strings for debug level messages. (remm)
+ Update: Update Tomcat Native to 1.3.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1368-1
Released: Mon Apr 22 11:06:29 2024
Summary: Security update for shim
Type: security
Severity: important
References: 1198101,1205588,1205855,1210382,1213945,1215098,1215099,1215100,1215101,1215102,1215103,1219460,CVE-2022-28737,CVE-2023-40546,CVE-2023-40547,CVE-2023-40548,CVE-2023-40549,CVE-2023-40550,CVE-2023-40551
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
- Generate dbx during build so we don't include binary files in sources
- Don't require grub so shim can still be used with systemd-boot
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
- Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1429-1
Released: Wed Apr 24 15:13:10 2024
Summary: Recommended update for ca-certificates
Type: recommended
Severity: moderate
References: 1188500,1221184
This update for ca-certificates fixes the following issue:
- Update version (bsc#1221184)
* Use flock to serialize calls (bsc#1188500)
* Make certbundle.run container friendly
* Create /var/lib/ca-certificates if needed
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1439-1
Released: Thu Apr 25 23:41:12 2024
Summary: Security update for python-idna
Type: security
Severity: moderate
References: 1222842,CVE-2024-3651
This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1458-1
Released: Mon Apr 29 07:47:34 2024
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1220763
This update for vim fixes the following issues:
- Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1487-1
Released: Thu May 2 10:43:53 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1211721,1221361,1221407,1222547
This update for aaa_base fixes the following issues:
- home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile
- drop the stderr redirection for csh (bsc#1221361)
- drop sysctl.d/50-default-s390.conf (bsc#1211721)
- make sure the script does not exit with 1 if a file with content is found (bsc#1222547)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1498-1
Released: Mon May 6 09:42:11 2024
Summary: Security update for java-11-openjdk
Type: security
Severity: low
References: 1213470,1222979,1222983,1222984,1222986,1222987,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21085,CVE-2024-21094
This update for java-11-openjdk fixes the following issues:
- CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979)
- CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987)
- CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983)
- CVE-2024-21085: Fixed denial of service due to Pack200 excessive memory allocation (JDK-8322114,bsc#1222984)
- CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986)
Other fixes:
- Upgrade to upstream tag jdk-11.0.23+9 (April 2024 CPU)
* Security fixes
+ JDK-8318340: Improve RSA key implementations
* Other changes
+ JDK-6928542: Chinese characters in RTF are not decoded
+ JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/
/bug4517214.java fails on MacOS
+ JDK-7148092: [macosx] When Alt+down arrow key is pressed,
the combobox popup does not appear.
+ JDK-8054022: HttpURLConnection timeouts with Expect:
100-Continue and no chunking
+ JDK-8054572: [macosx] JComboBox paints the border incorrectly
+ JDK-8058176: [mlvm] tests should not allow code cache
exhaustion
+ JDK-8067651: LevelTransitionTest.java, fix trivial methods
levels logic
+ JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005
intermittently times out
+ JDK-8156889: ListKeychainStore.sh fails in some virtualized
environments
+ JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps
timeouting
+ JDK-8166554: Avoid compilation blocking in
OverloadCompileQueueTest.java
+ JDK-8169475: WheelModifier.java fails by timeout
+ JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh
to Java Jtreg Test
+ JDK-8186610: move ModuleUtils to top-level testlibrary
+ JDK-8192864: defmeth tests can hide failures
+ JDK-8193543: Regression automated test '/open/test/jdk/java/
/awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java'
fails
+ JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/
/isexceeded001/TestDescription.java still failing
+ JDK-8202282: [TESTBUG] appcds TestCommon
.makeCommandLineForAppCDS() can be removed
+ JDK-8202790: DnD test DisposeFrameOnDragTest.java does not
clean up
+ JDK-8202931: [macos] java/awt/Choice/ChoicePopupLocation/
/ChoicePopupLocation.java fails
+ JDK-8207211: [TESTBUG] Remove excessive output from
CDS/AppCDS tests
+ JDK-8207214: Broken links in JDK API serialized-form page
+ JDK-8207855: Make applications/jcstress invoke tests in
batches
+ JDK-8208243: vmTestbase/gc/lock/jni/jnilock002/
/TestDescription.java fails in jdk/hs nightly
+ JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java
.findDeadlock.INDIFY_Test Deadlocked threads are not always
detected
+ JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails
in AUFS file system
+ JDK-8208699: remove unneeded imports from runtime tests
+ JDK-8208704: runtime/appcds/MultiReleaseJars.java timed out
often in hs-tier7 testing
+ JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option
is not always required for appcds tests
+ JDK-8209549: remove VMPropsExt from TEST.ROOT
+ JDK-8209595: MonitorVmStartTerminate.java timed out
+ JDK-8209946: [TESTBUG] CDS tests should use '@run driver'
+ JDK-8211438: [Testbug] runtime/XCheckJniJsig/XCheckJSig.java
looks for libjsig in wrong location
+ JDK-8211978: Move testlibrary/jdk/testlibrary/
/SimpleSSLContext.java and testkeys to network testlibrary
+ JDK-8213622: Windows VS2013 build failure - ''snprintf':
identifier not found'
+ JDK-8213926: WB_EnqueueInitializerForCompilation requests
compilation for NULL
+ JDK-8213927: G1 ignores AlwaysPreTouch when
UseTransparentHugePages is enabled
+ JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr
modules
+ JDK-8214915: CtwRunner misses export for jdk.internal.access
+ JDK-8216408: XMLStreamWriter setDefaultNamespace(null) throws
NullPointerException
+ JDK-8217475: Unexpected StackOverflowError in 'process
reaper' thread
+ JDK-8218754: JDK-8068225 regression in JDIBreakpointTest
+ JDK-8219475: javap man page needs to be updated
+ JDK-8219585: [TESTBUG] sun/management/jmxremote/bootstrap/
/JMXInterfaceBindingTest.java passes trivially when it
shouldn't
+ JDK-8219612: [TESTBUG] compiler.codecache.stress.Helper
.TestCaseImpl can't be defined in different runtime package as
its nest host
+ JDK-8225471: Test utility jdk.test.lib.util.FileUtils
.areAllMountPointsAccessible needs to tolerate duplicates
+ JDK-8226706: (se) Reduce the number of outer loop iterations
on Windows in java/nio/channels/Selector/RacyDeregister.java
+ JDK-8226905: unproblem list applications/ctw/modules/* tests
on windows
+ JDK-8226910: make it possible to use jtreg's -match via
run-test framework
+ JDK-8227438: [TESTLIB] Determine if file exists by
Files.exists in function FileUtils.deleteFileIfExistsWithRetry
+ JDK-8231585: java/lang/management/ThreadMXBean/
/MaxDepthForThreadInfoTest.java fails with
java.lang.NullPointerException
+ JDK-8232839: JDI AfterThreadDeathTest.java failed due to
'FAILED: Did not get expected IllegalThreadStateException on a
StepRequest.enable()'
+ JDK-8233453: MLVM deoptimize stress test timed out
+ JDK-8234309: LFGarbageCollectedTest.java fails with parse
Exception
+ JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/
/AccessibleChoiceTest.java fails
+ JDK-8237777: 'Dumping core ...' is shown despite claiming
that '# No core dump will be written.'
+ JDK-8237834: com/sun/jndi/ldap/LdapDnsProviderTest.java
failing with LDAP response read timeout
+ JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel
+ JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/
/AccessibleChoiceTest.java fails
+ JDK-8244679: JVM/TI GetCurrentContendedMonitor/contmon001
failed due to '(IsSameObject#3) unexpected monitor object:
0x000000562336DBA8'
+ JDK-8246222: Rename javac test T6395981.java to be more
informative
+ JDK-8247818: GCC 10 warning stringop-overflow with symbol code
+ JDK-8249087: Always initialize _body[0..1] in Symbol
constructor
+ JDK-8251349: Add TestCaseImpl to
OverloadCompileQueueTest.java's build dependencies
+ JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/
/btree010.java fails with ClassNotFoundException:
nsk.sysdict.share.BTree0LLRLRLRRLR
+ JDK-8253543: sanity/client/SwingSet/src/
/ButtonDemoScreenshotTest.java failed with 'AssertionError:
All pixels are not black'
+ JDK-8253739: java/awt/image/MultiResolutionImage/
/MultiResolutionImageObserverTest.java fails
+ JDK-8253820: Save test images and dumps with timestamps from
client sanity suite
+ JDK-8255277: randomDelay in DrainDeadlockT and
LoggingDeadlock do not randomly delay
+ JDK-8255546: Missing coverage for
javax.smartcardio.CardPermission and ResponseAPDU
+ JDK-8255743: Relax SIGFPE match in in
runtime/ErrorHandling/SecondaryErrorTest.java
+ JDK-8257505: nsk/share/test/StressOptions stressTime is
scaled in getter but not when printed
+ JDK-8259801: Enable XML Signature secure validation mode by
default
+ JDK-8264135: UnsafeGetStableArrayElement should account for
different JIT implementation details
+ JDK-8265349: vmTestbase/../stress/compiler/deoptimize/
/Test.java fails with OOME due to CodeCache exhaustion.
+ JDK-8269025: jsig/Testjsig.java doesn't check exit code
+ JDK-8269077: TestSystemGC uses 'require vm.gc.G1' for large
pages subtest
+ JDK-8271094: runtime/duplAttributes/DuplAttributesTest.java
doesn't check exit code
+ JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java
doesn't check exit code
+ JDK-8271828: mark hotspot runtime/classFileParserBug tests
which ignore external VM flags
+ JDK-8271829: mark hotspot runtime/Throwable tests which
ignore external VM flags
+ JDK-8271890: mark hotspot runtime/Dictionary tests which
ignore external VM flags
+ JDK-8272291: mark hotspot runtime/logging tests which ignore
external VM flags
+ JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't
check exit codes
+ JDK-8272551: mark hotspot runtime/modules tests which ignore
external VM flags
+ JDK-8272552: mark hotspot runtime/cds tests which ignore
external VM flags
+ JDK-8273803: Zero: Handle 'zero' variant in
CommandLineOptionTest.java
+ JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java
fails in Windows 11
+ JDK-8274621: NullPointerException because listenAddress[0] is
null
+ JDK-8276796: gc/TestSystemGC.java large pages subtest fails
with ZGC
+ JDK-8280007: Enable Neoverse N1 optimizations for Arm
Neoverse V1 & N2
+ JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails
with java.lang.RuntimeException: values differ by more than
1GB
+ JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/
/ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java
from problemlist.
+ JDK-8281717: Cover logout method for several LoginModule
+ JDK-8282665: [REDO] ByteBufferTest.java: replace endless
recursion with RuntimeException in void ck(double x, double y)
+ JDK-8284090: com/sun/security/auth/module/AllPlatforms.java
fails to compile
+ JDK-8285756: clean up use of bad arguments for `@clean` in
langtools tests
+ JDK-8285785: CheckCleanerBound test fails with
PasswordCallback object is not released
+ JDK-8285867: Convert applet manual tests
SelectionVisible.java to Frame and automate
+ JDK-8286846: test/jdk/javax/swing/plaf/aqua/
/CustomComboBoxFocusTest.java fails on mac aarch64
+ JDK-8286969: Add a new test library API to execute kinit in
SecurityTools.java
+ JDK-8287113: JFR: Periodic task thread uses period for method
sampling events
+ JDK-8289511: Improve test coverage for XPath Axes: child
+ JDK-8289764: gc/lock tests failed with 'OutOfMemoryError:
Java heap space: failed reallocation of scalar replaced
objects'
+ JDK-8289948: Improve test coverage for XPath functions: Node
Set Functions
+ JDK-8290399: [macos] Aqua LAF does not fire an action event
if combo box menu is displayed
+ JDK-8290909: MemoryPoolMBean/isUsageThresholdExceeded tests
failed with 'isUsageThresholdExceeded() returned false, and is
still false, while threshold = MMMMMMM and used peak = NNNNNNN'
+ JDK-8292182: [TESTLIB] Enhance JAXPPolicyManager to setup
required permissions for jtreg version 7 jar
+ JDK-8292946: GC lock/jni/jnilock001 test failed
'assert(gch->gc_cause() == GCCause::_scavenge_alot ||
!gch->incremental_collection_failed()) failed: Twice in a row'
+ JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed
with 'RuntimeException: Retrieved backing PlatformLogger level
null is not the expected CONFIG'
+ JDK-8294158: HTML formatting for PassFailJFrame instructions
+ JDK-8294254: [macOS] javax/swing/plaf/aqua/
/CustomComboBoxFocusTest.java failure
+ JDK-8294402: Add diagnostic logging to
VMProps.checkDockerSupport
+ JDK-8294535: Add screen capture functionality to
PassFailJFrame
+ JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails
intermittently on a VM
+ JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/
/AbstractDrbg/SpecTest.java intermittently timeout
+ JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java
failed: ExceptionInInitializerError: target class not found
+ JDK-8300269: The selected item in an editable JComboBox with
titled border is not visible in Aqua LAF
+ JDK-8300727: java/awt/List/ListGarbageCollectionTest/
/AwtListGarbageCollectionTest.java failed with 'List wasn't
garbage collected'
+ JDK-8301310: The SendRawSysexMessage test may cause a JVM
crash
+ JDK-8301377: adjust timeout for JLI
GetObjectSizeIntrinsicsTest.java subtest again
+ JDK-8301846: Invalid TargetDataLine after screen lock when
using JFileChooser or COM library
+ JDK-8302017: Allocate BadPaddingException only if it will be
thrown
+ JDK-8302109: Trivial fixes to btree tests
+ JDK-8302149: Speed up
compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java
+ JDK-8302607: increase timeout for
ContinuousCallSiteTargetChange.java
+ JDK-8304074: [JMX] Add an approximation of total bytes
allocated on the Java heap by the JVM
+ JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373
+ JDK-8304725: AsyncGetCallTrace can cause SIGBUS on M1
+ JDK-8305502: adjust timeouts in three more M&M tests
+ JDK-8305505: NPE in javazic compiler
+ JDK-8305972: Update XML Security for Java to 3.0.2
+ JDK-8306072: Open source several AWT MouseInfo related tests
+ JDK-8306076: Open source AWT misc tests
+ JDK-8306409: Open source AWT KeyBoardFocusManger,
LightWeightComponent related tests
+ JDK-8306640: Open source several AWT TextArea related tests
+ JDK-8306652: Open source AWT MenuItem related tests
+ JDK-8306681: Open source more AWT DnD related tests
+ JDK-8306683: Open source several clipboard and color AWT tests
+ JDK-8306752: Open source several container and component AWT
tests
+ JDK-8306753: Open source several container AWT tests
+ JDK-8306755: Open source few Swing JComponent and
AbstractButton tests
+ JDK-8306812: Open source several AWT Miscellaneous tests
+ JDK-8306871: Open source more AWT Drag & Drop tests
+ JDK-8306996: Open source Swing MenuItem related tests
+ JDK-8307123: Fix deprecation warnings in DPrinter
+ JDK-8307130: Open source few Swing JMenu tests
+ JDK-8307299: Move more DnD tests to open
+ JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing
JTableHeader tests
+ JDK-8307381: Open Source JFrame, JIF related Swing Tests
+ JDK-8307683: Loop Predication should not hoist range checks
with trap on success projection by negating their condition
+ JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC
while allocating
+ JDK-8308116: jdk.test.lib.compiler.InMemoryJavaCompiler
.compile does not close files
+ JDK-8308223: failure handler missed jcmd.vm.info command
+ JDK-8308232: nsk/jdb tests don't pass -verbose flag to the
debuggee
+ JDK-8308245: Add -proc:full to describe current default
annotation processing policy
+ JDK-8308336: Test java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java failed:
java.net.BindException: Address already in use
+ JDK-8309104: [JVMCI] compiler/unsafe/
/UnsafeGetStableArrayElement test asserts wrong values with
Graal
+ JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton
predicates for all If nodes in loop predication
+ JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/
/agentthr001/TestDescription.java crashing due to empty while
loop
+ JDK-8309778: java/nio/file/Files/CopyAndMove.java fails when
using second test directory
+ JDK-8309870: Using -proc:full should be considered requesting
explicit annotation processing
+ JDK-8310106: sun.security.ssl.SSLHandshake
.getHandshakeProducer() incorrectly checks handshakeConsumers
+ JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/
/bug6889007.java fails
+ JDK-8310551: vmTestbase/nsk/jdb/interrupt/interrupt001/
/interrupt001.java timed out due to missing prompt
+ JDK-8310807: java/nio/channels/DatagramChannel/Connect.java
timed out
+ JDK-8311081: KeytoolReaderP12Test.java fail on localized
Windows platform
+ JDK-8311511: Improve description of NativeLibrary JFR event
+ JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java
+ JDK-8313081: MonitoringSupport_lock should be unconditionally
initialized after 8304074
+ JDK-8313082: Enable CreateCoredumpOnCrash for testing in
makefiles
+ JDK-8313164: src/java.desktop/windows/native/libawt/windows/
/awt_Robot.cpp GetRGBPixels adjust releasing of resources
+ JDK-8313252: Java_sun_awt_windows_ThemeReader_paintBackground
release resources in early returns
+ JDK-8313643: Update HarfBuzz to 8.2.2
+ JDK-8313816: Accessing jmethodID might lead to spurious
crashes
+ JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to
extra concurrent mark with -Xcomp
+ JDK-8314164: java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java fails intermittently
in timeout
+ JDK-8314883:
Java_java_util_prefs_FileSystemPreferences_lockFile0 write
result errno in missing case
+ JDK-8315034: File.mkdirs() occasionally fails to create
folders on Windows shared folder
+ JDK-8315042: NPE in PKCS7.parseOldSignedData
+ JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some
cases
+ JDK-8315499: build using devkit on Linux ppc64le RHEL puts
path to devkit into libsplashscreen
+ JDK-8315594: Open source few headless Swing misc tests
+ JDK-8315600: Open source few more headless Swing misc tests
+ JDK-8315602: Open source swing security manager test
+ JDK-8315606: Open source few swing text/html tests
+ JDK-8315611: Open source swing text/html and tree test
+ JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should
run with -Xbatch
+ JDK-8315731: Open source several Swing Text related tests
+ JDK-8315761: Open source few swing JList and JMenuBar tests
+ JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/
/bug4654927.java: component must be showing on the screen to
determine its location
+ JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use
createTestJvm
+ JDK-8316028: Update FreeType to 2.13.2
+ JDK-8316030: Update Libpng to 1.6.40
+ JDK-8316106: Open source few swing JInternalFrame and
JMenuBar tests
+ JDK-8316461: Fix: make test outputs TEST SUCCESS after
unsuccessful exit
+ JDK-8316947: Write a test to check textArea triggers
MouseEntered/MouseExited events properly
+ JDK-8317307: test/jdk/com/sun/jndi/ldap/
/LdapPoolTimeoutTest.java fails with ConnectException:
Connection timed out: no further information
+ JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js
+ JDK-8318154: Improve stability of WheelModifier.java test
+ JDK-8318410: jdk/java/lang/instrument/BootClassPath/
/BootClassPathTest.sh fails on Japanese Windows
+ JDK-8318468: compiler/tiered/LevelTransitionTest.java fails
with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1
+ JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java
+ JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni
tests
+ JDK-8318608: Enable parallelism in
vmTestbase/nsk/stress/threads tests
+ JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with
'transport error 202: bind failed: Address already in use'
+ JDK-8318889: C2: add bailout after assert Bad graph detected
in build_loop_late
+ JDK-8318951: Additional negative value check in JPEG decoding
+ JDK-8318955: Add ReleaseIntArrayElements in
Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to
early return
+ JDK-8318971: Better Error Handling for Jar Tool When
Processing Non-existent Files
+ JDK-8318983: Fix comment typo in PKCS12Passwd.java
+ JDK-8319124: Update XML Security for Java to 3.0.3
+ JDK-8319456: jdk/jfr/event/gc/collection/
/TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker
Initiated GC' not in the valid causes
+ JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh
+ JDK-8320001: javac crashes while adding type annotations to
the return type of a constructor
+ JDK-8320208: Update Public Suffix List to b5bf572
+ JDK-8320363: ppc64 TypeEntries::type_unknown logic looks
wrong, missed optimization opportunity
+ JDK-8320597: RSA signature verification fails on signed data
that does not encode params correctly
+ JDK-8320798: Console read line with zero out should zero out
underlying buffer
+ JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23
+ JDK-8320937: support latest VS2022 MSC_VER in
abstract_vm_version.cpp
+ JDK-8321151: JDK-8294427 breaks Windows L&F on all older
Windows versions
+ JDK-8321215: Incorrect x86 instruction encoding for VSIB
addressing mode
+ JDK-8321408: Add Certainly roots R1 and E1
+ JDK-8321480: ISO 4217 Amendment 176 Update
+ JDK-8322178: Error. can't find jdk.testlibrary
.SimpleSSLContext in test directory or libraries
+ JDK-8322417: Console read line with zero out should zero out
when throwing exception
+ JDK-8322725: (tz) Update Timezone Data to 2023d
+ JDK-8322750: Test 'api/java_awt/interactive/
/SystemTrayTests.html' failed because A blue ball icon is
added outside of the system tray
+ JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is
failing assert
+ JDK-8322772: Clean up code after JDK-8322417
+ JDK-8323008: filter out harmful -std* flags added by autoconf
from CXX
+ JDK-8323243: JNI invocation of an abstract instance method
corrupts the stack
+ JDK-8323515: Create test alias 'all' for all test roots
+ JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/
/platform/docker/TestDockerMemoryMetrics.java always fail
because OOM killed
+ JDK-8324184: Windows VS2010 build failed with 'error C2275:
'int64_t''
+ JDK-8324307: [11u] hotspot fails to build with GCC 12 and
newer (non-static data member initializers)
+ JDK-8324347: Enable 'maybe-uninitialized' warning for
FreeType 2.13.1
+ JDK-8324659: GHA: Generic jtreg errors are not reported
+ JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/
/AKISerialNumber.java is failing
+ JDK-8325150: (tz) Update Timezone Data to 2024a
+ JDK-8326109: GCC 13 reports maybe-uninitialized warnings for
jni.cpp with dtrace enabled
+ JDK-8326503: [11u] java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java fail because of
package org.junit.jupiter.api does not exist
+ JDK-8327391: Add SipHash attribution file
+ JDK-8329837: [11u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23
- Removed the possibility to use the system timezone-java (bsc#1213470)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1499-1
Released: Mon May 6 09:44:56 2024
Summary: Security update for java-17-openjdk
Type: security
Severity: low
References: 1213470,1222979,1222983,1222986,1222987,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21094
This update for java-17-openjdk fixes the following issues:
- CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979)
- CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987)
- CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983)
- CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986)
Other fixes:
- Update to upstream tag jdk-17.0.11+9 (April 2024 CPU)
* Security fixes
+ JDK-8318340: Improve RSA key implementations
* Other changes
+ JDK-6928542: Chinese characters in RTF are not decoded
+ JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/
/bug4517214.java fails on MacOS
+ JDK-7148092: [macosx] When Alt+down arrow key is pressed, the
combobox popup does not appear.
+ JDK-7167356: (javac) investigate failing tests in
JavacParserTest
+ JDK-8054022: HttpURLConnection timeouts with Expect:
100-Continue and no chunking
+ JDK-8054572: [macosx] JComboBox paints the border incorrectly
+ JDK-8169475: WheelModifier.java fails by timeout
+ JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost`
accesses `int InetAddress.preferIPv6Address` as a boolean
+ JDK-8209595: MonitorVmStartTerminate.java timed out
+ JDK-8210410: Refactor java.util.Currency:i18n shell tests to
plain java tests
+ JDK-8261404: Class.getReflectionFactory() is not thread-safe
+ JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from
+ JDK-8263256: Test java/net/Inet6Address/serialize/
/Inet6AddressSerializationTest.java fails due to dynamic
reconfigurations of network interface during test
+ JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java
failed with connection timeout
+ JDK-8271118: C2: StressGCM should have higher priority than
frequency-based policy
+ JDK-8271616: oddPart in MutableBigInteger::mutableModInverse
contains info on final result
+ JDK-8272811: Document the effects of building with
_GNU_SOURCE in os_posix.hpp
+ JDK-8272853: improve `JavadocTester.runTests`
+ JDK-8273454: C2: Transform (-a)*(-b) into a*b
+ JDK-8274060: C2: Incorrect computation after JDK-8273454
+ JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java
fails in Windows 11
+ JDK-8274621: NullPointerException because listenAddress[0] is
null
+ JDK-8274632: Possible pointer overflow in PretouchTask chunk
claiming
+ JDK-8274634: Use String.equals instead of String.compareTo in
java.desktop
+ JDK-8276125: RunThese24H.java SIGSEGV in
JfrThreadGroup::thread_group_id
+ JDK-8278028: [test-library] Warnings cleanup of the test
library
+ JDK-8278312: Update SimpleSSLContext keystore to use SANs for
localhost IP addresses
+ JDK-8278363: Create extented container test groups
+ JDK-8280241: (aio) AsynchronousSocketChannel init fails in
IPv6 only Windows env
+ JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/
/ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from
problemlist.
+ JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp
+ JDK-8281585: Remove unused imports under test/lib and jtreg/gc
+ JDK-8283400: [macos] a11y : Screen magnifier does not reflect
JRadioButton value change
+ JDK-8283626: AArch64: Set relocInfo::offset_unit to 4
+ JDK-8283994: Make Xerces DatatypeException stackless
+ JDK-8286312: Stop mixing signed and unsigned types in bit
operations
+ JDK-8286846: test/jdk/javax/swing/plaf/aqua/
/CustomComboBoxFocusTest.java fails on mac aarch64
+ JDK-8287832: jdk/jfr/event/runtime/TestActiveSettingEvent.java
failed with 'Expected two batches of Active Setting events'
+ JDK-8288663: JFR: Disabling the JfrThreadSampler commits only
a partially disabled state
+ JDK-8288846: misc tests fail 'assert(ms < 1000) failed:
Un-interruptable sleep, short time use only'
+ JDK-8289764: gc/lock tests failed with 'OutOfMemoryError:
Java heap space: failed reallocation of scalar replaced
objects'
+ JDK-8290041: ModuleDescriptor.hashCode is inconsistent
+ JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/
/capability/CM03/cm03t001/TestDescription.java on linux-all
+ JDK-8290399: [macos] Aqua LAF does not fire an action event
if combo box menu is displayed
+ JDK-8292458: Atomic operations on scoped enums don't build
with clang
+ JDK-8292946: GC lock/jni/jnilock001 test failed
'assert(gch->gc_cause() == GCCause::_scavenge_alot ||
!gch->incremental_collection_failed()) failed: Twice in a row'
+ JDK-8293117: Add atomic bitset functions
+ JDK-8293547: Add relaxed add_and_fetch for macos aarch64
atomics
+ JDK-8294158: HTML formatting for PassFailJFrame instructions
+ JDK-8294254: [macOS] javax/swing/plaf/aqua/
/CustomComboBoxFocusTest.java failure
+ JDK-8294535: Add screen capture functionality to
PassFailJFrame
+ JDK-8295068: SSLEngine throws NPE parsing CertificateRequests
+ JDK-8295124: Atomic::add to pointer type may return wrong
value
+ JDK-8295274: HelidonAppTest.java fails
'assert(event->should_commit()) failed: invariant' from
compiled frame'
+ JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts
+ JDK-8297968: Crash in PrintOptoAssembly
+ JDK-8298087: XML Schema Validation reports an required
attribute twice via ErrorHandler
+ JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java
failed: ExceptionInInitializerError: target class not found
+ JDK-8300269: The selected item in an editable JComboBox with
titled border is not visible in Aqua LAF
+ JDK-8301306: java/net/httpclient/* fail with -Xcomp
+ JDK-8301310: The SendRawSysexMessage test may cause a JVM
crash
+ JDK-8301787: java/net/httpclient/SpecialHeadersTest failing
after JDK-8301306
+ JDK-8301846: Invalid TargetDataLine after screen lock when
using JFileChooser or COM library
+ JDK-8302017: Allocate BadPaddingException only if it will be
thrown
+ JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/
/TestAMEnotNPE.java
+ JDK-8303605: Memory leaks in Metaspace gtests
+ JDK-8304074: [JMX] Add an approximation of total bytes
allocated on the Java heap by the JVM
+ JDK-8304696: Duplicate class names in dynamicArchive tests
can lead to test failure
+ JDK-8305356: Fix ignored bad CompileCommands in tests
+ JDK-8305900: Use loopback IP addresses in security policy
files of httpclient tests
+ JDK-8305906: HttpClient may use incorrect key when finding
pooled HTTP/2 connection for IPv6 address
+ JDK-8305962: update jcstress to 0.16
+ JDK-8305972: Update XML Security for Java to 3.0.2
+ JDK-8306014: Update javax.net.ssl TLS tests to use
SSLContextTemplate or SSLEngineTemplate
+ JDK-8306408: Fix the format of several tables in building.md
+ JDK-8307185: pkcs11 native libraries make JNI calls into java
code while holding GC lock
+ JDK-8307926: Support byte-sized atomic bitset operations
+ JDK-8307955: Prefer to PTRACE_GETREGSET instead of
PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs'
+ JDK-8307990: jspawnhelper must close its writing side of a
pipe before reading from it
+ JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC
while allocating
+ JDK-8308245: Add -proc:full to describe current default
annotation processing policy
+ JDK-8308336: Test java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java failed:
java.net.BindException: Address already in use
+ JDK-8309302: java/net/Socket/Timeouts.java fails with
AssertionError on test temporal post condition
+ JDK-8309305: sun/security/ssl/SSLSocketImpl/
/BlockedAsyncClose.java fails with jtreg test timeout
+ JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/
/agentthr001/TestDescription.java crashing due to empty while
loop
+ JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect
announcements of JRadioButton
+ JDK-8309870: Using -proc:full should be considered requesting
explicit annotation processing
+ JDK-8310106: sun.security.ssl.SSLHandshake
.getHandshakeProducer() incorrectly checks handshakeConsumers
+ JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/
/bug6889007.java fails
+ JDK-8310380: Handle problems in core-related tests on macOS
when codesign tool does not work
+ JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is
spuriously passing
+ JDK-8310807: java/nio/channels/DatagramChannel/Connect.java
timed out
+ JDK-8310838: Correct range notations in MethodTypeDesc
specification
+ JDK-8310844: [AArch64] C1 compilation fails because monitor
offset in OSR buffer is too large for immediate
+ JDK-8310923: Refactor Currency tests to use JUnit
+ JDK-8311081: KeytoolReaderP12Test.java fail on localized
Windows platform
+ JDK-8311160: [macOS, Accessibility] VoiceOver: No
announcements on JRadioButtonMenuItem and JCheckBoxMenuItem
+ JDK-8311581: Remove obsolete code and comments in TestLVT.java
+ JDK-8311645: Memory leak in jspawnhelper spawnChild after
JDK-8307990
+ JDK-8311986: Disable runtime/os/TestTracePageSizes.java for
ShenandoahGC
+ JDK-8312428: PKCS11 tests fail with NSS 3.91
+ JDK-8312434: SPECjvm2008/xml.transform with CDS fails with
'can't seal package nu.xom'
+ JDK-8313081: MonitoringSupport_lock should be unconditionally
initialized after 8304074
+ JDK-8313082: Enable CreateCoredumpOnCrash for testing in
makefiles
+ JDK-8313206: PKCS11 tests silently skip execution
+ JDK-8313575: Refactor PKCS11Test tests
+ JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/
/TestFloatingDecimal should use RandomFactory
+ JDK-8313643: Update HarfBuzz to 8.2.2
+ JDK-8313816: Accessing jmethodID might lead to spurious
crashes
+ JDK-8314164: java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java fails intermittently
in timeout
+ JDK-8314220: Configurable InlineCacheBuffer size
+ JDK-8314830: runtime/ErrorHandling/ tests ignore external VM
flags
+ JDK-8315034: File.mkdirs() occasionally fails to create
folders on Windows shared folder
+ JDK-8315042: NPE in PKCS7.parseOldSignedData
+ JDK-8315594: Open source few headless Swing misc tests
+ JDK-8315600: Open source few more headless Swing misc tests
+ JDK-8315602: Open source swing security manager test
+ JDK-8315611: Open source swing text/html and tree test
+ JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should
run with -Xbatch
+ JDK-8315731: Open source several Swing Text related tests
+ JDK-8315761: Open source few swing JList and JMenuBar tests
+ JDK-8315920: C2: 'control input must dominate current
control' assert failure
+ JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/
/bug4654927.java: component must be showing on the screen to
determine its location
+ JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use
createTestJvm
+ JDK-8316028: Update FreeType to 2.13.2
+ JDK-8316030: Update Libpng to 1.6.40
+ JDK-8316106: Open source few swing JInternalFrame and
JMenuBar tests
+ JDK-8316304: (fs) Add support for BasicFileAttributes
.creationTime() for Linux
+ JDK-8316392: compiler/interpreter/
/TestVerifyStackAfterDeopt.java failed with SIGBUS in
PcDescContainer::find_pc_desc_internal
+ JDK-8316414: C2: large byte array clone triggers 'failed:
malformed control flow' assertion failure on linux-x86
+ JDK-8316415: Parallelize
sun/security/rsa/SignedObjectChain.java subtests
+ JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java
get OOM killed with Parallel GC
+ JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/
/CheckOrigin.java as vm.flagless
+ JDK-8316679: C2 SuperWord: wrong result, load should not be
moved before store if not comparable
+ JDK-8316693: Simplify at-requires checkDockerSupport()
+ JDK-8316929: Shenandoah: Shenandoah degenerated GC and full
GC need to cleanup old OopMapCache entries
+ JDK-8316947: Write a test to check textArea triggers
MouseEntered/MouseExited events properly
+ JDK-8317039: Enable specifying the JDK used to run jtreg
+ JDK-8317144: Exclude sun/security/pkcs11/sslecc/
/ClientJSSEServerJSSE.java on Linux ppc64le
+ JDK-8317307: test/jdk/com/sun/jndi/ldap/
/LdapPoolTimeoutTest.java fails with ConnectException:
Connection timed out: no further information
+ JDK-8317603: Improve exception messages thrown by
sun.nio.ch.Net native methods (win)
+ JDK-8317771: [macos14] Expand/collapse a JTree using keyboard
freezes the application in macOS 14 Sonoma
+ JDK-8317807: JAVA_FLAGS removed from jtreg running in
JDK-8317039
+ JDK-8317960: [17u] Excessive CPU usage on
AbstractQueuedSynchronized.isEnqueued
+ JDK-8318154: Improve stability of WheelModifier.java test
+ JDK-8318183: C2: VM may crash after hitting node limit
+ JDK-8318410: jdk/java/lang/instrument/BootClassPath/
/BootClassPathTest.sh fails on Japanese Windows
+ JDK-8318468: compiler/tiered/LevelTransitionTest.java fails
with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1
+ JDK-8318490: Increase timeout for JDK tests that are close to
the limit when run with libgraal
+ JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java
+ JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni
tests
+ JDK-8318608: Enable parallelism in
vmTestbase/nsk/stress/threads tests
+ JDK-8318689: jtreg is confused when folder name is the same
as the test name
+ JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with
'transport error 202: bind failed: Address already in use'
+ JDK-8318951: Additional negative value check in JPEG decoding
+ JDK-8318955: Add ReleaseIntArrayElements in
Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to
early return
+ JDK-8318957: Enhance agentlib:jdwp help output by info about
allow option
+ JDK-8318961: increase javacserver connection timeout values
and max retry attempts
+ JDK-8318971: Better Error Handling for Jar Tool When
Processing Non-existent Files
+ JDK-8318983: Fix comment typo in PKCS12Passwd.java
+ JDK-8319124: Update XML Security for Java to 3.0.3
+ JDK-8319213: Compatibility.java reads both stdout and stderr
of JdkUtils
+ JDK-8319436: Proxy.newProxyInstance throws NPE if loader is
null and interface not visible from class loader
+ JDK-8319456: jdk/jfr/event/gc/collection/
/TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker
Initiated GC' not in the valid causes
+ JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh
+ JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21
+ JDK-8319961: JvmtiEnvBase doesn't zero _ext_event_callbacks
+ JDK-8320001: javac crashes while adding type annotations to
the return type of a constructor
+ JDK-8320168: handle setsocktopt return values
+ JDK-8320208: Update Public Suffix List to b5bf572
+ JDK-8320300: Adjust hs_err output in malloc/mmap error cases
+ JDK-8320363: ppc64 TypeEntries::type_unknown logic looks
wrong, missed optimization opportunity
+ JDK-8320597: RSA signature verification fails on signed data
that does not encode params correctly
+ JDK-8320798: Console read line with zero out should zero out
underlying buffer
+ JDK-8320885: Bump update version for OpenJDK: jdk-17.0.11
+ JDK-8320921: GHA: Parallelize hotspot_compiler test jobs
+ JDK-8320937: support latest VS2022 MSC_VER in
abstract_vm_version.cpp
+ JDK-8321151: JDK-8294427 breaks Windows L&F on all older
Windows versions
+ JDK-8321215: Incorrect x86 instruction encoding for VSIB
addressing mode
+ JDK-8321408: Add Certainly roots R1 and E1
+ JDK-8321480: ISO 4217 Amendment 176 Update
+ JDK-8321599: Data loss in AVX3 Base64 decoding
+ JDK-8321815: Shenandoah: gc state should be synchronized to
java threads only once per safepoint
+ JDK-8321972: test runtime/Unsafe/InternalErrorTest.java
timeout on linux-riscv64 platform
+ JDK-8322098: os::Linux::print_system_memory_info enhance the
THP output with
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size
+ JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces
+ JDK-8322417: Console read line with zero out should zero out
when throwing exception
+ JDK-8322583: RISC-V: Enable fast class initialization checks
+ JDK-8322725: (tz) Update Timezone Data to 2023d
+ JDK-8322750: Test 'api/java_awt/interactive/
/SystemTrayTests.html' failed because A blue ball icon is
added outside of the system tray
+ JDK-8322772: Clean up code after JDK-8322417
+ JDK-8322783: prioritize /etc/os-release over
/etc/SuSE-release in hs_err/info output
+ JDK-8322968: [17u] Amend Atomics gtest with 1-byte tests
+ JDK-8323008: filter out harmful -std* flags added by autoconf
from CXX
+ JDK-8323021: Shenandoah: Encountered reference count always
attributed to first worker thread
+ JDK-8323086: Shenandoah: Heap could be corrupted by oom
during evacuation
+ JDK-8323243: JNI invocation of an abstract instance method
corrupts the stack
+ JDK-8323331: fix typo hpage_pdm_size
+ JDK-8323428: Shenandoah: Unused memory in regions compacted
during a full GC should be mangled
+ JDK-8323515: Create test alias 'all' for all test roots
+ JDK-8323637: Capture hotspot replay files in GHA
+ JDK-8323640: [TESTBUG]testMemoryFailCount in
jdk/internal/platform/docker/TestDockerMemoryMetrics.java
always fail because OOM killed
+ JDK-8323806: [17u] VS2017 build fails with warning after
8293117.
+ JDK-8324184: Windows VS2010 build failed with 'error C2275:
'int64_t''
+ JDK-8324280: RISC-V: Incorrect implementation in
VM_Version::parse_satp_mode
+ JDK-8324347: Enable 'maybe-uninitialized' warning for
FreeType 2.13.1
+ JDK-8324514: ClassLoaderData::print_on should print address
of class loader
+ JDK-8324647: Invalid test group of lib-test after JDK-8323515
+ JDK-8324659: GHA: Generic jtreg errors are not reported
+ JDK-8324937: GHA: Avoid multiple test suites per job
+ JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/
/AKISerialNumber.java is failing
+ JDK-8325150: (tz) Update Timezone Data to 2024a
+ JDK-8325585: Remove no longer necessary calls to
set/unset-in-asgct flag in JDK 17
+ JDK-8326000: Remove obsolete comments for class
sun.security.ssl.SunJSSE
+ JDK-8327036: [macosx-aarch64] SIGBUS in
MarkActivationClosure::do_code_blob reached from
Unsafe_CopySwapMemory0
+ JDK-8327391: Add SipHash attribution file
+ JDK-8329836: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.11
- Removed the possibility to use the system timezone-java (bsc#1213470).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1529-1
Released: Mon May 6 11:52:10 2024
Summary: Recommended update for salt
Type: recommended
Severity: moderate
References: 1211649,1211888,1216850,1218482,1219001
This update for salt fixes the following issues:
- Convert oscap output to UTF-8
- Make Salt compatible with Python 3.11
- Ignore non-ascii chars in oscap output (bsc#1219001)
- Fix detected issues in Salt tests when running on VMs
- Make importing seco.range thread safe (bsc#1211649)
- Fix problematic tests and allow smooth tests executions on containers
- Discover Ansible playbook files as '*.yml' or '*.yaml' files (bsc#1211888)
- Provide user(salt)/group(salt) capabilities for RPM 4.19
- Extend dependencies for python3-salt-testsuiteand python3-salt packages
- Improve Salt and testsuite packages multibuild
- Enable multibuilld and create test flavor
- Prevent exceptions with fileserver.update when called via state (bsc#1218482)
- Improve pip target override condition with VENV_PIP_TARGET environment variable (bsc#1216850)
- Fixed KeyError in logs when running a state that fails
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1530-1
Released: Mon May 6 11:52:34 2024
Summary: Security update for grafana and mybatis
Type: security
Severity: moderate
References: 1219912,1222155,CVE-2023-6152,CVE-2024-1313
This update for grafana and mybatis fixes the following issues:
grafana was updated to version 9.5.18:
- Grafana now requires Go 1.20
- Security issues fixed:
* CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155)
* CVE-2023-6152: Add email verification when updating user email (bsc#1219912)
- Other non-security related changes:
* Version 9.5.17:
+ [FEATURE] Alerting: Backport use Alertmanager API v2
* Version 9.5.16:
+ [BUGFIX] Annotations: Split cleanup into separate queries and
deletes to avoid deadlocks on MySQL
* Version 9.5.15:
+ [FEATURE] Alerting: Attempt to retry retryable errors
* Version 9.5.14:
+ [BUGFIX] Alerting: Fix state manager to not keep
datasource_uid and ref_id labels in state after Error
+ [BUGFIX] Transformations: Config overrides being lost when
config from query transform is applied
+ [BUGFIX] LDAP: Fix enable users on successfull login
* Version 9.5.13:
+ [BUGFIX] BrowseDashboards: Only remember the most recent
expanded folder
+ [BUGFIX] Licensing: Pass func to update env variables when
starting plugin
* Version 9.5.12:
+ [FEATURE] Azure: Add support for Workload Identity
authentication
* Version 9.5.9:
+ [FEATURE] SSE: Fix DSNode to not panic when response has empty
response
+ [FEATURE] Prometheus: Handle the response with different field
key order
+ [BUGFIX] LDAP: Fix user disabling
mybatis:
- `apache-commons-ognl` is now a non-optional dependency
- Fixed building with log4j v1 and v2 dependencies
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1531-1
Released: Mon May 6 11:54:10 2024
Summary: Recommended update for golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter
Type: recommended
Severity: moderate
References:
This update for golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter fixes the following issues:
- update to 1.7.0 (jsc#PED-7893, jsc#PED-7928):
* [FEATURE] Add ZFS freebsd per dataset stats #2753
* [FEATURE] Add cpu vulnerabilities reporting from sysfs #2721
* [ENHANCEMENT] Parallelize stat calls in Linux filesystem
collector #1772
* [ENHANCEMENT] Add missing linkspeeds to ethtool collector #2711
* [ENHANCEMENT] Add CPU MHz as the value for node_cpu_info metric
#2778
* [ENHANCEMENT] Improve qdisc collector performance #2779
* [ENHANCEMENT] Add include and exclude filter for hwmon
collector #2699
* [ENHANCEMENT] Optionally fetch ARP stats via rtnetlink instead
of procfs #2777
* [BUFFIX] Fix ZFS arcstats on FreeBSD 14.0+ 2754
* [BUGFIX] Fallback to 32-bit stats in netdev #2757
* [BUGFIX] Close btrfs.FS handle after use #2780
* [BUGFIX] Move RO status before error return #2807
* [BUFFIX] Fix promhttp_metric_handler_errors_total being always
active #2808
* [BUGFIX] Fix nfsd v4 index miss #2824
- update to 1.6.1:
(no source code changes in this release)
- BuildRequire go1.20
- update to 1.6.0:
* [CHANGE] Fix cpustat when some cpus are offline #2318
* [CHANGE] Remove metrics of offline CPUs in CPU collector #2605
* [CHANGE] Deprecate ntp collector #2603
* [CHANGE] Remove bcache `cache_readaheads_totals` metrics #2583
* [CHANGE] Deprecate supervisord collector #2685
* [FEATURE] Enable uname collector on NetBSD #2559
* [FEATURE] NetBSD support for the meminfo collector #2570
* [FEATURE] NetBSD support for CPU collector #2626
* [FEATURE] Add FreeBSD collector for netisr subsystem #2668
* [FEATURE] Add softirqs collector #2669
* [ENHANCEMENT] Add suspended as a `node_zfs_zpool_state` #2449
* [ENHANCEMENT] Add administrative state of Linux network
interfaces #2515
* [ENHANCEMENT] Log current value of GOMAXPROCS #2537
* [ENHANCEMENT] Add profiler options for perf collector #2542
* [ENHANCEMENT] Allow root path as metrics path #2590
* [ENHANCEMENT] Add cpu frequency governor metrics #2569
* [ENHANCEMENT] Add new landing page #2622
* [ENHANCEMENT] Reduce privileges needed for btrfs device stats
#2634
* [ENHANCEMENT] Add ZFS `memory_available_bytes` #2687
* [ENHANCEMENT] Use `SCSI_IDENT_SERIAL` as serial in diskstats
#2612
* [ENHANCEMENT] Read missing from netlink netclass attributes
from sysfs #2669
* [BUGFIX] perf: fixes for automatically detecting the correct
tracefs mountpoints #2553
* [BUGFIX] Fix `thermal_zone` collector noise @2554
* [BUGFIX] Fix a problem fetching the user wire count on FreeBSD
2584
* [BUGFIX] interrupts: Fix fields on linux aarch64 #2631
* [BUGFIX] Remove metrics of offline CPUs in CPU collector #2605
* [BUGFIX] Fix OpenBSD filesystem collector string parsing #2637
* [BUGFIX] Fix bad reporting of `node_cpu_seconds_total` in
OpenBSD #2663
- change go_modules archive in _service to use obscpio file
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2024:1542-1
Released: Tue May 7 10:58:08 2024
Summary: Optional update for python-cheroot
Type: optional
Severity: low
References: 1223694
This update for python-cheroot and python-tempora fixes the following issues:
- Use update-alternatives for cheroot and tempora binaries (bsc#1223694)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1557-1
Released: Wed May 8 11:42:34 2024
Summary: Security update for rpm
Type: security
Severity: moderate
References: 1189495,1191175,1218686,CVE-2021-3521
This update for rpm fixes the following issues:
Security fixes:
- CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175)
Other fixes:
- accept more signature subpackets marked as critical (bsc#1218686)
- backport limit support for the autopatch macro (bsc#1189495)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1602-1
Released: Fri May 10 15:00:11 2024
Summary: Recommended update for salt
Type: recommended
Severity: important
References:
This update for salt fixes the following issues:
- Make 'man' a recommended package instead of required to fix installation issues with SLE Micro
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1665-1
Released: Thu May 16 08:00:09 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1221632
This update for coreutils fixes the following issues:
- ls: avoid triggering automounts (bsc#1221632)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1762-1
Released: Wed May 22 16:14:17 2024
Summary: Security update for perl
Type: security
Severity: important
References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
The following package changes have been done:
- cracklib-dict-small-2.9.11-150600.1.90 updated
- libldap-data-2.4.46-150600.23.21 updated
- glibc-2.38-150600.12.1 updated
- libzstd1-1.5.5-150600.1.3 updated
- libuuid1-2.39.3-150600.2.1 updated
- libsmartcols1-2.39.3-150600.2.1 updated
- libsepol2-3.5-150600.1.49 updated
- libsasl2-3-2.1.28-150600.5.3 updated
- libpcre2-8-0-10.42-150600.1.26 updated
- libnghttp2-14-1.40.0-150600.23.2 updated
- liblzma5-5.4.1-150600.1.2 updated
- liblz4-1-1.9.4-150600.1.4 updated
- libgpg-error0-1.47-150600.1.3 updated
- libfa1-1.14.1-150600.1.3 updated
- libcom_err2-1.47.0-150600.2.26 updated
- libblkid1-2.39.3-150600.2.1 updated
- libselinux1-3.5-150600.1.46 updated
- libglib-2_0-0-2.78.3-150600.2.2 updated
- libgcrypt20-1.10.3-150600.1.23 updated
- libfdisk1-2.39.3-150600.2.1 updated
- libmount1-2.39.3-150600.2.1 updated
- libgmodule-2_0-0-2.78.3-150600.2.2 updated
- adcli-0.8.2-150400.17.6.1 added
- stringtree-json-2.0.9-0.150600.12.4 updated
- libabsl2401_0_0-20240116.1-150600.17.7 updated
- libgobject-2_0-0-2.78.3-150600.2.2 updated
- libopenssl3-3.1.4-150600.3.6 updated
- libaugeas0-1.14.1-150600.1.3 updated
- libudev1-254.10-150600.2.3 updated
- libsystemd0-254.10-150600.2.3 updated
- libprotobuf-lite25_1_0-25.1-150600.14.3 updated
- libzck1-1.1.16-150600.9.3 updated
- libopenssl-3-fips-provider-3.1.4-150600.3.6 updated
- libldap-2_4-2-2.4.46-150600.23.21 updated
- krb5-1.20.1-150600.9.2 updated
- patterns-base-fips-20200124-150600.30.1 updated
- perl-base-5.26.1-150300.17.17.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated
- shared-mime-info-2.4-150600.1.3 updated
- login_defs-4.8.1-150600.15.45 updated
- libcrack2-2.9.11-150600.1.90 updated
- cracklib-2.9.11-150600.1.90 updated
- sed-4.9-150600.1.4 updated
- libcurl4-8.6.0-150600.2.2 updated
- sles-release-15.6-150600.37.2 updated
- libgio-2_0-0-2.78.3-150600.2.2 updated
- glib2-tools-2.78.3-150600.2.2 updated
- libpxbackend-1_0-0.5.3-150600.2.1 updated
- libproxy1-0.5.3-150600.2.2 updated
- gpg2-2.4.4-150600.1.4 updated
- libgpgme11-1.23.0-150600.1.41 updated
- libzypp-17.32.4-150600.1.2 updated
- shadow-4.8.1-150600.15.45 updated
- zypper-1.14.71-150600.8.2 updated
- util-linux-2.39.3-150600.2.1 updated
- augeas-1.14.1-150600.1.3 updated
- curl-8.6.0-150600.2.2 updated
- openssl-3-3.1.4-150600.3.6 updated
- concurrent-1.3.4-277.150600.277.4 updated
- timezone-2024a-150600.89.2 updated
- ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated
- libkmod2-29-150600.11.4 updated
- pam-config-1.1-150600.14.3 updated
- systemd-presets-branding-SLE-15.1-150600.33.1 updated
- systemd-254.10-150600.2.3 updated
- coreutils-8.32-150400.9.6.1 updated
- augeas-lenses-1.14.1-150600.1.3 updated
- girepository-1_0-1.78.1-150600.2.3 updated
- libgirepository-1_0-1-1.78.1-150600.2.3 updated
- glibc-locale-base-2.38-150600.12.1 updated
- golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1 updated
- grafana-formula-0.10.1-150600.1.1 updated
- iputils-20221126-150500.1.1 added
- jose4j-0.9.5-150600.1.2 updated
- libarchive13-3.7.2-150600.1.7 updated
- libargon2-1-20190702-150600.1.4 updated
- libavahi-common3-0.8-150600.13.4 added
- libbasicobjects0-0.1.1-3.3.1 added
- libburn4-1.5.6-150600.1.6 updated
- libcares2-1.19.1-150000.3.26.1 added
- libcollection4-0.7.0-3.3.1 added
- libdevmapper1_03-2.03.22_1.02.196-150600.1.3 updated
- libdhash1-0.5.0-3.3.1 added
- libgraphite2-3-1.3.14-150600.1.5 updated
- libipa_hbac0-2.9.3-150600.1.6 added
- libjpeg8-8.2.2-150600.22.5 updated
- liblcms2-2-2.15-150600.1.5 updated
- libnettle8-3.9.1-150600.1.46 updated
- libnscd1-2.0.2-3.21 added
- libpath_utils1-0.2.1-3.3.1 added
- libpng16-16-1.6.40-150600.1.3 updated
- libpq5-16.2-150600.14.11 updated
- libprotobuf-c1-1.5.0-150600.1.4 updated
- libref_array1-0.1.5-3.3.1 added
- libsgutils2-1_48-2-1.48+10.1532339-150600.1.3 updated
- libsss_idmap0-2.9.3-150600.1.6 added
- libsss_nss_idmap0-2.9.3-150600.1.6 added
- libtalloc2-2.4.1-150600.1.3 added
- libtdb1-1.4.9-150600.1.4 added
- libtextstyle0-0.21.1-150600.1.7 updated
- lsof-4.99.0-150600.1.15 updated
- openslp-2.0.0-150600.19.5 updated
- openssh-common-9.6p1-150600.4.2 updated
- release-notes-susemanager-5.0.0~rc-150600.13.2 updated
- selinux-tools-3.5-150600.1.46 updated
- simple-xml-2.6.2-0.150600.10.4 updated
- sitemesh-2.1-0.150600.8.64 updated
- skelcd-EULA-suse-manager-server-container-2024.05.03.1-150600.1.1 updated
- snmp-mibs-5.9.4-150600.22.4 updated
- sudo-1.9.15p5-150600.1.2 updated
- susemanager-schema-utility-5.0.7-150600.1.12 updated
- util-linux-systemd-2.39.3-150600.2.1 updated
- uyuni-config-modules-5.0.7-150600.1.1 updated
- vim-data-common-9.1.0330-150500.20.12.1 updated
- woodstox-4.4.2-150600.1.96 updated
- xz-5.4.1-150600.1.2 updated
- yast2-logs-4.6.8-150600.1.1 updated
- zstd-1.5.5-150600.1.3 updated
- suseconnect-ng-1.9.0-150600.1.1 updated
- mtools-4.0.43-150600.1.6 updated
- libyui16-4.5.3-150500.3.5.4 updated
- libyui-ncurses16-4.5.3-150500.3.5.4 updated
- glibc-locale-2.38-150600.12.1 updated
- libavahi-client3-0.8-150600.13.4 added
- libdevmapper-event1_03-2.03.22_1.02.196-150600.1.3 updated
- mokutil-0.5.0-150600.8.3 updated
- ipmitool-1.8.18.238.gb7adc1d-150600.8.3 updated
- perl-5.26.1-150300.17.17.1 updated
- cyrus-sasl-2.1.28-150600.5.3 updated
- libfido2-1-1.13.0-150600.10.3 updated
- libisoburn1-1.5.6-150600.1.6 updated
- libopenssl1_1-1.1.1w-150600.3.10 updated
- libcryptsetup12-2.7.0-150600.1.4 updated
- libipset13-7.21-150600.1.3 updated
- libhogweed6-3.9.1-150600.1.46 updated
- postgresql-16-150600.15.24 updated
- postgresql16-16.2-150600.14.11 added
- libini_config5-1.3.1-3.3.1 added
- sg3_utils-1.48+10.1532339-150600.1.3 updated
- libtevent0-0.15.0-150600.1.3 added
- libsss_certmap0-2.9.3-150600.1.6 added
- gettext-runtime-0.21.1-150600.1.7 updated
- bind-utils-9.18.24-150600.1.5 updated
- tftp-5.2-150000.5.6.2 updated
- glibc-devel-2.38-150600.12.1 updated
- openssh-fips-9.6p1-150600.4.2 updated
- susemanager-docs_en-5.0-150600.3.1 updated
- policycoreutils-3.5-150600.1.50 updated
- redstone-xmlrpc-1.1_20071120-0.150600.9.4 updated
- susemanager-branding-oss-5.0.4-150600.1.2 updated
- spacewalk-java-lib-5.0.7-150600.1.13 updated
- uyuni-reportdb-schema-5.0.5-150600.1.12 updated
- kmod-29-150600.11.4 updated
- less-643-150600.1.37 updated
- reprepro-5.4.0-150600.1.7 updated
- libsuseconnect-1.9.0-150600.1.1 updated
- libyui-ncurses-pkg16-4.5.3-150500.3.5.11 updated
- device-mapper-2.03.22_1.02.196-150600.1.3 updated
- shim-15.8-150300.4.20.2 updated
- yast2-core-4.6.0-150600.1.7 updated
- vim-9.1.0330-150500.20.12.1 updated
- libsnmp40-5.9.4-150600.22.4 updated
- apache2-prefork-2.4.58-150600.3.2 updated
- cyrus-sasl-gssapi-2.1.28-150600.5.3 added
- cyrus-sasl-digestmd5-2.1.28-150600.5.3 updated
- openssh-server-9.6p1-150600.4.2 updated
- openssh-clients-9.6p1-150600.4.2 updated
- xorriso-1.5.6-150600.1.6 updated
- ipset-7.21-150600.1.3 updated
- libgnutls30-3.8.3-150600.2.15 updated
- wicked-0.6.74-150600.9.2 updated
- wicked-service-0.6.74-150600.9.2 updated
- libharfbuzz0-8.3.0-150600.1.3 updated
- fontconfig-2.14.2-150600.1.3 updated
- libfontconfig1-2.14.2-150600.1.3 updated
- postgresql-server-16-150600.15.24 updated
- postgresql16-server-16.2-150600.14.11 added
- libldb2-2.8.0-150600.1.4 added
- gettext-tools-0.21.1-150600.1.7 updated
- postfix-3.8.4-150600.1.5 updated
- libcreaterepo_c0-0.16.0-150600.12.4 updated
- susemanager-docs_en-pdf-5.0-150600.3.1 updated
- susemanager-schema-5.0.7-150600.1.12 updated
- susemanager-sync-data-5.0.4-150600.1.1 updated
- udev-254.10-150600.2.3 updated
- rsync-3.2.7-150600.1.5 updated
- openslp-server-2.0.0-150600.19.5 updated
- suseconnect-ruby-bindings-1.9.0-150600.1.1 updated
- yast2-pkg-bindings-4.6.5-150600.1.3 updated
- perl-SNMP-5.9.4-150600.22.4 updated
- net-snmp-5.9.4-150600.22.4 updated
- apache2-2.4.58-150600.3.2 updated
- openssh-9.6p1-150600.4.2 updated
- grub2-2.12-150600.6.12 updated
- grub2-i386-pc-2.12-150600.6.12 updated
- python3-uyuni-common-libs-5.0.3-150600.1.41.1 updated
- python3-rpm-4.14.3-150400.59.16.1 updated
- python3-idna-2.6-150000.3.3.1 updated
- python3-M2Crypto-0.38.0-150600.17.3 updated
- libvirt-libs-10.0.0-150600.6.2 updated
- rsyslog-8.2306.0-150600.10.6 updated
- postgresql16-contrib-16.2-150600.14.11 added
- postgresql-contrib-16-150600.15.24 updated
- sssd-ldap-2.9.3-150600.1.6 added
- sssd-2.9.3-150600.1.6 added
- sssd-krb5-common-2.9.3-150600.1.6 added
- samba-client-libs-4.19.5+git.342.57620c4f7e-150600.1.30 added
- createrepo_c-0.16.0-150600.12.4 updated
- libnm0-1.44.2-150600.1.7 updated
- java-17-openjdk-headless-17.0.11.0-150400.3.42.1 added
- java-11-openjdk-headless-11.0.23.0-150000.3.113.1 updated
- libstorage-ng1-4.5.201-150600.1.3 updated
- grub2-x86_64-efi-2.12-150600.6.12 updated
- python3-tempora-1.8-150200.3.3.1 updated
- inter-server-sync-0.3.3-150600.1.2 updated
- spacewalk-backend-sql-postgresql-5.0.6-150600.3.42.13 updated
- uyuni-setup-reportdb-5.0.3-150600.1.2 updated
- sssd-krb5-2.9.3-150600.1.6 added
- sssd-dbus-2.9.3-150600.1.6 added
- python3-sssd-config-2.9.3-150600.1.6 added
- sssd-ad-2.9.3-150600.1.6 added
- typelib-1_0-NM-1_0-1.44.2-150600.1.7 updated
- tomcat-servlet-4_0-api-9.0.87-150200.65.1 updated
- tomcat-el-3_0-api-9.0.87-150200.65.1 updated
- geronimo-stax-1_0-api-1.2-150200.15.8.1 updated
- geronimo-jta-1_1-api-1.2-150200.15.8.1 updated
- geronimo-annotation-1_0-api-1.2-150200.15.8.1 updated
- apache-commons-daemon-1.3.4-150200.11.14.1 updated
- libstorage-ng-ruby-4.5.201-150600.1.3 updated
- java-17-openjdk-17.0.11.0-150400.3.42.1 added
- java-11-openjdk-11.0.23.0-150000.3.113.1 updated
- spacewalk-base-minimal-5.0.7-150600.1.13 updated
- spacewalk-config-5.0.3-150600.1.1 updated
- spacecmd-5.0.6-150600.3.116.1 updated
- rpm-build-4.14.3-150400.59.16.1 updated
- sssd-tools-2.9.3-150600.1.6 added
- sssd-ipa-2.9.3-150600.1.6 added
- tomcat-jsp-2_3-api-9.0.87-150200.65.1 updated
- byte-buddy-dep-1.11.12-150600.1.6 updated
- xmlpull-api-1.1.3.1-150600.1.3 updated
- tomcat-taglibs-standard-1_2_5-1.2.5-150600.1.93 updated
- quartz-2.3.0-150600.1.96 updated
- protobuf-java-25.1-150600.14.3 updated
- prometheus-jmx_exporter-0.3.1-150600.1.4 updated
- prometheus-client-java-0.3.0-150600.1.92 updated
- picocontainer-1.3.7-150600.1.4 updated
- mvel2-2.2.6.Final-150600.1.94 updated
- lucene-2.4.1-150600.1.96 updated
- kie-soup-7.17.0.Final-150600.1.87 updated
- kie-api-7.17.0-150600.1.86 updated
- jpa-api-2.2.2-150600.1.7 updated
- java-saml-2.4.0-150600.1.3 updated
- ical4j-3.0.18-150600.1.82 updated
- hibernate-commons-annotations-5.0.4-150600.1.93 updated
- ehcache-2.10.1-150600.1.97 updated
- dwr-3.0.2-0.150600.10.4 updated
- drools-7.17.0-150600.1.83 updated
- spacewalk-base-minimal-config-5.0.7-150600.1.13 updated
- yast2-4.6.8-150600.1.1 updated
- tomcat-lib-9.0.87-150200.65.1 updated
- apache-commons-pool2-2.4.2-150200.11.8.1 updated
- byte-buddy-1.11.12-150600.1.6 updated
- reflections-0.9.10-150600.1.3 updated
- pgjdbc-ng-0.8.7-150600.1.89 updated
- mybatis-3.5.6-150200.5.6.1 updated
- prometheus-jmx_exporter-tomcat-0.3.1-150600.1.4 updated
- optaplanner-7.17.0-150600.1.84 updated
- apache-commons-dbcp-2.1.1-150200.10.8.1 updated
- hibernate-types-2.16.2-150600.1.4 updated
- simple-core-3.1.3-0.150600.8.4 updated
- xmlsec-2.0.7-150600.1.88 updated
- statistics-1.0.2-150600.1.91 updated
- spark-core-2.9.3-150600.1.122 updated
- jade4j-1.2.7-150600.2.2 updated
- tomcat-9.0.87-150200.65.1 updated
- spacewalk-search-5.0.2-150600.1.3 updated
- subscription-matcher-0.37-150600.1.2 updated
- spark-template-jade-2.7.1-150600.1.4 updated
- jakarta-commons-validator-1.1.4-21.150600.19.107 updated
- salt-netapi-client-0.21.0-150600.1.4 updated
- spacewalk-backend-5.0.6-150600.3.42.13 updated
- python3-spacewalk-client-tools-5.0.5-150600.3.89.8 updated
- spacewalk-client-tools-5.0.5-150600.3.89.8 updated
- spacewalk-base-5.0.7-150600.1.13 updated
- spacewalk-java-postgresql-5.0.7-150600.1.13 updated
- spacewalk-branding-5.0.2-150600.1.2 updated
- hibernate5-core-5.3.25-150600.1.79 updated
- struts-1.2.9-162.150600.33.4 updated
- python3-salt-3006.0-150500.4.35.1 updated
- salt-3006.0-150500.4.35.1 updated
- fence-agents-4.13.1+git.1704296072.32469f29-150600.1.3 updated
- spacewalk-backend-sql-5.0.6-150600.3.42.13 updated
- python3-spacewalk-certs-tools-5.0.4-150600.1.1 updated
- spacewalk-certs-tools-5.0.4-150600.1.1 updated
- mgr-push-5.0.2-150600.1.28.1 updated
- python3-mgr-push-5.0.2-150600.1.28.1 updated
- spacewalk-admin-5.0.6-150600.1.1 updated
- spacewalk-reports-5.0.2-150600.1.1 updated
- spacewalk-html-5.0.7-150600.1.13 updated
- hibernate5-ehcache-5.3.25-150600.1.79 updated
- hibernate5-c3p0-5.3.25-150600.1.79 updated
- salt-master-3006.0-150500.4.35.1 updated
- spacewalk-backend-server-5.0.6-150600.3.42.13 updated
- susemanager-sls-5.0.7-150600.1.1 updated
- spacewalk-java-config-5.0.7-150600.1.13 updated
- salt-api-3006.0-150500.4.35.1 updated
- spacewalk-backend-xmlrpc-5.0.6-150600.3.42.13 updated
- spacewalk-backend-xml-export-libs-5.0.6-150600.3.42.13 updated
- spacewalk-backend-package-push-server-5.0.6-150600.3.42.13 updated
- spacewalk-backend-iss-5.0.6-150600.3.42.13 updated
- spacewalk-backend-applet-5.0.6-150600.3.42.13 updated
- spacewalk-backend-app-5.0.6-150600.3.42.13 updated
- spacewalk-taskomatic-5.0.7-150600.1.13 updated
- spacewalk-java-5.0.7-150600.1.13 updated
- spacewalk-backend-iss-export-5.0.6-150600.3.42.13 updated
- patterns-suma_retail-5.0-150600.4.2 updated
- spacewalk-common-5.0.2-150600.1.2 updated
- susemanager-tools-5.0.6-150600.1.1 updated
- spacewalk-backend-tools-5.0.6-150600.3.42.13 updated
- spacewalk-postgresql-5.0.2-150600.1.2 updated
- susemanager-5.0.6-150600.1.1 updated
- patterns-suma_server-5.0-150600.4.2 updated
- container:suse-manager-5.0-init-5.0.0-rc-5.0.0-rc-4.59 added
- container:suse-manager-5.0-init-5.0.0-beta2-5.0.0-beta2-3.74 removed
- jcommon-1.0.16-0.150600.9.3 removed
- libnewt0_52-0.52.20-150000.7.2.3 removed
- libslang2-2.3.1a-150000.5.2.3 removed
- newt-0.52.20-150000.7.2.3 removed
- postgresql14-14.11-150600.14.3 removed
- postgresql14-contrib-14.11-150600.14.3 removed
- postgresql14-server-14.11-150600.14.3 removed
- python3-newt-0.52.20-150000.7.2.3 removed
- spacewalk-backend-config-files-5.0.5-150600.3.41.7 removed
- spacewalk-backend-config-files-common-5.0.5-150600.3.41.7 removed
- spacewalk-backend-config-files-tool-5.0.5-150600.3.41.7 removed
More information about the sle-container-updates
mailing list