From sle-container-updates at lists.suse.com Tue Sep 3 07:01:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Sep 2024 09:01:36 +0200 (CEST) Subject: SUSE-IU-2024:1137-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20240903070136.D426FFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1137-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.131 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.131 Severity : important Type : security References : 1227322 1228535 CVE-2024-4467 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3077-1 Released: Mon Sep 2 16:42:22 2024 Summary: Security update for qemu Type: security Severity: important References: 1227322,CVE-2024-4467 This update for qemu fixes the following issues: - CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) The following package changes have been done: - qemu-guest-agent-7.1.0-150500.49.18.1 updated - libcurl4-8.0.1-150400.5.47.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.64 updated From sle-container-updates at lists.suse.com Tue Sep 3 07:01:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Sep 2024 09:01:41 +0200 (CEST) Subject: SUSE-IU-2024:1138-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20240903070141.34406FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1138-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.137 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.137 Severity : moderate Type : security References : 1228535 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) The following package changes have been done: - libcurl4-8.0.1-150400.5.47.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.105 updated From sle-container-updates at lists.suse.com Tue Sep 3 07:01:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Sep 2024 09:01:58 +0200 (CEST) Subject: SUSE-IU-2024:1139-1: Security update of suse/sle-micro/5.5 Message-ID: <20240903070158.C114FFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1139-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.105 , suse/sle-micro/5.5:latest Image Release : 5.5.105 Severity : important Type : security References : 1228535 1229069 CVE-2023-31315 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3081-1 Released: Mon Sep 2 16:44:33 2024 Summary: Security update for kernel-firmware Type: security Severity: important References: 1229069,CVE-2023-31315 This update for kernel-firmware fixes the following issues: - CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069) The following package changes have been done: - libcurl4-8.0.1-150400.5.47.1 updated - kernel-firmware-amdgpu-20230724-150500.3.12.1 updated - kernel-firmware-ath10k-20230724-150500.3.12.1 updated - kernel-firmware-ath11k-20230724-150500.3.12.1 updated - kernel-firmware-atheros-20230724-150500.3.12.1 updated - kernel-firmware-bluetooth-20230724-150500.3.12.1 updated - kernel-firmware-bnx2-20230724-150500.3.12.1 updated - kernel-firmware-brcm-20230724-150500.3.12.1 updated - kernel-firmware-chelsio-20230724-150500.3.12.1 updated - kernel-firmware-dpaa2-20230724-150500.3.12.1 updated - kernel-firmware-i915-20230724-150500.3.12.1 updated - kernel-firmware-intel-20230724-150500.3.12.1 updated - kernel-firmware-iwlwifi-20230724-150500.3.12.1 updated - kernel-firmware-liquidio-20230724-150500.3.12.1 updated - kernel-firmware-marvell-20230724-150500.3.12.1 updated - kernel-firmware-media-20230724-150500.3.12.1 updated - kernel-firmware-mediatek-20230724-150500.3.12.1 updated - kernel-firmware-mellanox-20230724-150500.3.12.1 updated - kernel-firmware-mwifiex-20230724-150500.3.12.1 updated - kernel-firmware-network-20230724-150500.3.12.1 updated - kernel-firmware-nfp-20230724-150500.3.12.1 updated - kernel-firmware-nvidia-20230724-150500.3.12.1 updated - kernel-firmware-platform-20230724-150500.3.12.1 updated - kernel-firmware-prestera-20230724-150500.3.12.1 updated - kernel-firmware-qcom-20230724-150500.3.12.1 updated - kernel-firmware-qlogic-20230724-150500.3.12.1 updated - kernel-firmware-radeon-20230724-150500.3.12.1 updated - kernel-firmware-realtek-20230724-150500.3.12.1 updated - kernel-firmware-serial-20230724-150500.3.12.1 updated - kernel-firmware-sound-20230724-150500.3.12.1 updated - kernel-firmware-ti-20230724-150500.3.12.1 updated - kernel-firmware-ueagle-20230724-150500.3.12.1 updated - kernel-firmware-usb-network-20230724-150500.3.12.1 updated - kernel-firmware-all-20230724-150500.3.12.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.64 updated From sle-container-updates at lists.suse.com Tue Sep 3 07:08:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Sep 2024 09:08:46 +0200 (CEST) Subject: SUSE-CU-2024:3917-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240903070846.B9CEBFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3917-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.23 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.23 Severity : moderate Type : recommended References : 1229339 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). The following package changes have been done: - suse-build-key-12.0-150000.8.52.3 updated From sle-container-updates at lists.suse.com Tue Sep 3 13:40:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Sep 2024 15:40:37 +0200 (CEST) Subject: SUSE-CU-2024:3918-1: Recommended update of suse/sles12sp5 Message-ID: <20240903134037.23E67FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3918-1 Container Tags : suse/sles12sp5:6.8.37 , suse/sles12sp5:latest Container Release : 6.8.37 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3069-1 Released: Mon Sep 2 14:29:49 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issue: - agetty: Prevent login cursor escape (bsc#1194818). The following package changes have been done: - libblkid1-2.33.2-4.45.2 updated - libfdisk1-2.33.2-4.45.2 updated - libmount1-2.33.2-4.45.2 updated - libsmartcols1-2.33.2-4.45.2 updated - libuuid1-2.33.2-4.45.2 updated - util-linux-2.33.2-4.45.2 updated From sle-container-updates at lists.suse.com Tue Sep 3 13:43:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Sep 2024 15:43:22 +0200 (CEST) Subject: SUSE-CU-2024:3919-1: Recommended update of suse/sle15 Message-ID: <20240903134322.BEF8BFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3919-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.37 Container Release : 9.8.37 Severity : moderate Type : recommended References : 1194818 1229339 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3068-1 Released: Mon Sep 2 14:25:15 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issue: - agetty: Prevent login cursor escape (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). The following package changes have been done: - libblkid1-2.33.2-150100.4.48.2 updated - libfdisk1-2.33.2-150100.4.48.2 updated - libmount1-2.33.2-150100.4.48.2 updated - libsmartcols1-2.33.2-150100.4.48.2 updated - libuuid1-2.33.2-150100.4.48.2 updated - suse-build-key-12.0-150000.8.52.3 updated - util-linux-2.33.2-150100.4.48.2 updated From sle-container-updates at lists.suse.com Tue Sep 3 13:43:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Sep 2024 15:43:51 +0200 (CEST) Subject: SUSE-CU-2024:3920-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240903134351.02E4BFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3920-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.21 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.21 Container Release : 6.21 Severity : moderate Type : recommended References : 1229339 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). The following package changes have been done: - suse-build-key-12.0-150000.8.52.3 updated From sle-container-updates at lists.suse.com Tue Sep 3 13:51:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Sep 2024 15:51:03 +0200 (CEST) Subject: SUSE-CU-2024:3952-1: Recommended update of suse/sle15 Message-ID: <20240903135103.75E1FFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3952-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.9 , suse/sle15:15.6 , suse/sle15:15.6.47.11.9 Container Release : 47.11.9 Severity : moderate Type : recommended References : 1229339 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). The following package changes have been done: - suse-build-key-12.0-150000.8.52.3 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:01:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:01:37 +0200 (CEST) Subject: SUSE-IU-2024:1144-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20240904070137.68087FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1144-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.133 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.133 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libgobject-2_0-0-2.70.5-150400.3.14.1 updated - libgmodule-2_0-0-2.70.5-150400.3.14.1 updated - libgio-2_0-0-2.70.5-150400.3.14.1 updated - glib2-tools-2.70.5-150400.3.14.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.65 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:01:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:01:38 +0200 (CEST) Subject: SUSE-IU-2024:1145-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20240904070138.40BD6FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1145-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.135 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.135 Severity : moderate Type : recommended References : 1224113 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.66 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:01:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:01:42 +0200 (CEST) Subject: SUSE-IU-2024:1146-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20240904070142.22345FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1146-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.140 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.140 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libgobject-2_0-0-2.70.5-150400.3.14.1 updated - libgmodule-2_0-0-2.70.5-150400.3.14.1 updated - libgio-2_0-0-2.70.5-150400.3.14.1 updated - glib2-tools-2.70.5-150400.3.14.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.107 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:01:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:01:42 +0200 (CEST) Subject: SUSE-IU-2024:1147-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20240904070142.E0314FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1147-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.143 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.143 Severity : moderate Type : recommended References : 1224113 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.109 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:02:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:02:02 +0200 (CEST) Subject: SUSE-IU-2024:1148-1: Security update of suse/sle-micro/5.5 Message-ID: <20240904070202.53131FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1148-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.107 , suse/sle-micro/5.5:latest Image Release : 5.5.107 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libgobject-2_0-0-2.70.5-150400.3.14.1 updated - libgmodule-2_0-0-2.70.5-150400.3.14.1 updated - libgio-2_0-0-2.70.5-150400.3.14.1 updated - glib2-tools-2.70.5-150400.3.14.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.65 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:02:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:02:03 +0200 (CEST) Subject: SUSE-IU-2024:1149-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20240904070203.28C82FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1149-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.109 , suse/sle-micro/5.5:latest Image Release : 5.5.109 Severity : moderate Type : recommended References : 1224113 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.66 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:05:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:05:43 +0200 (CEST) Subject: SUSE-CU-2024:3960-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240904070543.3C8FCFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3960-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.18 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.18 Severity : moderate Type : security References : 1224044 1228535 1229339 CVE-2024-34397 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - curl-8.0.1-150400.5.47.1 updated - libcurl4-8.0.1-150400.5.47.1 updated - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libgmodule-2_0-0-2.70.5-150400.3.14.1 updated - suse-build-key-12.0-150000.8.52.3 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:08:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:08:19 +0200 (CEST) Subject: SUSE-CU-2024:3963-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240904070819.31C96FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3963-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.19 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.19 Severity : moderate Type : security References : 1224044 1228535 1229339 CVE-2024-34397 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - curl-8.0.1-150400.5.47.1 updated - libcurl4-8.0.1-150400.5.47.1 updated - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libgmodule-2_0-0-2.70.5-150400.3.14.1 updated - suse-build-key-12.0-150000.8.52.3 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:08:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:08:24 +0200 (CEST) Subject: SUSE-IU-2024:1150-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20240904070824.E59CDFBA3@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1150-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.2 , suse/sl-micro/6.0/baremetal-os-container:2.1.2-3.46 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 3.46 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 27 Released: Tue Sep 3 14:16:21 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - SL-Micro-release-6.0-24.10 updated - libglib-2_0-0-2.76.2-5.1 updated - libgobject-2_0-0-2.76.2-5.1 updated - libgmodule-2_0-0-2.76.2-5.1 updated - libgio-2_0-0-2.76.2-5.1 updated - glib2-tools-2.76.2-5.1 updated - container:SL-Micro-base-container-2.1.2-3.27 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:08:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:08:27 +0200 (CEST) Subject: SUSE-IU-2024:1151-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20240904070827.50B26FBA3@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1151-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.2 , suse/sl-micro/6.0/base-os-container:2.1.2-3.27 , suse/sl-micro/6.0/base-os-container:latest Image Release : 3.27 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 27 Released: Tue Sep 3 14:16:21 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.76.2-5.1 updated - libgmodule-2_0-0-2.76.2-5.1 updated - SL-Micro-release-6.0-24.10 updated - container:suse-toolbox-image-1.0.0-6.46 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:08:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:08:30 +0200 (CEST) Subject: SUSE-IU-2024:1152-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20240904070830.336EFFBA3@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1152-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.2 , suse/sl-micro/6.0/kvm-os-container:2.1.2-3.44 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 3.44 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 27 Released: Tue Sep 3 14:16:21 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - SL-Micro-release-6.0-24.10 updated - libglib-2_0-0-2.76.2-5.1 updated - libgobject-2_0-0-2.76.2-5.1 updated - libgmodule-2_0-0-2.76.2-5.1 updated - libgio-2_0-0-2.76.2-5.1 updated - glib2-tools-2.76.2-5.1 updated - container:SL-Micro-base-container-2.1.2-3.27 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:08:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:08:34 +0200 (CEST) Subject: SUSE-IU-2024:1153-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20240904070834.BDB73FBA3@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1153-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.2 , suse/sl-micro/6.0/rt-os-container:2.1.2-4.15 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 4.15 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 27 Released: Tue Sep 3 14:16:21 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - SL-Micro-release-6.0-24.10 updated - libglib-2_0-0-2.76.2-5.1 updated - libgobject-2_0-0-2.76.2-5.1 updated - libgmodule-2_0-0-2.76.2-5.1 updated - libgio-2_0-0-2.76.2-5.1 updated - glib2-tools-2.76.2-5.1 updated - container:SL-Micro-container-2.1.2-3.46 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:08:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:08:51 +0200 (CEST) Subject: SUSE-CU-2024:3968-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20240904070851.BC23DFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3968-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-6.9 , suse/sl-micro/6.0/toolbox:latest Container Release : 6.9 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 27 Released: Tue Sep 3 14:16:21 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - SL-Micro-release-6.0-24.10 updated - libglib-2_0-0-2.76.2-5.1 updated - libgmodule-2_0-0-2.76.2-5.1 updated - skelcd-EULA-SL-Micro-2024.01.19-7.16 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:09:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:09:56 +0200 (CEST) Subject: SUSE-CU-2024:3969-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240904070956.41EBAFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3969-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.14 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.14 Container Release : 5.14 Severity : moderate Type : security References : 1224044 1228535 1229339 CVE-2024-34397 CVE-2024-7264 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - curl-8.0.1-150400.5.47.1 updated - libcurl4-8.0.1-150400.5.47.1 updated - libglib-2_0-0-2.70.5-150400.3.14.1 updated - suse-build-key-12.0-150000.8.52.3 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:12:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:12:23 +0200 (CEST) Subject: SUSE-CU-2024:3970-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240904071223.A356AFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3970-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.24 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.24 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1224113 1228968 1229329 1229465 1229975 CVE-2024-6119 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3124-1 Released: Tue Sep 3 17:38:34 2024 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1229975 This update for cryptsetup fixes the following issues: - FIPS: Extend the password for PBKDF2 benchmarking to be more than 20 chars to meet FIPS 140-3 requirements (bsc#1229975) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libcryptsetup12-2.7.0-150600.3.3.1 updated - libfreebl3-3.101.2-150400.3.51.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:13:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:13:16 +0200 (CEST) Subject: SUSE-CU-2024:3972-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240904071316.3F6E4FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3972-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.22 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.22 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - libgmodule-2_0-0-2.70.5-150400.3.14.1 updated - libgobject-2_0-0-2.70.5-150400.3.14.1 updated - libgio-2_0-0-2.70.5-150400.3.14.1 updated - glib2-tools-2.70.5-150400.3.14.1 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:13:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:13:17 +0200 (CEST) Subject: SUSE-CU-2024:3973-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240904071317.05ECEFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3973-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.23 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.23 Severity : moderate Type : security References : 1228535 CVE-2024-7264 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libcurl4-8.0.1-150400.5.47.1 updated - curl-8.0.1-150400.5.47.1 updated - container:sles15-ltss-image-15.0.0-5.14 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:13:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:13:47 +0200 (CEST) Subject: SUSE-CU-2024:3974-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240904071347.6118CFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3974-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.24 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.24 Severity : moderate Type : security References : 1224044 1228535 CVE-2024-34397 CVE-2024-7264 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libcurl4-8.0.1-150400.5.47.1 updated - curl-8.0.1-150400.5.47.1 updated - container:sles15-ltss-image-15.0.0-5.14 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:16:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:16:15 +0200 (CEST) Subject: SUSE-CU-2024:3978-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20240904071615.E5CCAFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3978-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.18 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.18 Severity : moderate Type : recommended References : 1229339 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). The following package changes have been done: - suse-build-key-12.0-150000.8.52.3 updated From sle-container-updates at lists.suse.com Wed Sep 4 07:19:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Sep 2024 09:19:32 +0200 (CEST) Subject: SUSE-CU-2024:3980-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240904071932.69CC2FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3980-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.20 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.20 Severity : moderate Type : recommended References : 1229339 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). The following package changes have been done: - suse-build-key-12.0-150000.8.52.3 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:01:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:01:38 +0200 (CEST) Subject: SUSE-IU-2024:1154-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20240905070138.53734FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1154-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.67 , suse/sle-micro/base-5.5:latest Image Release : 5.8.67 Severity : moderate Type : security References : 1224044 1228535 CVE-2024-34397 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libcurl4-8.0.1-150400.5.47.1 updated - curl-8.0.1-150400.5.47.1 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:02:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:02:40 +0200 (CEST) Subject: SUSE-CU-2024:3981-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240905070240.995E5FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3981-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.30 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.30 Severity : moderate Type : security References : 1224044 1228535 CVE-2024-34397 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - libcurl4-8.0.1-150400.5.47.1 updated - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libgmodule-2_0-0-2.70.5-150400.3.14.1 updated - container:sles15-image-15.0.0-36.14.17 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:02:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:02:43 +0200 (CEST) Subject: SUSE-IU-2024:1158-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20240905070243.BA858FBA3@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1158-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.2 , suse/sl-micro/6.0/base-os-container:2.1.2-3.29 , suse/sl-micro/6.0/base-os-container:latest Image Release : 3.29 Severity : important Type : recommended References : 1188441 1220724 1221239 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29 Released: Wed Sep 4 12:41:35 2024 Summary: Recommended update for gcc13 Type: recommended Severity: important References: 1188441,1220724,1221239 This update for gcc13 fixes the following issues: - Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] The following package changes have been done: - libgcc_s1-13.3.0+git8781-1.1 updated - libstdc++6-13.3.0+git8781-1.1 updated - libcurl4-8.6.0-2.1 updated - curl-8.6.0-2.1 updated - SL-Micro-release-6.0-24.12 updated - container:suse-toolbox-image-1.0.0-6.48 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:02:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:02:46 +0200 (CEST) Subject: SUSE-IU-2024:1159-1: Recommended update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20240905070246.D877BFBA3@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1159-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.2 , suse/sl-micro/6.0/kvm-os-container:2.1.2-3.46 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 3.46 Severity : important Type : recommended References : 1188441 1220724 1221239 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29 Released: Wed Sep 4 12:41:35 2024 Summary: Recommended update for gcc13 Type: recommended Severity: important References: 1188441,1220724,1221239 This update for gcc13 fixes the following issues: - Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] The following package changes have been done: - libgcc_s1-13.3.0+git8781-1.1 updated - libstdc++6-13.3.0+git8781-1.1 updated - SL-Micro-release-6.0-24.12 updated - libcurl4-8.6.0-2.1 updated - container:SL-Micro-base-container-2.1.2-3.29 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:02:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:02:49 +0200 (CEST) Subject: SUSE-IU-2024:1160-1: Recommended update of suse/sl-micro/6.0/rt-os-container Message-ID: <20240905070249.DC50CFBA3@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1160-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.2 , suse/sl-micro/6.0/rt-os-container:2.1.2-4.20 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 4.20 Severity : important Type : recommended References : 1188441 1220724 1221239 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29 Released: Wed Sep 4 12:41:35 2024 Summary: Recommended update for gcc13 Type: recommended Severity: important References: 1188441,1220724,1221239 This update for gcc13 fixes the following issues: - Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] The following package changes have been done: - libgcc_s1-13.3.0+git8781-1.1 updated - libstdc++6-13.3.0+git8781-1.1 updated - SL-Micro-release-6.0-24.12 updated - libcurl4-8.6.0-2.1 updated - container:SL-Micro-container-2.1.2-3.51 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:03:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:03:01 +0200 (CEST) Subject: SUSE-CU-2024:3986-1: Recommended update of suse/sl-micro/6.0/toolbox Message-ID: <20240905070301.0DB37FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3986-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-6.11 , suse/sl-micro/6.0/toolbox:latest Container Release : 6.11 Severity : important Type : recommended References : 1188441 1220724 1221239 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29 Released: Wed Sep 4 12:41:35 2024 Summary: Recommended update for gcc13 Type: recommended Severity: important References: 1188441,1220724,1221239 This update for gcc13 fixes the following issues: - Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] The following package changes have been done: - SL-Micro-release-6.0-24.12 updated - curl-8.6.0-2.1 updated - libcurl4-8.6.0-2.1 updated - libgcc_s1-13.3.0+git8781-1.1 updated - libstdc++6-13.3.0+git8781-1.1 updated - skelcd-EULA-SL-Micro-2024.01.19-7.18 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:06:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:06:17 +0200 (CEST) Subject: SUSE-CU-2024:3988-1: Security update of bci/nodejs Message-ID: <20240905070617.102DEFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3988-1 Container Tags : bci/node:18 , bci/node:18-29.6 , bci/nodejs:18 , bci/nodejs:18-29.6 Container Release : 29.6 Severity : moderate Type : security References : 1228535 CVE-2024-7264 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) The following package changes have been done: - libcurl4-8.0.1-150400.5.47.1 updated - curl-8.0.1-150400.5.47.1 updated - container:sles15-image-15.0.0-36.14.17 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:07:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:07:00 +0200 (CEST) Subject: SUSE-CU-2024:3989-1: Security update of bci/openjdk-devel Message-ID: <20240905070700.12439FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3989-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-26.14 Container Release : 26.14 Severity : moderate Type : security References : 1224044 1224113 CVE-2024-34397 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - container:bci-openjdk-11-15.5.11-27.7 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:07:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:07:33 +0200 (CEST) Subject: SUSE-CU-2024:3990-1: Security update of bci/openjdk Message-ID: <20240905070733.B39B3FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3990-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-27.7 Container Release : 27.7 Severity : moderate Type : security References : 1224044 1224113 1228535 CVE-2024-34397 CVE-2024-7264 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libcurl4-8.0.1-150400.5.47.1 updated - curl-8.0.1-150400.5.47.1 updated - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - container:sles15-image-15.0.0-36.14.17 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:08:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:08:14 +0200 (CEST) Subject: SUSE-CU-2024:3991-1: Recommended update of bci/openjdk-devel Message-ID: <20240905070814.A36CAFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3991-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-28.14 Container Release : 28.14 Severity : moderate Type : recommended References : 1224113 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - container:bci-openjdk-17-15.5.17-29.7 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:08:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:08:49 +0200 (CEST) Subject: SUSE-CU-2024:3992-1: Security update of bci/openjdk Message-ID: <20240905070849.4B52BFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3992-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-29.7 Container Release : 29.7 Severity : moderate Type : security References : 1224113 1228535 CVE-2024-7264 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - libcurl4-8.0.1-150400.5.47.1 updated - curl-8.0.1-150400.5.47.1 updated - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - container:sles15-image-15.0.0-36.14.17 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:09:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:09:12 +0200 (CEST) Subject: SUSE-CU-2024:3993-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240905070912.E183EFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3993-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.22.6 Container Release : 22.6 Severity : moderate Type : recommended References : 1224113 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - mozilla-nss-tools-3.101.2-150400.3.51.1 updated - container:sles15-image-15.0.0-36.14.17 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:09:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:09:41 +0200 (CEST) Subject: SUSE-CU-2024:3994-1: Security update of suse/sle15 Message-ID: <20240905070941.64E91FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3994-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.17 , suse/sle15:15.5 , suse/sle15:15.5.36.14.17 Container Release : 36.14.17 Severity : moderate Type : security References : 1224044 1228535 1229339 CVE-2024-34397 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - curl-8.0.1-150400.5.47.1 updated - libcurl4-8.0.1-150400.5.47.1 updated - libglib-2_0-0-2.70.5-150400.3.14.1 updated - suse-build-key-12.0-150000.8.52.3 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:09:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:09:47 +0200 (CEST) Subject: SUSE-CU-2024:3995-1: Security update of suse/389-ds Message-ID: <20240905070947.A575EFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3995-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-41.6 , suse/389-ds:latest Container Release : 41.6 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1224113 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - mozilla-nss-tools-3.101.2-150400.3.51.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:10:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:10:06 +0200 (CEST) Subject: SUSE-CU-2024:4000-1: Security update of suse/registry Message-ID: <20240905071006.3F575FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4000-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-24.7 , suse/registry:latest Container Release : 24.7 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:10:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:10:34 +0200 (CEST) Subject: SUSE-CU-2024:4009-1: Security update of suse/git Message-ID: <20240905071034.0287CFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4009-1 Container Tags : suse/git:2.43 , suse/git:2.43-22.4 , suse/git:latest Container Release : 22.4 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:10:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:10:39 +0200 (CEST) Subject: SUSE-CU-2024:4010-1: Security update of bci/golang Message-ID: <20240905071039.2CC34FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4010-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-40.4 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-40.4 Container Release : 40.4 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - jitterentropy-devel-3.4.1-150000.1.12.1 added - libopenssl-3-devel-3.1.4-150600.5.15.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:10:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:10:42 +0200 (CEST) Subject: SUSE-CU-2024:4011-1: Security update of bci/golang Message-ID: <20240905071042.0C92BFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4011-1 Container Tags : bci/golang:1.23 , bci/golang:1.23-1.34.4 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.4 Container Release : 34.4 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:10:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:10:47 +0200 (CEST) Subject: SUSE-CU-2024:4012-1: Security update of bci/golang Message-ID: <20240905071047.7A79FFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4012-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-40.4 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-40.4 Container Release : 40.4 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - jitterentropy-devel-3.4.1-150000.1.12.1 added - libopenssl-3-devel-3.1.4-150600.5.15.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:10:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:10:50 +0200 (CEST) Subject: SUSE-CU-2024:4013-1: Security update of suse/helm Message-ID: <20240905071050.2EFF9FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4013-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-22.5 , suse/helm:latest Container Release : 22.5 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - openssl-3-3.1.4-150600.5.15.1 updated From sle-container-updates at lists.suse.com Thu Sep 5 07:10:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Sep 2024 09:10:57 +0200 (CEST) Subject: SUSE-CU-2024:4014-1: Security update of bci/bci-init Message-ID: <20240905071057.4669DFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4014-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.22.4 , bci/bci-init:latest Container Release : 22.4 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:01:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:01:38 +0200 (CEST) Subject: SUSE-IU-2024:1161-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20240906070138.F2BE2FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1161-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.152 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.152 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 1228398 1228847 CVE-2023-7008 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3146-1 Released: Thu Sep 5 09:14:53 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228398,1228847 This update for dracut fixes the following issues: - Version update with: * feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398). * fix(convertfs) error in conditional expressions (bsc#1228847). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libudev1-249.17-150400.8.43.1 updated - libsystemd0-249.17-150400.8.43.1 updated - systemd-249.17-150400.8.43.1 updated - udev-249.17-150400.8.43.1 updated - systemd-sysvinit-249.17-150400.8.43.1 updated - dracut-055+suse.392.g7930ab23-150500.3.24.2 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.116 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:06:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:06:11 +0200 (CEST) Subject: SUSE-CU-2024:4017-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240906070611.98559FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4017-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.21 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.21 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 CVE-2023-7008 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libsystemd0-249.17-150400.8.43.1 updated - libudev1-249.17-150400.8.43.1 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:06:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:06:17 +0200 (CEST) Subject: SUSE-IU-2024:1162-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20240906070617.AE39FFBA3@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1162-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.2 , suse/sl-micro/6.0/rt-os-container:2.1.2-4.23 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 4.23 Severity : important Type : security References : 1208690 1221482 1221940 1222992 1223423 1223424 1223425 1226412 1226529 1228041 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 32 Released: Thu Sep 5 12:12:35 2024 Summary: Security update for glibc Type: security Severity: important References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu ----------------------------------------------------------------- Advisory ID: 33 Released: Thu Sep 5 14:13:47 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Update to version 059+suse.567.gadd3169d: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) The following package changes have been done: - glibc-2.38-7.1 updated - SL-Micro-release-6.0-24.14 updated - dracut-059+suse.571.g32b61281-1.1 updated - glibc-locale-base-2.38-7.1 updated - container:SL-Micro-container-2.1.2-3.54 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:06:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:06:21 +0200 (CEST) Subject: SUSE-CU-2024:4018-1: Security update of suse/sl-micro/6.0/rt-iso-image Message-ID: <20240906070621.8B30BFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/rt-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4018-1 Container Tags : suse/sl-micro/6.0/rt-iso-image:2.1.1 , suse/sl-micro/6.0/rt-iso-image:2.1.1-3.44 , suse/sl-micro/6.0/rt-iso-image:latest Container Release : 3.44 Severity : important Type : security References : 1221482 1221940 1222992 1223423 1223424 1223425 1228041 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 32 Released: Thu Sep 5 12:12:35 2024 Summary: Security update for glibc Type: security Severity: important References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu The following package changes have been done: - glibc-2.38-7.1 updated - container:SL-Micro-rt-container-2.1.2-3.54 updated - container:SL-Micro-container-2.1.2-3.54 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:06:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:06:25 +0200 (CEST) Subject: SUSE-CU-2024:4019-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20240906070625.33441FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4019-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-6.13 , suse/sl-micro/6.0/toolbox:latest Container Release : 6.13 Severity : important Type : security References : 1221482 1221940 1222992 1223423 1223424 1223425 1228041 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 32 Released: Thu Sep 5 12:12:35 2024 Summary: Security update for glibc Type: security Severity: important References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu The following package changes have been done: - SL-Micro-release-6.0-24.14 updated - glibc-locale-base-2.38-7.1 updated - glibc-locale-2.38-7.1 updated - glibc-2.38-7.1 updated - skelcd-EULA-SL-Micro-2024.01.19-7.20 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:08:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:08:20 +0200 (CEST) Subject: SUSE-CU-2024:4022-1: Recommended update of bci/bci-busybox Message-ID: <20240906070820.6C553FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4022-1 Container Tags : bci/bci-busybox:15.5 , bci/bci-busybox:15.5.31.3 Container Release : 31.3 Severity : moderate Type : recommended References : 1227114 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3143-1 Released: Wed Sep 4 12:45:50 2024 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: 1227114 This update for sles-release fixes the following issue: - Increment Codestream lifecycle by 3 years. - Set Product EOL date. The following package changes have been done: - sles-release-15.5-150500.61.4.1 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:10:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:10:07 +0200 (CEST) Subject: SUSE-CU-2024:4023-1: Recommended update of bci/bci-init Message-ID: <20240906071007.35EF3FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4023-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.26.6 Container Release : 26.6 Severity : moderate Type : recommended References : 1227114 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3143-1 Released: Wed Sep 4 12:45:50 2024 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: 1227114 This update for sles-release fixes the following issue: - Increment Codestream lifecycle by 3 years. - Set Product EOL date. The following package changes have been done: - sles-release-15.5-150500.61.4.1 updated - container:sles15-image-15.0.0-36.14.18 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:10:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:10:22 +0200 (CEST) Subject: SUSE-CU-2024:4024-1: Recommended update of bci/bci-micro Message-ID: <20240906071022.7AE52FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4024-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.30.3 Container Release : 30.3 Severity : moderate Type : recommended References : 1227114 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3143-1 Released: Wed Sep 4 12:45:50 2024 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: 1227114 This update for sles-release fixes the following issue: - Increment Codestream lifecycle by 3 years. - Set Product EOL date. The following package changes have been done: - sles-release-15.5-150500.61.4.1 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:10:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:10:40 +0200 (CEST) Subject: SUSE-CU-2024:4025-1: Recommended update of bci/bci-minimal Message-ID: <20240906071040.F3612FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4025-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.30.5 Container Release : 30.5 Severity : moderate Type : recommended References : 1227114 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3143-1 Released: Wed Sep 4 12:45:50 2024 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: 1227114 This update for sles-release fixes the following issue: - Increment Codestream lifecycle by 3 years. - Set Product EOL date. The following package changes have been done: - sles-release-15.5-150500.61.4.1 updated - container:micro-image-15.5.0-30.3 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:12:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:12:20 +0200 (CEST) Subject: SUSE-CU-2024:4027-1: Recommended update of bci/openjdk-devel Message-ID: <20240906071220.2FE23FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4027-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-26.17 Container Release : 26.17 Severity : moderate Type : recommended References : 1227114 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3143-1 Released: Wed Sep 4 12:45:50 2024 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: 1227114 This update for sles-release fixes the following issue: - Increment Codestream lifecycle by 3 years. - Set Product EOL date. The following package changes have been done: - sles-release-15.5-150500.61.4.1 updated - container:bci-openjdk-11-15.5.11-27.8 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:13:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:13:53 +0200 (CEST) Subject: SUSE-CU-2024:4029-1: Recommended update of bci/openjdk-devel Message-ID: <20240906071353.F1D09FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4029-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-28.16 Container Release : 28.16 Severity : moderate Type : recommended References : 1227114 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3143-1 Released: Wed Sep 4 12:45:50 2024 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: 1227114 This update for sles-release fixes the following issue: - Increment Codestream lifecycle by 3 years. - Set Product EOL date. The following package changes have been done: - sles-release-15.5-150500.61.4.1 updated - container:bci-openjdk-17-15.5.17-29.8 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:15:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:15:06 +0200 (CEST) Subject: SUSE-CU-2024:4031-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240906071506.720F6FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4031-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.22.7 Container Release : 22.7 Severity : moderate Type : recommended References : 1227114 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3143-1 Released: Wed Sep 4 12:45:50 2024 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: 1227114 This update for sles-release fixes the following issue: - Increment Codestream lifecycle by 3 years. - Set Product EOL date. The following package changes have been done: - sles-release-15.5-150500.61.4.1 updated - container:sles15-image-15.0.0-36.14.18 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:15:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:15:43 +0200 (CEST) Subject: SUSE-CU-2024:4032-1: Recommended update of suse/sle15 Message-ID: <20240906071543.3EB24FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4032-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.18 , suse/sle15:15.5 , suse/sle15:15.5.36.14.18 Container Release : 36.14.18 Severity : moderate Type : recommended References : 1227114 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3143-1 Released: Wed Sep 4 12:45:50 2024 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: 1227114 This update for sles-release fixes the following issue: - Increment Codestream lifecycle by 3 years. - Set Product EOL date. The following package changes have been done: - sles-release-15.5-150500.61.4.1 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:15:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:15:52 +0200 (CEST) Subject: SUSE-CU-2024:4014-1: Security update of bci/bci-init Message-ID: <20240906071552.6ADBEFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4014-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.22.4 , bci/bci-init:latest Container Release : 22.4 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:15:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:15:55 +0200 (CEST) Subject: SUSE-CU-2024:4033-1: Security update of bci/kiwi Message-ID: <20240906071555.84592FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4033-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-10.7 , bci/kiwi:9.24 , bci/kiwi:9.24-10.7 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-10.7 , bci/kiwi:latest Container Release : 10.7 Severity : important Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1224113 1228808 1228968 1229160 1229329 1229465 1229975 CVE-2024-6119 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3103-1 Released: Tue Sep 3 16:59:06 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1229160 This update for xfsprogs fixes the following issue: - xfs_repair: allow symlinks with short remote targets (bsc#1229160) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3124-1 Released: Tue Sep 3 17:38:34 2024 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1229975 This update for cryptsetup fixes the following issues: - FIPS: Extend the password for PBKDF2 benchmarking to be more than 20 chars to meet FIPS 140-3 requirements (bsc#1229975) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3141-1 Released: Wed Sep 4 12:30:32 2024 Summary: Recommended update for python-kiwi Type: recommended Severity: important References: 1228808 This update for python-kiwi fixes the following issues: - Update virtualenv setup - types-pkg_resources got dropped from PyPI - Fixed regression in GRUB_SERIAL_COMMAND setup (bsc#1228808) The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - kiwi-tools-9.24.43-150100.3.84.1 updated - libfreebl3-3.101.2-150400.3.51.1 updated - libcryptsetup12-2.7.0-150600.3.3.1 updated - xfsprogs-6.7.0-150600.3.6.2 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - cryptsetup-2.7.0-150600.3.3.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - kiwi-systemdeps-core-9.24.43-150100.3.84.1 updated - dracut-kiwi-lib-9.24.43-150100.3.84.1 updated - dracut-kiwi-oem-repart-9.24.43-150100.3.84.1 updated - kiwi-systemdeps-filesystems-9.24.43-150100.3.84.1 updated - python3-kiwi-9.24.43-150100.3.84.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:16:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:16:01 +0200 (CEST) Subject: SUSE-CU-2024:4034-1: Security update of suse/nginx Message-ID: <20240906071601.602D5FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4034-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-41.4 , suse/nginx:latest Container Release : 41.4 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228322 1228924 1228968 1229329 1229465 1229582 CVE-2024-6119 CVE-2024-7006 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3115-1 Released: Tue Sep 3 17:06:06 2024 Summary: Security update for tiff Type: security Severity: moderate References: 1228924,CVE-2024-7006 This update for tiff fixes the following issues: - CVE-2024-7006: Fixed null pointer dereference in tif_dirinfo.c (bsc#1228924) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3130-1 Released: Tue Sep 3 17:41:16 2024 Summary: Recommended update for libwebp Type: recommended Severity: moderate References: 1228322,1229582 This update for libwebp fixes the following issue: - added libwebp7-32bit to packagehub for Wine. (bsc#1228322 bsc#1229582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - libwebp7-1.0.3-150200.3.12.1 updated - libtiff5-4.0.9-150000.45.47.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:16:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:16:07 +0200 (CEST) Subject: SUSE-CU-2024:4035-1: Security update of bci/nodejs Message-ID: <20240906071607.B5EFDFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4035-1 Container Tags : bci/node:20 , bci/node:20-36.4 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-36.4 , bci/nodejs:latest Container Release : 36.4 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:16:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:16:19 +0200 (CEST) Subject: SUSE-CU-2024:4036-1: Security update of bci/openjdk-devel Message-ID: <20240906071619.1EA5BFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4036-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-21.8 , bci/openjdk-devel:latest Container Release : 21.8 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1224113 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - container:bci-openjdk-21-15.6.21-21.4 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:16:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:16:29 +0200 (CEST) Subject: SUSE-CU-2024:4037-1: Security update of bci/openjdk Message-ID: <20240906071629.D7846FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4037-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-21.4 , bci/openjdk:latest Container Release : 21.4 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1224113 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:16:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:16:36 +0200 (CEST) Subject: SUSE-CU-2024:4038-1: Security update of suse/pcp Message-ID: <20240906071636.27E13FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4038-1 Container Tags : suse/pcp:5 , suse/pcp:5-41.8 , suse/pcp:5.3 , suse/pcp:5.3-41.8 , suse/pcp:5.3.7 , suse/pcp:5.3.7-41.8 , suse/pcp:latest Container Release : 41.8 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1224113 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - container:bci-bci-init-15.6-15.6-22.4 updated From sle-container-updates at lists.suse.com Fri Sep 6 07:16:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 09:16:41 +0200 (CEST) Subject: SUSE-CU-2024:4039-1: Security update of bci/php-apache Message-ID: <20240906071641.75C99FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4039-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-36.4 , bci/php-apache:latest Container Release : 36.4 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:32:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:32:00 +0200 (CEST) Subject: SUSE-IU-2024:1164-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20240906113200.D324BFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1164-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.144 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.144 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 1228398 1228847 CVE-2023-7008 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3146-1 Released: Thu Sep 5 09:14:53 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228398,1228847 This update for dracut fixes the following issues: - Version update with: * feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398). * fix(convertfs) error in conditional expressions (bsc#1228847). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libudev1-249.17-150400.8.43.1 updated - libsystemd0-249.17-150400.8.43.1 updated - systemd-249.17-150400.8.43.1 updated - udev-249.17-150400.8.43.1 updated - systemd-sysvinit-249.17-150400.8.43.1 updated - dracut-055+suse.392.g7930ab23-150500.3.24.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.70 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:32:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:32:17 +0200 (CEST) Subject: SUSE-IU-2024:1165-1: Security update of suse/sle-micro/5.5 Message-ID: <20240906113217.2E53DFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1165-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.116 , suse/sle-micro/5.5:latest Image Release : 5.5.116 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 1228398 1228847 CVE-2023-7008 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3146-1 Released: Thu Sep 5 09:14:53 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228398,1228847 This update for dracut fixes the following issues: - Version update with: * feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398). * fix(convertfs) error in conditional expressions (bsc#1228847). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libudev1-249.17-150400.8.43.1 updated - libsystemd0-249.17-150400.8.43.1 updated - systemd-249.17-150400.8.43.1 updated - udev-249.17-150400.8.43.1 updated - systemd-sysvinit-249.17-150400.8.43.1 updated - dracut-055+suse.392.g7930ab23-150500.3.24.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.70 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:33:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:33:38 +0200 (CEST) Subject: SUSE-CU-2024:4042-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240906113338.0319FFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4042-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.20 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.20 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 CVE-2023-7008 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libsystemd0-249.17-150400.8.43.1 updated - libudev1-249.17-150400.8.43.1 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:34:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:34:28 +0200 (CEST) Subject: SUSE-IU-2024:1166-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20240906113428.AE9BEFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1166-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.2 , suse/sl-micro/6.0/base-os-container:2.1.2-3.32 , suse/sl-micro/6.0/base-os-container:latest Image Release : 3.32 Severity : important Type : security References : 1221482 1221940 1222992 1223423 1223424 1223425 1228041 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 32 Released: Thu Sep 5 12:12:35 2024 Summary: Security update for glibc Type: security Severity: important References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu The following package changes have been done: - glibc-2.38-7.1 updated - glibc-locale-base-2.38-7.1 updated - SL-Micro-release-6.0-24.14 updated - container:suse-toolbox-image-1.0.0-6.50 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:34:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:34:32 +0200 (CEST) Subject: SUSE-IU-2024:1167-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20240906113432.D0AD5FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1167-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.2 , suse/sl-micro/6.0/kvm-os-container:2.1.2-3.49 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 3.49 Severity : important Type : security References : 1208690 1221482 1221940 1222992 1223423 1223424 1223425 1226412 1226529 1228041 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 32 Released: Thu Sep 5 12:12:35 2024 Summary: Security update for glibc Type: security Severity: important References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu ----------------------------------------------------------------- Advisory ID: 33 Released: Thu Sep 5 14:13:47 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Update to version 059+suse.567.gadd3169d: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) The following package changes have been done: - glibc-2.38-7.1 updated - SL-Micro-release-6.0-24.14 updated - dracut-059+suse.571.g32b61281-1.1 updated - glibc-locale-base-2.38-7.1 updated - container:SL-Micro-base-container-2.1.2-3.32 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:34:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:34:36 +0200 (CEST) Subject: SUSE-CU-2024:4044-1: Security update of suse/sl-micro/6.0/baremetal-iso-image Message-ID: <20240906113436.E8D15FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/baremetal-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4044-1 Container Tags : suse/sl-micro/6.0/baremetal-iso-image:2.1.1 , suse/sl-micro/6.0/baremetal-iso-image:2.1.1-3.60 , suse/sl-micro/6.0/baremetal-iso-image:latest Container Release : 3.60 Severity : important Type : security References : 1221482 1221940 1222992 1223423 1223424 1223425 1228041 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 32 Released: Thu Sep 5 12:12:35 2024 Summary: Security update for glibc Type: security Severity: important References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu The following package changes have been done: - glibc-2.38-7.1 updated - container:SL-Micro-container-2.1.2-3.54 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:34:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:34:41 +0200 (CEST) Subject: SUSE-CU-2024:4045-1: Security update of suse/sl-micro/6.0/base-iso-image Message-ID: <20240906113441.0726BFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/base-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4045-1 Container Tags : suse/sl-micro/6.0/base-iso-image:2.1.1 , suse/sl-micro/6.0/base-iso-image:2.1.1-2.65 , suse/sl-micro/6.0/base-iso-image:latest Container Release : 2.65 Severity : important Type : security References : 1221482 1221940 1222992 1223423 1223424 1223425 1228041 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 32 Released: Thu Sep 5 12:12:35 2024 Summary: Security update for glibc Type: security Severity: important References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu The following package changes have been done: - glibc-2.38-7.1 updated - container:SL-Micro-base-container-2.1.2-3.54 updated - container:SL-Micro-container-2.1.2-3.54 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:34:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:34:45 +0200 (CEST) Subject: SUSE-CU-2024:4046-1: Security update of suse/sl-micro/6.0/kvm-iso-image Message-ID: <20240906113445.0670CFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/kvm-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4046-1 Container Tags : suse/sl-micro/6.0/kvm-iso-image:2.1.1 , suse/sl-micro/6.0/kvm-iso-image:2.1.1-3.67 , suse/sl-micro/6.0/kvm-iso-image:latest Container Release : 3.67 Severity : important Type : security References : 1221482 1221940 1222992 1223423 1223424 1223425 1228041 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 32 Released: Thu Sep 5 12:12:35 2024 Summary: Security update for glibc Type: security Severity: important References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu The following package changes have been done: - glibc-2.38-7.1 updated - container:SL-Micro-kvm-container-2.1.2-3.54 updated - container:SL-Micro-container-2.1.2-3.54 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:35:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:35:41 +0200 (CEST) Subject: SUSE-CU-2024:4047-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240906113541.59788FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4047-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.15 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.15 Container Release : 5.15 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 CVE-2023-7008 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libsystemd0-249.17-150400.8.43.1 updated - libudev1-249.17-150400.8.43.1 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:37:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:37:50 +0200 (CEST) Subject: SUSE-CU-2024:4039-1: Security update of bci/php-apache Message-ID: <20240906113750.48F3EFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4039-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-36.4 , bci/php-apache:latest Container Release : 36.4 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:37:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:37:55 +0200 (CEST) Subject: SUSE-CU-2024:4048-1: Security update of bci/php-fpm Message-ID: <20240906113755.6DB75FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4048-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-36.4 , bci/php-fpm:latest Container Release : 36.4 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:38:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:38:01 +0200 (CEST) Subject: SUSE-CU-2024:4049-1: Security update of bci/php Message-ID: <20240906113801.74481FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4049-1 Container Tags : bci/php:8 , bci/php:8-36.4 , bci/php:latest Container Release : 36.4 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:38:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:38:06 +0200 (CEST) Subject: SUSE-CU-2024:4050-1: Security update of suse/postgres Message-ID: <20240906113806.5817DFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4050-1 Container Tags : suse/postgres:16 , suse/postgres:16-42.4 , suse/postgres:16.2 , suse/postgres:16.2-42.4 , suse/postgres:latest Container Release : 42.4 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:38:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:38:13 +0200 (CEST) Subject: SUSE-CU-2024:4051-1: Security update of bci/python Message-ID: <20240906113813.155ADFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4051-1 Container Tags : bci/python:3 , bci/python:3-48.6 , bci/python:3.11 , bci/python:3.11-48.6 Container Release : 48.6 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:38:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:38:23 +0200 (CEST) Subject: SUSE-CU-2024:4052-1: Security update of bci/python Message-ID: <20240906113823.79ABEFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4052-1 Container Tags : bci/python:3 , bci/python:3-48.4 , bci/python:3.12 , bci/python:3.12-48.4 , bci/python:latest Container Release : 48.4 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:38:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:38:30 +0200 (CEST) Subject: SUSE-CU-2024:4053-1: Security update of bci/python Message-ID: <20240906113830.1907CFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4053-1 Container Tags : bci/python:3 , bci/python:3-47.6 , bci/python:3.6 , bci/python:3.6-47.6 Container Release : 47.6 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:38:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:38:35 +0200 (CEST) Subject: SUSE-CU-2024:4054-1: Security update of suse/rmt-mariadb-client Message-ID: <20240906113835.54F21FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4054-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-42.4 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-42.4 , suse/rmt-mariadb-client:latest Container Release : 42.4 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:38:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:38:40 +0200 (CEST) Subject: SUSE-CU-2024:4055-1: Security update of suse/rmt-mariadb Message-ID: <20240906113840.9199CFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4055-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-42.5 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-42.5 , suse/rmt-mariadb:latest Container Release : 42.5 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:38:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:38:47 +0200 (CEST) Subject: SUSE-CU-2024:4056-1: Security update of bci/ruby Message-ID: <20240906113847.62302FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4056-1 Container Tags : bci/ruby:2 , bci/ruby:2-22.6 , bci/ruby:2.5 , bci/ruby:2.5-22.6 , bci/ruby:latest Container Release : 22.6 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:38:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:38:52 +0200 (CEST) Subject: SUSE-CU-2024:4057-1: Security update of bci/rust Message-ID: <20240906113852.D42CCFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4057-1 Container Tags : bci/rust:1.79 , bci/rust:1.79-2.4.4 , bci/rust:oldstable , bci/rust:oldstable-2.4.4 Container Release : 4.4 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:38:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:38:58 +0200 (CEST) Subject: SUSE-CU-2024:4058-1: Security update of bci/rust Message-ID: <20240906113858.8C55EFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4058-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-1.4.4 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.4 Container Release : 4.4 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3093-1 Released: Tue Sep 3 16:34:07 2024 Summary: Recommended update for rust1.80 Type: recommended Severity: moderate References: This update for rust1.80 fixes the following issues: Version 1.80.1 (2024-08-08) =========================== - Fix miscompilation in the jump threading MIR optimization when comparing floats - Revert changes to the `dead_code` lint from 1.80.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - rust1.80-1.80.1-150500.11.6.1 updated - cargo1.80-1.80.1-150500.11.6.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:48:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:48:32 +0200 (CEST) Subject: SUSE-CU-2024:4058-1: Security update of bci/rust Message-ID: <20240906114832.72944FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4058-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-1.4.4 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.4 Container Release : 4.4 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3093-1 Released: Tue Sep 3 16:34:07 2024 Summary: Recommended update for rust1.80 Type: recommended Severity: moderate References: This update for rust1.80 fixes the following issues: Version 1.80.1 (2024-08-08) =========================== - Fix miscompilation in the jump threading MIR optimization when comparing floats - Revert changes to the `dead_code` lint from 1.80.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - rust1.80-1.80.1-150500.11.6.1 updated - cargo1.80-1.80.1-150500.11.6.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:48:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:48:45 +0200 (CEST) Subject: SUSE-CU-2024:4059-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240906114845.78A15FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4059-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.23.4 , bci/bci-sle15-kernel-module-devel:latest Container Release : 23.4 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1224113 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - mozilla-nss-tools-3.101.2-150400.3.51.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:48:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:48:53 +0200 (CEST) Subject: SUSE-CU-2024:4060-1: Security update of suse/sle15 Message-ID: <20240906114853.9BE5FFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4060-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.10 , suse/sle15:15.6 , suse/sle15:15.6.47.11.10 Container Release : 47.11.10 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:48:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:48:59 +0200 (CEST) Subject: SUSE-CU-2024:4061-1: Security update of bci/spack Message-ID: <20240906114859.21FC7FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4061-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-6.4 , bci/spack:0.21.2 , bci/spack:0.21.2-6.4 , bci/spack:latest Container Release : 6.4 Severity : moderate Type : security References : 1190273 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3129-1 Released: Tue Sep 3 17:40:36 2024 Summary: Recommended update for unzip Type: recommended Severity: moderate References: 1190273 This update for unzip fixes the following issues: - Add patch to fix issue with some files being incorrectly detected as symlinks (boo#1190273) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) The following package changes have been done: - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - jitterentropy-devel-3.4.1-150000.1.12.1 added - unzip-6.00-150000.4.14.1 updated - libopenssl-3-devel-3.1.4-150600.5.15.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:49:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:49:21 +0200 (CEST) Subject: SUSE-CU-2024:4069-1: Security update of suse/sle15 Message-ID: <20240906114921.26F17FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4069-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7.50.8 , suse/sle15:15.7 , suse/sle15:15.7.50.8 Container Release : 50.8 Severity : important Type : security References : 1220356 1222899 1223336 1226463 1227138 1227525 1227681 1227888 1228322 1228535 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - curl-8.6.0-150600.4.3.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - libgpgme11-1.23.0-150600.3.2.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libudev1-254.15-150600.4.8.1 updated - login_defs-4.8.1-150600.17.6.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - sle-module-basesystem-release-15.7-150700.3.1 updated - sle-module-python3-release-15.7-150700.3.1 updated - sle-module-server-applications-release-15.7-150700.3.1 updated - sles-release-15.7-150700.3.1 updated - suse-build-key-12.0-150000.8.49.2 updated From sle-container-updates at lists.suse.com Fri Sep 6 11:50:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Sep 2024 13:50:21 +0200 (CEST) Subject: SUSE-CU-2024:4078-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240906115021.3F50BFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4078-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.24 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.24 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 CVE-2023-7008 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - systemd-249.17-150400.8.43.1 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:01:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:01:47 +0200 (CEST) Subject: SUSE-IU-2024:1169-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20240907070147.71E41FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1169-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.71 , suse/sle-micro/base-5.5:latest Image Release : 5.8.71 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 CVE-2023-7008 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libudev1-249.17-150400.8.43.1 updated - libsystemd0-249.17-150400.8.43.1 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:03:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:03:23 +0200 (CEST) Subject: SUSE-CU-2024:4079-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240907070323.5F2BBFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4079-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.33 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.33 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 CVE-2023-7008 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libsystemd0-249.17-150400.8.43.1 updated - libudev1-249.17-150400.8.43.1 updated - container:sles15-image-15.0.0-36.14.19 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:07:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:07:08 +0200 (CEST) Subject: SUSE-CU-2024:4080-1: Security update of bci/bci-init Message-ID: <20240907070708.30813FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4080-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.26.8 Container Release : 26.8 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 CVE-2023-7008 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libudev1-249.17-150400.8.43.1 updated - libsystemd0-249.17-150400.8.43.1 updated - systemd-249.17-150400.8.43.1 updated - container:sles15-image-15.0.0-36.14.19 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:07:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:07:56 +0200 (CEST) Subject: SUSE-CU-2024:4081-1: Security update of bci/nodejs Message-ID: <20240907070756.EE1D7FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4081-1 Container Tags : bci/node:18 , bci/node:18-29.9 , bci/nodejs:18 , bci/nodejs:18-29.9 Container Release : 29.9 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 CVE-2023-7008 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libsystemd0-249.17-150400.8.43.1 updated - container:sles15-image-15.0.0-36.14.19 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:09:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:09:53 +0200 (CEST) Subject: SUSE-CU-2024:4083-1: Security update of bci/openjdk Message-ID: <20240907070953.A1771FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4083-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-27.10 Container Release : 27.10 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 CVE-2023-7008 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libsystemd0-249.17-150400.8.43.1 updated - container:sles15-image-15.0.0-36.14.19 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:11:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:11:56 +0200 (CEST) Subject: SUSE-CU-2024:4085-1: Security update of bci/openjdk Message-ID: <20240907071156.E69BDFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4085-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-29.10 Container Release : 29.10 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 CVE-2023-7008 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libsystemd0-249.17-150400.8.43.1 updated - container:sles15-image-15.0.0-36.14.19 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:14 +0200 (CEST) Subject: SUSE-CU-2024:4087-1: Security update of suse/sle15 Message-ID: <20240907071314.81663FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4087-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.19 , suse/sle15:15.5 , suse/sle15:15.5.36.14.19 Container Release : 36.14.19 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 CVE-2023-7008 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libsystemd0-249.17-150400.8.43.1 updated - libudev1-249.17-150400.8.43.1 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:22 +0200 (CEST) Subject: SUSE-CU-2024:4088-1: Security update of bci/golang Message-ID: <20240907071322.DE0EAFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4088-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-2.34.5 , bci/golang:oldstable , bci/golang:oldstable-2.34.5 Container Release : 34.5 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - container:sles15-image-15.6.0-47.11.10 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:32 +0200 (CEST) Subject: SUSE-CU-2024:4090-1: Recommended update of suse/sles/15.7/cdi-apiserver Message-ID: <20240907071332.6A3F9FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4090-1 Container Tags : suse/sles/15.7/cdi-apiserver:1.58.0 , suse/sles/15.7/cdi-apiserver:1.58.0-150700.7.6 , suse/sles/15.7/cdi-apiserver:1.58.0.27.17 Container Release : 27.17 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - containerized-data-importer-api-1.58.0-150700.7.6 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:34 +0200 (CEST) Subject: SUSE-CU-2024:4091-1: Recommended update of suse/sles/15.7/cdi-cloner Message-ID: <20240907071334.B74F1FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4091-1 Container Tags : suse/sles/15.7/cdi-cloner:1.58.0 , suse/sles/15.7/cdi-cloner:1.58.0-150700.7.6 , suse/sles/15.7/cdi-cloner:1.58.0.28.17 Container Release : 28.17 Severity : moderate Type : recommended References : 1159034 1194818 1194818 1218609 1222285 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - pam-1.3.0-150000.6.71.2 updated - util-linux-2.39.3-150600.4.9.4 updated - containerized-data-importer-cloner-1.58.0-150700.7.6 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:37 +0200 (CEST) Subject: SUSE-CU-2024:4092-1: Recommended update of suse/sles/15.7/cdi-controller Message-ID: <20240907071337.0D678FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4092-1 Container Tags : suse/sles/15.7/cdi-controller:1.58.0 , suse/sles/15.7/cdi-controller:1.58.0-150700.7.6 , suse/sles/15.7/cdi-controller:1.58.0.27.17 Container Release : 27.17 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - containerized-data-importer-controller-1.58.0-150700.7.6 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:39 +0200 (CEST) Subject: SUSE-CU-2024:4093-1: Recommended update of suse/sles/15.7/cdi-importer Message-ID: <20240907071339.5C46EFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4093-1 Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.6 , suse/sles/15.7/cdi-importer:1.58.0.28.19 Container Release : 28.19 Severity : moderate Type : recommended References : 1159034 1194818 1194818 1218609 1222285 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - pam-1.3.0-150000.6.71.2 updated - util-linux-2.39.3-150600.4.9.4 updated - qemu-img-8.2.6-150700.6.1 updated - containerized-data-importer-importer-1.58.0-150700.7.6 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:41 +0200 (CEST) Subject: SUSE-CU-2024:4094-1: Recommended update of suse/sles/15.7/cdi-operator Message-ID: <20240907071341.BB0E1FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4094-1 Container Tags : suse/sles/15.7/cdi-operator:1.58.0 , suse/sles/15.7/cdi-operator:1.58.0-150700.7.6 , suse/sles/15.7/cdi-operator:1.58.0.27.17 Container Release : 27.17 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - containerized-data-importer-operator-1.58.0-150700.7.6 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:43 +0200 (CEST) Subject: SUSE-CU-2024:4095-1: Recommended update of suse/sles/15.7/cdi-uploadproxy Message-ID: <20240907071343.8A673FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4095-1 Container Tags : suse/sles/15.7/cdi-uploadproxy:1.58.0 , suse/sles/15.7/cdi-uploadproxy:1.58.0-150700.7.6 , suse/sles/15.7/cdi-uploadproxy:1.58.0.27.17 Container Release : 27.17 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - containerized-data-importer-uploadproxy-1.58.0-150700.7.6 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:45 +0200 (CEST) Subject: SUSE-CU-2024:4096-1: Recommended update of suse/sles/15.7/cdi-uploadserver Message-ID: <20240907071345.676C3FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4096-1 Container Tags : suse/sles/15.7/cdi-uploadserver:1.58.0 , suse/sles/15.7/cdi-uploadserver:1.58.0-150700.7.6 , suse/sles/15.7/cdi-uploadserver:1.58.0.28.19 Container Release : 28.19 Severity : moderate Type : recommended References : 1159034 1194818 1194818 1218609 1222285 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - pam-1.3.0-150000.6.71.2 updated - util-linux-2.39.3-150600.4.9.4 updated - qemu-img-8.2.6-150700.6.1 updated - containerized-data-importer-uploadserver-1.58.0-150700.7.6 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:47 +0200 (CEST) Subject: SUSE-CU-2024:4097-1: Recommended update of suse/sle15 Message-ID: <20240907071347.4816BFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4097-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7.50.13 , suse/sle15:15.7 , suse/sle15:15.7.50.13 Container Release : 50.13 Severity : moderate Type : recommended References : 1159034 1194818 1194818 1218609 1222285 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libuuid1-2.39.3-150600.4.9.4 updated - pam-1.3.0-150000.6.71.2 updated - sle-module-basesystem-release-15.7-150700.5.1 updated - sle-module-python3-release-15.7-150700.5.1 updated - sle-module-server-applications-release-15.7-150700.5.1 updated - sles-release-15.7-150700.5.1 updated - util-linux-2.39.3-150600.4.9.4 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:49 +0200 (CEST) Subject: SUSE-CU-2024:4098-1: Recommended update of suse/sles/15.7/virt-api Message-ID: <20240907071349.88F28FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4098-1 Container Tags : suse/sles/15.7/virt-api:1.1.1 , suse/sles/15.7/virt-api:1.1.1-150700.9.8 , suse/sles/15.7/virt-api:1.1.1.27.19 Container Release : 27.19 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sles/15.7/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - kubevirt-virt-api-1.1.1-150700.9.8 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:51 +0200 (CEST) Subject: SUSE-CU-2024:4099-1: Recommended update of suse/sles/15.7/virt-controller Message-ID: <20240907071351.B8F2EFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4099-1 Container Tags : suse/sles/15.7/virt-controller:1.1.1 , suse/sles/15.7/virt-controller:1.1.1-150700.9.8 , suse/sles/15.7/virt-controller:1.1.1.27.19 Container Release : 27.19 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sles/15.7/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - kubevirt-virt-controller-1.1.1-150700.9.8 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:53 +0200 (CEST) Subject: SUSE-CU-2024:4100-1: Recommended update of suse/sles/15.7/virt-exportproxy Message-ID: <20240907071353.E8D1CFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4100-1 Container Tags : suse/sles/15.7/virt-exportproxy:1.1.1 , suse/sles/15.7/virt-exportproxy:1.1.1-150700.9.8 , suse/sles/15.7/virt-exportproxy:1.1.1.11.19 Container Release : 11.19 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - kubevirt-virt-exportproxy-1.1.1-150700.9.8 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:56 +0200 (CEST) Subject: SUSE-CU-2024:4101-1: Recommended update of suse/sles/15.7/virt-exportserver Message-ID: <20240907071356.3B4A5FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4101-1 Container Tags : suse/sles/15.7/virt-exportserver:1.1.1 , suse/sles/15.7/virt-exportserver:1.1.1-150700.9.8 , suse/sles/15.7/virt-exportserver:1.1.1.12.19 Container Release : 12.19 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - kubevirt-virt-exportserver-1.1.1-150700.9.8 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sat Sep 7 07:13:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Sep 2024 09:13:58 +0200 (CEST) Subject: SUSE-CU-2024:4102-1: Recommended update of suse/sles/15.7/virt-handler Message-ID: <20240907071358.94C0FFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4102-1 Container Tags : suse/sles/15.7/virt-handler:1.1.1 , suse/sles/15.7/virt-handler:1.1.1-150700.9.8 , suse/sles/15.7/virt-handler:1.1.1.29.23 Container Release : 29.23 Severity : moderate Type : recommended References : 1159034 1194818 1194818 1218609 1222285 ----------------------------------------------------------------- The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - sles-release-15.7-150700.5.1 updated - pam-1.3.0-150000.6.71.2 updated - util-linux-2.39.3-150600.4.9.4 updated - kubevirt-container-disk-1.1.1-150700.9.8 updated - kubevirt-virt-handler-1.1.1-150700.9.8 updated - qemu-img-8.2.6-150700.6.1 updated - util-linux-systemd-2.39.3-150600.4.9.4 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sun Sep 8 07:04:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 8 Sep 2024 09:04:13 +0200 (CEST) Subject: SUSE-CU-2024:4102-1: Recommended update of suse/sles/15.7/virt-handler Message-ID: <20240908070413.504E4FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4102-1 Container Tags : suse/sles/15.7/virt-handler:1.1.1 , suse/sles/15.7/virt-handler:1.1.1-150700.9.8 , suse/sles/15.7/virt-handler:1.1.1.29.23 Container Release : 29.23 Severity : moderate Type : recommended References : 1159034 1194818 1194818 1218609 1222285 ----------------------------------------------------------------- The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - sles-release-15.7-150700.5.1 updated - pam-1.3.0-150000.6.71.2 updated - util-linux-2.39.3-150600.4.9.4 updated - kubevirt-container-disk-1.1.1-150700.9.8 updated - kubevirt-virt-handler-1.1.1-150700.9.8 updated - qemu-img-8.2.6-150700.6.1 updated - util-linux-systemd-2.39.3-150600.4.9.4 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sun Sep 8 07:04:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 8 Sep 2024 09:04:15 +0200 (CEST) Subject: SUSE-CU-2024:4103-1: Recommended update of suse/sles/15.7/virt-launcher Message-ID: <20240908070415.3CB65FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4103-1 Container Tags : suse/sles/15.7/virt-launcher:1.1.1 , suse/sles/15.7/virt-launcher:1.1.1-150700.9.8 , suse/sles/15.7/virt-launcher:1.1.1.34.1 Container Release : 34.1 Severity : moderate Type : recommended References : 1159034 1194818 1194818 1218609 1222285 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2886-1 Released: Tue Aug 13 09:46:48 2024 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - sles-release-15.7-150700.5.1 updated - pam-1.3.0-150000.6.71.2 updated - util-linux-2.39.3-150600.4.9.4 updated - dmidecode-3.6-150400.16.11.2 updated - kubevirt-container-disk-1.1.1-150700.9.8 updated - libbsd0-0.8.7-150600.16.2 added - qemu-accel-tcg-x86-8.2.6-150700.6.1 updated - qemu-hw-usb-host-8.2.6-150700.6.1 updated - qemu-ipxe-8.2.6-150700.6.1 updated - qemu-seabios-8.2.61.16.3_3_ga95067eb-150700.6.1 updated - qemu-vgabios-8.2.61.16.3_3_ga95067eb-150700.6.1 updated - zstd-1.5.5-150600.1.3 added - netcat-openbsd-1.203-150400.1.5 added - libndctl6-79-150700.1.1 updated - qemu-hw-usb-redirect-8.2.6-150700.6.1 updated - xen-libs-4.19.0_02-150700.1.1 updated - qemu-img-8.2.6-150700.6.1 updated - libvirt-libs-10.6.0-150700.1.2 updated - libvirt-daemon-log-10.6.0-150700.1.2 updated - libvirt-client-10.6.0-150700.1.2 updated - kubevirt-virt-launcher-1.1.1-150700.9.8 updated - libvirt-daemon-common-10.6.0-150700.1.2 updated - qemu-x86-8.2.6-150700.6.1 updated - qemu-8.2.6-150700.6.1 updated - libvirt-daemon-driver-qemu-10.6.0-150700.1.2 updated - container:sles15-image-15.0.0-50.13 updated - gnutls-3.8.3-150600.2.15 removed - libpcap1-1.10.4-150600.1.4 removed - ncat-7.92-150600.7.3 removed From sle-container-updates at lists.suse.com Sun Sep 8 07:04:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 8 Sep 2024 09:04:17 +0200 (CEST) Subject: SUSE-CU-2024:4104-1: Security update of suse/sles/15.7/libguestfs-tools Message-ID: <20240908070417.374D0FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4104-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.8 , suse/sles/15.7/libguestfs-tools:1.1.1.28.24 Container Release : 28.24 Severity : moderate Type : security References : 1159034 1194818 1194818 1218609 1222285 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - sles-release-15.7-150700.5.1 updated - pam-1.3.0-150000.6.71.2 updated - util-linux-2.39.3-150600.4.9.4 updated - qemu-accel-tcg-x86-8.2.6-150700.6.1 updated - qemu-ipxe-8.2.6-150700.6.1 updated - qemu-seabios-8.2.61.16.3_3_ga95067eb-150700.6.1 updated - qemu-vgabios-8.2.61.16.3_3_ga95067eb-150700.6.1 updated - libopenssl1_1-1.1.1w-150600.5.6.1 updated - libndctl6-79-150700.1.1 updated - xen-libs-4.19.0_02-150700.1.1 updated - qemu-pr-helper-8.2.6-150700.6.1 updated - qemu-img-8.2.6-150700.6.1 updated - util-linux-systemd-2.39.3-150600.4.9.4 updated - libvirt-libs-10.6.0-150700.1.2 updated - qemu-tools-8.2.6-150700.6.1 updated - qemu-x86-8.2.6-150700.6.1 updated - qemu-8.2.6-150700.6.1 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sun Sep 8 07:04:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 8 Sep 2024 09:04:19 +0200 (CEST) Subject: SUSE-CU-2024:4105-1: Recommended update of suse/sles/15.7/virt-operator Message-ID: <20240908070419.41512FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4105-1 Container Tags : suse/sles/15.7/virt-operator:1.1.1 , suse/sles/15.7/virt-operator:1.1.1-150700.9.8 , suse/sles/15.7/virt-operator:1.1.1.27.19 Container Release : 27.19 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sles/15.7/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - kubevirt-virt-operator-1.1.1-150700.9.8 updated - container:sles15-image-15.0.0-50.13 updated From sle-container-updates at lists.suse.com Sun Sep 8 07:05:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 8 Sep 2024 09:05:29 +0200 (CEST) Subject: SUSE-CU-2024:4107-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240908070529.C9196FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4107-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.26 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.26 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 CVE-2023-7008 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libudev1-249.17-150400.8.43.1 updated - libsystemd0-249.17-150400.8.43.1 updated - container:sles15-ltss-image-15.0.0-5.15 updated From sle-container-updates at lists.suse.com Sun Sep 8 07:06:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 8 Sep 2024 09:06:20 +0200 (CEST) Subject: SUSE-CU-2024:4109-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20240908070620.2B538FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4109-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.18 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.18 Severity : moderate Type : security References : 1218297 1221479 1226414 1228091 CVE-2023-7008 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). The following package changes have been done: - libudev1-249.17-150400.8.43.1 updated - libsystemd0-249.17-150400.8.43.1 updated - container:sles15-ltss-image-15.0.0-5.15 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:01:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:01:18 +0200 (CEST) Subject: SUSE-IU-2024:1175-1: Security update of suse-sles-15-sp6-chost-byos-v20240905-hvm-ssd-x86_64 Message-ID: <20240910070118.A941DFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20240905-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1175-1 Image Tags : suse-sles-15-sp6-chost-byos-v20240905-hvm-ssd-x86_64:20240905 Image Release : Severity : critical Type : security References : 1027519 1159034 1194818 1194818 1214855 1218609 1219267 1219268 1219438 1220356 1220523 1220690 1220693 1220696 1221243 1221365 1221677 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1221916 1222021 1222285 1222985 1223409 1223535 1223571 1224014 1224016 1224117 1225907 1226100 1226463 1227127 1227138 1227308 1227525 1228105 1228124 1228159 1228265 1228324 1228398 1228574 1228575 1228732 1228847 1228968 1229160 1229329 1229339 1229465 1229975 CVE-2024-1753 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-28180 CVE-2024-31145 CVE-2024-31146 CVE-2024-3727 CVE-2024-41110 CVE-2024-5535 CVE-2024-6119 CVE-2024-6345 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20240905-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2886-1 Released: Tue Aug 13 09:46:48 2024 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2918-1 Released: Thu Aug 15 06:59:39 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1223535,1226100,1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2932-1 Released: Thu Aug 15 12:05:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2952-1 Released: Fri Aug 16 17:05:34 2024 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1228159 This update for nfs-utils fixes the following issues: - Include source for libnfsidmap 0.26 and build that. This is needed for compatability with SLE15-SP5 and earlier. - Copied from old nfsidmap package (bsc#1228159). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2957-1 Released: Mon Aug 19 10:48:01 2024 Summary: Recommended update for ldb, samba Type: recommended Severity: moderate References: 1228732 This update for ldb, samba fixes the following issues: - Many qsort() comparisons are non-transitive, which can lead to out-of-bounds access in some circumstances. - Fix a crash when joining offline and 'kerberos method' includes keytab (bsc#1228732). - Fix reading the password from STDIN or environment vars if it was already given in the command line (bsc#1228732). - netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0. - Anonymous smb3 signing/encryption should be allowed (similar to Windows Server 2022). - Panic in dreplsrv_op_pull_source_apply_changes_trigger. - winbindd, net ads join and other things don't work on an ipv6 only host. - Smbcacls incorrectly propagates inheritance with Inherit-Only flag. - http library doesn't support 'chunked transfer encoding'. - fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close() - samba-gpupdate: Correctly implement site support. - libgpo: Segfault in python bindings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3103-1 Released: Tue Sep 3 16:59:06 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1229160 This update for xfsprogs fixes the following issue: - xfs_repair: allow symlinks with short remote targets (bsc#1229160) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3113-1 Released: Tue Sep 3 17:04:05 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1228574,1228575,CVE-2024-31145,CVE-2024-31146 This update for xen fixes the following issues: - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) - CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) Other fixes: - Update to Xen 4.18.3 security bug fix release (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3120-1 Released: Tue Sep 3 17:12:57 2024 Summary: Security update for buildah, docker Type: security Severity: critical References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3124-1 Released: Tue Sep 3 17:38:34 2024 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1229975 This update for cryptsetup fixes the following issues: - FIPS: Extend the password for PBKDF2 benchmarking to be more than 20 chars to meet FIPS 140-3 requirements (bsc#1229975) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3135-1 Released: Wed Sep 4 08:36:23 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: This update for rsyslog fixes the following issues: - Version upgrade - patches replaced by upgrade (details in upgrade logs) * Revert 'Update omlibdbi.c' * imkmsg: add params 'readMode' and 'expectedBootCompleteSeconds' * testbench: fix 'typo' in test case * omazureeventhubs: Corrected handling of transport closed failures * imkmsg: add module param parseKernelTimestamp * imfile: remove state file on file delete fix * imklog bugfix: keepKernelTimestamp=off config param did not work * Netstreamdriver: deallocate certificate related resources * TLS subsystem: add remote hostname to error reporting * Fix forking issue do to close_range call * replace debian sample systemd service file by readme * testbench: bump zookeeper version to match current offering * Update rsyslog.service sample unit to the latest version used in Debian Trixie * Only keep a single rsyslog.service for Debian * Remove no longer used --with-systemdsystemunitdir configure switch * use logind instead of utmp for wall messages with systemd * Typo fixes * Drop CAP_IPC_LOCK capability * Add CAP_NET_RAW capability due to the omudpspoof module * Add new global config option 'libcapng.enable' * tcp net subsystem: handle data race gracefully * Avoid crash on restart in imrelp SIGTTIN handler - patches replaced by upgrade * fix startup issue on modern systemd systems * Fix misspeling in message. * tcpflood bugfix: plain tcp send error not properly reported * omprog bugfix: Add CAP_DAC_OVERRIDE to the bounding set * testbench: cleanup and improve some more imfile tests * lookup tables: fix static analyzer issue * lookup tables bugfix: reload on HUP did not work when backgrounded * CI: fix and cleaup github workflow * imjournal: Support input module * testbench: make test more reliable * tcpflood: add -A option to NOT abort when sending fails * tcpflood: fix today's programming error * openssl: Replaced depreceated method SSLv23_method with TLS_method * testbench improvement: define state file directories for imfile tests * testbench: cleanup a test and some nitfixes to it * tcpflood bugfix: TCP sending was not implemented properly * testbench: make waiting for HUP processing more reliable * build system: make rsyslogd execute when --disable-inet is configured * CI: update zookeper download to newer version * ossl driver: Using newer INIT API for OpenSSL 1.1+ Versions * ossl: Fix CRL File Expire from 1 day to 100 years. * PR5175: Add TLS CRL Support for GnuTLS driver and OpenSSL 1.0.2+ * omazureeventhubs: Initial implementation of new output module * TLS CRL Support Issue 5081 * action.resumeintervalmax: the parameter was not respected * IMHIREDIS::FIXED:: Restore compatiblity with hiredis < v1.0.0 * Add the 'batchsize' parameter to imhiredis * Clear undefined behavior in libgcry.c (GH #5167) * Do not try to drop capabilities when we don't have any * testbench: use newer zookeeper version in tests * build system: more precise error message on too-old lib * Fix quoting for omprog, improg, mmexternal ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3147-1 Released: Thu Sep 5 09:30:37 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228398,1228847 This update for dracut fixes the following issues: - Version update with: * feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398) * fix(convertfs) error in conditional expressions (bsc#1228847) The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - dmidecode-3.6-150400.16.11.2 updated - docker-25.0.6_ce-150000.207.1 updated - dracut-059+suse.531.g48487c31-150600.3.6.2 updated - grub2-i386-pc-2.12-150600.8.3.1 updated - grub2-x86_64-efi-2.12-150600.8.3.1 updated - grub2-x86_64-xen-2.12-150600.8.3.1 updated - grub2-2.12-150600.8.3.1 updated - libblkid1-2.39.3-150600.4.9.4 updated - libcryptsetup12-2.7.0-150600.3.3.1 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libldb2-2.8.1-150600.3.3.4 updated - libmount1-2.39.3-150600.4.9.4 updated - libnfsidmap1-1.0-150600.28.3.2 updated - libopenssl1_1-1.1.1w-150600.5.6.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libuuid1-2.39.3-150600.4.9.4 updated - libyaml-0-2-0.1.7-150000.3.2.1 added - nfs-client-2.6.4-150600.28.3.2 updated - openssl-3-3.1.4-150600.5.15.1 updated - pam-1.3.0-150000.6.71.2 updated - permissions-20240826-150600.10.9.1 updated - python3-PyYAML-5.4.1-150300.3.3.1 updated - python3-setuptools-44.1.1-150400.9.9.1 updated - rsyslog-module-relp-8.2406.0-150600.12.3.2 updated - rsyslog-8.2406.0-150600.12.3.2 updated - samba-client-libs-4.19.7+git.357.1d7950ebd62-150600.3.3.2 updated - supportutils-3.2.8-150600.3.3.1 updated - suse-build-key-12.0-150000.8.52.3 updated - util-linux-systemd-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated - xen-libs-4.18.3_02-150600.3.6.1 updated - xen-tools-domU-4.18.3_02-150600.3.6.1 updated - xfsprogs-6.7.0-150600.3.6.2 updated - haveged-1.9.14-150600.9.5 removed - libhavege2-1.9.14-150600.9.5 removed From sle-container-updates at lists.suse.com Tue Sep 10 07:01:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:01:21 +0200 (CEST) Subject: SUSE-IU-2024:1176-1: Security update of sles-15-sp6-chost-byos-v20240905-arm64 Message-ID: <20240910070121.45AF9FCA2@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20240905-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1176-1 Image Tags : sles-15-sp6-chost-byos-v20240905-arm64:20240905 Image Release : Severity : critical Type : security References : 1027519 1159034 1194818 1194818 1214855 1218609 1219267 1219268 1219438 1220356 1220523 1220690 1220693 1220696 1221243 1221365 1221677 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1221916 1222021 1222285 1223409 1223535 1224024 1224117 1225907 1226100 1226463 1227127 1227138 1227525 1228105 1228124 1228159 1228265 1228324 1228376 1228398 1228574 1228575 1228732 1228847 1228968 1229160 1229329 1229339 1229465 1229975 CVE-2024-1753 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-28180 CVE-2024-31145 CVE-2024-31146 CVE-2024-3727 CVE-2024-41110 CVE-2024-5535 CVE-2024-6119 CVE-2024-6345 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20240905-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2865-1 Released: Fri Aug 9 12:06:04 2024 Summary: Recommended update for libnvme, nvme-cli Type: recommended Severity: moderate References: 1224024,1228376 This update for libnvme, nvme-cli fixes the following issues: - linux: Correct error handling for derive_psk_digest (bsc#1228376). - tree: Add NVM subsystem controller identifier (bsc#1224024). - nvme-print: Print cntlid number for controller (bsc#1224024). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2886-1 Released: Tue Aug 13 09:46:48 2024 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2918-1 Released: Thu Aug 15 06:59:39 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1223535,1226100,1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2932-1 Released: Thu Aug 15 12:05:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2952-1 Released: Fri Aug 16 17:05:34 2024 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1228159 This update for nfs-utils fixes the following issues: - Include source for libnfsidmap 0.26 and build that. This is needed for compatability with SLE15-SP5 and earlier. - Copied from old nfsidmap package (bsc#1228159). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2957-1 Released: Mon Aug 19 10:48:01 2024 Summary: Recommended update for ldb, samba Type: recommended Severity: moderate References: 1228732 This update for ldb, samba fixes the following issues: - Many qsort() comparisons are non-transitive, which can lead to out-of-bounds access in some circumstances. - Fix a crash when joining offline and 'kerberos method' includes keytab (bsc#1228732). - Fix reading the password from STDIN or environment vars if it was already given in the command line (bsc#1228732). - netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0. - Anonymous smb3 signing/encryption should be allowed (similar to Windows Server 2022). - Panic in dreplsrv_op_pull_source_apply_changes_trigger. - winbindd, net ads join and other things don't work on an ipv6 only host. - Smbcacls incorrectly propagates inheritance with Inherit-Only flag. - http library doesn't support 'chunked transfer encoding'. - fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close() - samba-gpupdate: Correctly implement site support. - libgpo: Segfault in python bindings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3103-1 Released: Tue Sep 3 16:59:06 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1229160 This update for xfsprogs fixes the following issue: - xfs_repair: allow symlinks with short remote targets (bsc#1229160) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3113-1 Released: Tue Sep 3 17:04:05 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1228574,1228575,CVE-2024-31145,CVE-2024-31146 This update for xen fixes the following issues: - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) - CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) Other fixes: - Update to Xen 4.18.3 security bug fix release (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3120-1 Released: Tue Sep 3 17:12:57 2024 Summary: Security update for buildah, docker Type: security Severity: critical References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3124-1 Released: Tue Sep 3 17:38:34 2024 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1229975 This update for cryptsetup fixes the following issues: - FIPS: Extend the password for PBKDF2 benchmarking to be more than 20 chars to meet FIPS 140-3 requirements (bsc#1229975) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3135-1 Released: Wed Sep 4 08:36:23 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: This update for rsyslog fixes the following issues: - Version upgrade - patches replaced by upgrade (details in upgrade logs) * Revert 'Update omlibdbi.c' * imkmsg: add params 'readMode' and 'expectedBootCompleteSeconds' * testbench: fix 'typo' in test case * omazureeventhubs: Corrected handling of transport closed failures * imkmsg: add module param parseKernelTimestamp * imfile: remove state file on file delete fix * imklog bugfix: keepKernelTimestamp=off config param did not work * Netstreamdriver: deallocate certificate related resources * TLS subsystem: add remote hostname to error reporting * Fix forking issue do to close_range call * replace debian sample systemd service file by readme * testbench: bump zookeeper version to match current offering * Update rsyslog.service sample unit to the latest version used in Debian Trixie * Only keep a single rsyslog.service for Debian * Remove no longer used --with-systemdsystemunitdir configure switch * use logind instead of utmp for wall messages with systemd * Typo fixes * Drop CAP_IPC_LOCK capability * Add CAP_NET_RAW capability due to the omudpspoof module * Add new global config option 'libcapng.enable' * tcp net subsystem: handle data race gracefully * Avoid crash on restart in imrelp SIGTTIN handler - patches replaced by upgrade * fix startup issue on modern systemd systems * Fix misspeling in message. * tcpflood bugfix: plain tcp send error not properly reported * omprog bugfix: Add CAP_DAC_OVERRIDE to the bounding set * testbench: cleanup and improve some more imfile tests * lookup tables: fix static analyzer issue * lookup tables bugfix: reload on HUP did not work when backgrounded * CI: fix and cleaup github workflow * imjournal: Support input module * testbench: make test more reliable * tcpflood: add -A option to NOT abort when sending fails * tcpflood: fix today's programming error * openssl: Replaced depreceated method SSLv23_method with TLS_method * testbench improvement: define state file directories for imfile tests * testbench: cleanup a test and some nitfixes to it * tcpflood bugfix: TCP sending was not implemented properly * testbench: make waiting for HUP processing more reliable * build system: make rsyslogd execute when --disable-inet is configured * CI: update zookeper download to newer version * ossl driver: Using newer INIT API for OpenSSL 1.1+ Versions * ossl: Fix CRL File Expire from 1 day to 100 years. * PR5175: Add TLS CRL Support for GnuTLS driver and OpenSSL 1.0.2+ * omazureeventhubs: Initial implementation of new output module * TLS CRL Support Issue 5081 * action.resumeintervalmax: the parameter was not respected * IMHIREDIS::FIXED:: Restore compatiblity with hiredis < v1.0.0 * Add the 'batchsize' parameter to imhiredis * Clear undefined behavior in libgcry.c (GH #5167) * Do not try to drop capabilities when we don't have any * testbench: use newer zookeeper version in tests * build system: more precise error message on too-old lib * Fix quoting for omprog, improg, mmexternal ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3147-1 Released: Thu Sep 5 09:30:37 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228398,1228847 This update for dracut fixes the following issues: - Version update with: * feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398) * fix(convertfs) error in conditional expressions (bsc#1228847) The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - dmidecode-3.6-150400.16.11.2 updated - docker-25.0.6_ce-150000.207.1 updated - dracut-059+suse.531.g48487c31-150600.3.6.2 updated - grub2-i386-pc-2.12-150600.8.3.1 updated - grub2-x86_64-efi-2.12-150600.8.3.1 updated - grub2-2.12-150600.8.3.1 updated - libblkid1-2.39.3-150600.4.9.4 updated - libcryptsetup12-2.7.0-150600.3.3.1 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libldb2-2.8.1-150600.3.3.4 updated - libmount1-2.39.3-150600.4.9.4 updated - libnfsidmap1-1.0-150600.28.3.2 updated - libnvme-mi1-1.8+41.g6e8e2d7-150600.3.6.2 updated - libnvme1-1.8+41.g6e8e2d7-150600.3.6.2 updated - libopenssl1_1-1.1.1w-150600.5.6.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libuuid1-2.39.3-150600.4.9.4 updated - nfs-client-2.6.4-150600.28.3.2 updated - nvme-cli-2.8+44.gb56f5d9-150600.3.6.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - pam-1.3.0-150000.6.71.2 updated - permissions-20240826-150600.10.9.1 updated - python3-setuptools-44.1.1-150400.9.9.1 updated - rsyslog-module-relp-8.2406.0-150600.12.3.2 updated - rsyslog-8.2406.0-150600.12.3.2 updated - samba-client-libs-4.19.7+git.357.1d7950ebd62-150600.3.3.2 updated - supportutils-3.2.8-150600.3.3.1 updated - suse-build-key-12.0-150000.8.52.3 updated - util-linux-systemd-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated - xen-libs-4.18.3_02-150600.3.6.1 updated - xfsprogs-6.7.0-150600.3.6.2 updated - haveged-1.9.14-150600.9.5 removed - libhavege2-1.9.14-150600.9.5 removed From sle-container-updates at lists.suse.com Tue Sep 10 07:01:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:01:53 +0200 (CEST) Subject: SUSE-IU-2024:1179-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20240910070153.D9A6AFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1179-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.147 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.147 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - glibc-locale-base-2.31-150300.86.3 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.72 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:02:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:02:16 +0200 (CEST) Subject: SUSE-IU-2024:1181-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20240910070216.03BA9FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1181-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.119 , suse/sle-micro/5.5:latest Image Release : 5.5.119 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - glibc-locale-base-2.31-150300.86.3 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.72 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:06:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:06:43 +0200 (CEST) Subject: SUSE-CU-2024:4116-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240910070643.141A5FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4116-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.17 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.17 Container Release : 5.17 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228043 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) The following package changes have been done: - glibc-2.31-150300.86.3 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libzypp-17.35.8-150400.3.85.1 updated - zypper-1.14.76-150400.3.57.16 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - libprotobuf-lite25_1_0-25.1-150400.9.6.1 removed From sle-container-updates at lists.suse.com Tue Sep 10 07:07:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:07:42 +0200 (CEST) Subject: SUSE-CU-2024:4117-1: Recommended update of bci/bci-busybox Message-ID: <20240910070742.4299CFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4117-1 Container Tags : bci/bci-busybox:15.5 , bci/bci-busybox:15.5.31.4 Container Release : 31.4 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:09:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:09:18 +0200 (CEST) Subject: SUSE-CU-2024:4118-1: Recommended update of bci/bci-init Message-ID: <20240910070918.7ADE5FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4118-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.26.10 Container Release : 26.10 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - container:sles15-image-15.0.0-36.14.21 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:09:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:09:33 +0200 (CEST) Subject: SUSE-CU-2024:4119-1: Recommended update of bci/bci-micro Message-ID: <20240910070933.86779FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4119-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.30.4 Container Release : 30.4 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:09:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:09:50 +0200 (CEST) Subject: SUSE-CU-2024:4120-1: Recommended update of bci/bci-minimal Message-ID: <20240910070950.8FF7EFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4120-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.30.6 Container Release : 30.6 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - container:micro-image-15.5.0-30.4 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:10:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:10:33 +0200 (CEST) Subject: SUSE-CU-2024:4121-1: Recommended update of bci/nodejs Message-ID: <20240910071033.76B16FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4121-1 Container Tags : bci/node:18 , bci/node:18-30.3 , bci/node:18.20.4 , bci/node:18.20.4-30.3 , bci/nodejs:18 , bci/nodejs:18-30.3 , bci/nodejs:18.20.4 , bci/nodejs:18.20.4-30.3 Container Release : 30.3 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - container:sles15-image-15.0.0-36.14.21 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:01:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:01:59 +0200 (CEST) Subject: SUSE-IU-2024:1180-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20240910070159.74C76FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1180-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.156 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.156 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - glibc-locale-base-2.31-150300.86.3 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.119 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:11:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:11:21 +0200 (CEST) Subject: SUSE-CU-2024:4122-1: Recommended update of bci/openjdk-devel Message-ID: <20240910071121.966A4FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4122-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-26.21 Container Release : 26.21 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - container:bci-openjdk-11-15.5.11-27.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:12:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:12:00 +0200 (CEST) Subject: SUSE-CU-2024:4123-1: Recommended update of bci/openjdk Message-ID: <20240910071200.F169EFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4123-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-27.12 Container Release : 27.12 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - container:sles15-image-15.0.0-36.14.21 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:12:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:12:45 +0200 (CEST) Subject: SUSE-CU-2024:4124-1: Recommended update of bci/openjdk-devel Message-ID: <20240910071245.BA13EFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4124-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-28.20 Container Release : 28.20 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - container:bci-openjdk-17-15.5.17-29.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:13:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:13:27 +0200 (CEST) Subject: SUSE-CU-2024:4125-1: Recommended update of bci/openjdk Message-ID: <20240910071327.A7627FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4125-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-29.12 Container Release : 29.12 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - container:sles15-image-15.0.0-36.14.21 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:13:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:13:54 +0200 (CEST) Subject: SUSE-CU-2024:4126-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240910071354.E88EAFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4126-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.22.11 Container Release : 22.11 Severity : moderate Type : recommended References : 1215341 1216908 1228043 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3180-1 Released: Mon Sep 9 14:50:18 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1215341,1216908 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in 'objdump -M insndesc' to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) The following package changes have been done: - glibc-2.31-150300.86.3 updated - glibc-locale-base-2.31-150300.86.3 updated - libctf-nobfd0-2.43-150100.7.49.1 updated - glibc-locale-2.31-150300.86.3 updated - libctf0-2.43-150100.7.49.1 updated - binutils-2.43-150100.7.49.1 updated - glibc-devel-2.31-150300.86.3 updated - container:sles15-image-15.0.0-36.14.21 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:14:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:14:26 +0200 (CEST) Subject: SUSE-CU-2024:4127-1: Recommended update of suse/sle15 Message-ID: <20240910071426.DBC99FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4127-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.21 , suse/sle15:15.5 , suse/sle15:15.5.36.14.21 Container Release : 36.14.21 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228043 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) The following package changes have been done: - glibc-2.31-150300.86.3 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libzypp-17.35.8-150500.6.13.1 updated - zypper-1.14.76-150500.6.6.15 updated - libabsl2401_0_0-20240116.1-150500.13.7.8 removed - libprotobuf-lite25_1_0-25.1-150500.12.2.2 removed From sle-container-updates at lists.suse.com Tue Sep 10 07:14:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:14:34 +0200 (CEST) Subject: SUSE-CU-2024:4128-1: Recommended update of suse/389-ds Message-ID: <20240910071434.E7F68FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4128-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-41.8 , suse/389-ds:latest Container Release : 41.8 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:14:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:14:43 +0200 (CEST) Subject: SUSE-CU-2024:4129-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240910071443.80C10FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4129-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-41.7 , bci/dotnet-aspnet:6.0.33 , bci/dotnet-aspnet:6.0.33-41.7 Container Release : 41.7 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:14:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:14:51 +0200 (CEST) Subject: SUSE-CU-2024:4130-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240910071451.7A09BFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4130-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-29.7 , bci/dotnet-aspnet:8.0.8 , bci/dotnet-aspnet:8.0.8-29.7 , bci/dotnet-aspnet:latest Container Release : 29.7 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 07:06:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 09:06:21 +0200 (CEST) Subject: SUSE-CU-2024:4115-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240910070621.BCC52FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4115-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.24 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.24 Container Release : 6.24 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:02:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:02:54 +0200 (CEST) Subject: SUSE-CU-2024:4130-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240910080254.6C4BCFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4130-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-29.7 , bci/dotnet-aspnet:8.0.8 , bci/dotnet-aspnet:8.0.8-29.7 , bci/dotnet-aspnet:latest Container Release : 29.7 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:02:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:02:59 +0200 (CEST) Subject: SUSE-CU-2024:4131-1: Recommended update of bci/bci-base-fips Message-ID: <20240910080259.BD6BAFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4131-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.9.5 , bci/bci-base-fips:latest Container Release : 9.5 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:03:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:03:07 +0200 (CEST) Subject: SUSE-CU-2024:4132-1: Recommended update of bci/bci-busybox Message-ID: <20240910080307.5F221FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4132-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.24.3 , bci/bci-busybox:latest Container Release : 24.3 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:03:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:03:16 +0200 (CEST) Subject: SUSE-CU-2024:4133-1: Security update of suse/registry Message-ID: <20240910080316.CCEF1FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4133-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-24.9 , suse/registry:latest Container Release : 24.9 Severity : important Type : security References : 1227276 1227278 1227353 1228042 CVE-2024-38473 CVE-2024-38474 CVE-2024-39884 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3172-1 Released: Mon Sep 9 12:55:40 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227276,1227278,1227353,CVE-2024-38473,CVE-2024-38474,CVE-2024-39884 This update for apache2 fixes the following issues: - CVE-2024-38474: Fixed substitution encoding issue in mod_rewrite (bsc#1227278) - CVE-2024-38473: Fixed encoding problem in mod_proxy (bsc#1227276) - CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353) The following package changes have been done: - apache2-utils-2.4.58-150600.5.23.1 updated - glibc-2.38-150600.14.8.2 updated - container:micro-image-15.6.0-24.3 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:03:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:03:27 +0200 (CEST) Subject: SUSE-CU-2024:4134-1: Recommended update of bci/dotnet-sdk Message-ID: <20240910080327.EA066FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4134-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-41.7 , bci/dotnet-sdk:6.0.33 , bci/dotnet-sdk:6.0.33-41.7 Container Release : 41.7 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:03:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:03:38 +0200 (CEST) Subject: SUSE-CU-2024:4135-1: Recommended update of bci/dotnet-sdk Message-ID: <20240910080338.CF377FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4135-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-30.6 , bci/dotnet-sdk:8.0.8 , bci/dotnet-sdk:8.0.8-30.6 , bci/dotnet-sdk:latest Container Release : 30.6 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:03:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:03:49 +0200 (CEST) Subject: SUSE-CU-2024:4136-1: Recommended update of bci/dotnet-runtime Message-ID: <20240910080349.2D373FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4136-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-41.7 , bci/dotnet-runtime:6.0.33 , bci/dotnet-runtime:6.0.33-41.7 Container Release : 41.7 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:03:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:03:59 +0200 (CEST) Subject: SUSE-CU-2024:4137-1: Recommended update of bci/dotnet-runtime Message-ID: <20240910080359.B7037FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4137-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-29.7 , bci/dotnet-runtime:8.0.8 , bci/dotnet-runtime:8.0.8-29.7 , bci/dotnet-runtime:latest Container Release : 29.7 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:04:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:04:07 +0200 (CEST) Subject: SUSE-CU-2024:4138-1: Recommended update of suse/git Message-ID: <20240910080407.B18C5FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4138-1 Container Tags : suse/git:2 , suse/git:2-23.2 , suse/git:2.43 , suse/git:2.43-23.2 , suse/git:2.43.0 , suse/git:2.43.0-23.2 , suse/git:latest Container Release : 23.2 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:micro-image-15.6.0-24.3 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:04:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:04:16 +0200 (CEST) Subject: SUSE-CU-2024:4139-1: Recommended update of bci/golang Message-ID: <20240910080416.F3D01FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4139-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-2.35.3 , bci/golang:1.22.6 , bci/golang:1.22.6-2.35.3 , bci/golang:oldstable , bci/golang:oldstable-2.35.3 Container Release : 35.3 Severity : moderate Type : recommended References : 1215341 1216908 1228042 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3180-1 Released: Mon Sep 9 14:50:18 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1215341,1216908 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in 'objdump -M insndesc' to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libctf-nobfd0-2.43-150100.7.49.1 updated - libctf0-2.43-150100.7.49.1 updated - binutils-2.43-150100.7.49.1 updated - glibc-devel-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:04:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:04:25 +0200 (CEST) Subject: SUSE-CU-2024:4140-1: Recommended update of bci/golang Message-ID: <20240910080425.E0554FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4140-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-41.3 , bci/golang:1.20.12.1 , bci/golang:1.20.12.1-41.3 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-41.3 Container Release : 41.3 Severity : moderate Type : recommended References : 1215341 1216908 1228042 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3180-1 Released: Mon Sep 9 14:50:18 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1215341,1216908 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in 'objdump -M insndesc' to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libctf-nobfd0-2.43-150100.7.49.1 updated - libctf0-2.43-150100.7.49.1 updated - binutils-2.43-150100.7.49.1 updated - glibc-devel-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:04:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:04:31 +0200 (CEST) Subject: SUSE-CU-2024:4141-1: Recommended update of bci/golang Message-ID: <20240910080431.C6709FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4141-1 Container Tags : bci/golang:1.23 , bci/golang:1.23-1.35.3 , bci/golang:1.23.0 , bci/golang:1.23.0-1.35.3 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.35.3 Container Release : 35.3 Severity : moderate Type : recommended References : 1215341 1216908 1228042 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3180-1 Released: Mon Sep 9 14:50:18 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1215341,1216908 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in 'objdump -M insndesc' to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libctf-nobfd0-2.43-150100.7.49.1 updated - libctf0-2.43-150100.7.49.1 updated - binutils-2.43-150100.7.49.1 updated - glibc-devel-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:04:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:04:40 +0200 (CEST) Subject: SUSE-CU-2024:4142-1: Recommended update of bci/golang Message-ID: <20240910080440.657DBFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4142-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-41.3 , bci/golang:1.21.5.1 , bci/golang:1.21.5.1-41.3 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-41.3 Container Release : 41.3 Severity : moderate Type : recommended References : 1215341 1216908 1228042 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3180-1 Released: Mon Sep 9 14:50:18 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1215341,1216908 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in 'objdump -M insndesc' to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libctf-nobfd0-2.43-150100.7.49.1 updated - libctf0-2.43-150100.7.49.1 updated - binutils-2.43-150100.7.49.1 updated - glibc-devel-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:04:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:04:45 +0200 (CEST) Subject: SUSE-CU-2024:4143-1: Recommended update of suse/helm Message-ID: <20240910080445.D2C55FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4143-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-22.6 , suse/helm:latest Container Release : 22.6 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:micro-image-15.6.0-24.3 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:04:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:04:58 +0200 (CEST) Subject: SUSE-CU-2024:4144-1: Recommended update of bci/bci-init Message-ID: <20240910080458.27290FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4144-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.22.6 , bci/bci-init:latest Container Release : 22.6 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:05:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:05:03 +0200 (CEST) Subject: SUSE-CU-2024:4145-1: Recommended update of bci/kiwi Message-ID: <20240910080503.55303FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4145-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-2.3 , bci/kiwi:9.24 , bci/kiwi:9.24-2.3 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-2.3 , bci/kiwi:latest Container Release : 2.3 Severity : important Type : recommended References : 1081596 1215341 1216908 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228042 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3180-1 Released: Mon Sep 9 14:50:18 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1215341,1216908 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in 'objdump -M insndesc' to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libzypp-17.35.8-150600.3.19.1 updated - zypper-1.14.76-150600.10.6.13 updated - glibc-locale-base-2.38-150600.14.8.2 updated - libctf-nobfd0-2.43-150100.7.49.1 updated - libctf0-2.43-150100.7.49.1 updated - binutils-2.43-150100.7.49.1 updated - glibc-devel-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated - libabsl2401_0_0-20240116.1-150600.17.7 removed - libprocps8-3.3.17-150000.7.39.1 removed - libprotobuf-lite25_1_0-25.1-150600.16.4.2 removed - procps-3.3.17-150000.7.39.1 removed From sle-container-updates at lists.suse.com Tue Sep 10 08:05:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:05:11 +0200 (CEST) Subject: SUSE-CU-2024:4146-1: Recommended update of bci/bci-micro Message-ID: <20240910080511.6ADC4FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4146-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.24.3 , bci/bci-micro:latest Container Release : 24.3 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:05:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:05:19 +0200 (CEST) Subject: SUSE-CU-2024:4147-1: Recommended update of bci/bci-minimal Message-ID: <20240910080519.62994FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4147-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.24.5 , bci/bci-minimal:latest Container Release : 24.5 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:micro-image-15.6.0-24.3 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:05:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:05:27 +0200 (CEST) Subject: SUSE-CU-2024:4148-1: Recommended update of suse/nginx Message-ID: <20240910080527.6605BFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4148-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-41.6 , suse/nginx:latest Container Release : 41.6 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:05:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:05:36 +0200 (CEST) Subject: SUSE-CU-2024:4149-1: Recommended update of bci/nodejs Message-ID: <20240910080536.9CD70FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4149-1 Container Tags : bci/node:20 , bci/node:20-37.3 , bci/node:20.15.1 , bci/node:20.15.1-37.3 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-37.3 , bci/nodejs:20.15.1 , bci/nodejs:20.15.1-37.3 , bci/nodejs:latest Container Release : 37.3 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:05:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:05:50 +0200 (CEST) Subject: SUSE-CU-2024:4150-1: Recommended update of bci/openjdk-devel Message-ID: <20240910080550.6C451FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4150-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-21.10 , bci/openjdk-devel:latest Container Release : 21.10 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:bci-openjdk-21-15.6.21-21.6 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:31:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:31:52 +0200 (CEST) Subject: SUSE-IU-2024:1182-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20240910083152.8B4BEFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1182-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.2 , suse/sl-micro/6.0/baremetal-os-container:2.1.2-3.54 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 3.54 Severity : important Type : security References : 1188441 1208690 1216594 1216598 1220724 1221239 1221482 1221940 1222992 1223423 1223424 1223425 1226412 1226529 1226586 1228041 CVE-2023-38469 CVE-2023-38471 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29 Released: Wed Sep 4 12:41:35 2024 Summary: Recommended update for gcc13 Type: recommended Severity: important References: 1188441,1220724,1221239 This update for gcc13 fixes the following issues: - Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] ----------------------------------------------------------------- Advisory ID: 32 Released: Thu Sep 5 12:12:35 2024 Summary: Security update for glibc Type: security Severity: important References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu ----------------------------------------------------------------- Advisory ID: 33 Released: Thu Sep 5 14:13:47 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Update to version 059+suse.567.gadd3169d: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) ----------------------------------------------------------------- Advisory ID: 35 Released: Thu Sep 5 15:38:19 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216594,1216598,1226586,CVE-2023-38469,CVE-2023-38471 This update for avahi fixes the following issues: Security issues fixed: - CVE-2023-38471: Extract host name using avahi_unescape_label (bsc#1216594). - CVE-2023-38469: Reject overly long TXT resource records (bsc#1216598). Non-security issue fixed: - no longer supply bogus services to callbacks (bsc#1226586). The following package changes have been done: - glibc-2.38-7.1 updated - libgcc_s1-13.3.0+git8781-1.1 updated - libstdc++6-13.3.0+git8781-1.1 updated - SL-Micro-release-6.0-24.14 updated - dracut-059+suse.571.g32b61281-1.1 updated - libcurl4-8.6.0-2.1 updated - glibc-locale-base-2.38-7.1 updated - libavahi-common3-0.8-5.1 updated - libavahi-core7-0.8-5.1 updated - libavahi-client3-0.8-5.1 updated - avahi-0.8-5.1 updated - container:SL-Micro-base-container-2.1.2-3.32 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:34:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:34:40 +0200 (CEST) Subject: SUSE-CU-2024:4150-1: Recommended update of bci/openjdk-devel Message-ID: <20240910083440.67B74FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4150-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-21.10 , bci/openjdk-devel:latest Container Release : 21.10 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:bci-openjdk-21-15.6.21-21.6 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:34:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:34:51 +0200 (CEST) Subject: SUSE-CU-2024:4151-1: Recommended update of bci/openjdk Message-ID: <20240910083451.AE877FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4151-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-21.6 , bci/openjdk:latest Container Release : 21.6 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:34:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:34:59 +0200 (CEST) Subject: SUSE-CU-2024:4152-1: Recommended update of suse/pcp Message-ID: <20240910083459.B871BFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4152-1 Container Tags : suse/pcp:5 , suse/pcp:5-41.11 , suse/pcp:5.3 , suse/pcp:5.3-41.11 , suse/pcp:5.3.7 , suse/pcp:5.3.7-41.11 , suse/pcp:latest Container Release : 41.11 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:bci-bci-init-15.6-15.6-22.6 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:35:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:35:08 +0200 (CEST) Subject: SUSE-CU-2024:4153-1: Security update of bci/php-apache Message-ID: <20240910083508.9E246FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4153-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-36.6 , bci/php-apache:latest Container Release : 36.6 Severity : important Type : security References : 1227276 1227278 1227353 1228042 CVE-2024-38473 CVE-2024-38474 CVE-2024-39884 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3172-1 Released: Mon Sep 9 12:55:40 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227276,1227278,1227353,CVE-2024-38473,CVE-2024-38474,CVE-2024-39884 This update for apache2 fixes the following issues: - CVE-2024-38474: Fixed substitution encoding issue in mod_rewrite (bsc#1227278) - CVE-2024-38473: Fixed encoding problem in mod_proxy (bsc#1227276) - CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - apache2-prefork-2.4.58-150600.5.23.1 updated - apache2-2.4.58-150600.5.23.1 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:35:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:35:17 +0200 (CEST) Subject: SUSE-CU-2024:4154-1: Recommended update of bci/php-fpm Message-ID: <20240910083517.0A95EFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4154-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-36.6 , bci/php-fpm:latest Container Release : 36.6 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:35:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:35:25 +0200 (CEST) Subject: SUSE-CU-2024:4155-1: Recommended update of bci/php Message-ID: <20240910083525.8051AFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4155-1 Container Tags : bci/php:8 , bci/php:8-36.6 , bci/php:latest Container Release : 36.6 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:35:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:35:33 +0200 (CEST) Subject: SUSE-CU-2024:4156-1: Security update of suse/postgres Message-ID: <20240910083533.02A3AFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4156-1 Container Tags : suse/postgres:16 , suse/postgres:16-42.7 , suse/postgres:16.4 , suse/postgres:16.4-42.7 , suse/postgres:latest Container Release : 42.7 Severity : important Type : security References : 1224038 1224051 1228042 1229013 CVE-2024-4317 CVE-2024-7348 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3159-1 Released: Fri Sep 6 12:15:52 2024 Summary: Security update for postgresql16 Type: security Severity: important References: 1224038,1224051,1229013,CVE-2024-4317,CVE-2024-7348 This update for postgresql16 fixes the following issues: - Upgrade to 16.4 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) - CVE-2024-4317: Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner. See the release notes for the steps that have to be taken to fix existing PostgreSQL instances. (bsc#1224038) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - glibc-locale-base-2.38-150600.14.8.2 updated - libpq5-16.4-150600.16.5.1 updated - glibc-locale-2.38-150600.14.8.2 updated - postgresql16-16.4-150600.16.5.1 updated - postgresql16-server-16.4-150600.16.5.1 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:35:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:35:42 +0200 (CEST) Subject: SUSE-CU-2024:4157-1: Recommended update of bci/python Message-ID: <20240910083542.AB234FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4157-1 Container Tags : bci/python:3 , bci/python:3-49.3 , bci/python:3.11 , bci/python:3.11-49.3 , bci/python:3.11.9 , bci/python:3.11.9-49.3 Container Release : 49.3 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:35:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:35:54 +0200 (CEST) Subject: SUSE-CU-2024:4158-1: Security update of bci/python Message-ID: <20240910083554.99E6FFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4158-1 Container Tags : bci/python:3 , bci/python:3-49.3 , bci/python:3.12 , bci/python:3.12-49.3 , bci/python:3.12.4 , bci/python:3.12.4-49.3 , bci/python:latest Container Release : 49.3 Severity : moderate Type : security References : 1217353 1228042 CVE-2023-5752 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3156-1 Released: Fri Sep 6 12:13:14 2024 Summary: Security update for python312-pip Type: security Severity: low References: 1217353,CVE-2023-5752 This update for python312-pip fixes the following issues: - CVE-2023-5752: Avoiding injection of arbitrary configuration through Mercurial parameter. (bsc#1217353) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - python312-pip-23.2.1-150600.3.3.1 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:36:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:36:04 +0200 (CEST) Subject: SUSE-CU-2024:4159-1: Recommended update of bci/python Message-ID: <20240910083604.1725BFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4159-1 Container Tags : bci/python:3 , bci/python:3-48.3 , bci/python:3.6 , bci/python:3.6-48.3 , bci/python:3.6.15 , bci/python:3.6.15-48.3 Container Release : 48.3 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:36:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:36:12 +0200 (CEST) Subject: SUSE-CU-2024:4160-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20240910083612.81212FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4160-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-42.6 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-42.6 , suse/rmt-mariadb-client:latest Container Release : 42.6 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:36:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:36:20 +0200 (CEST) Subject: SUSE-CU-2024:4161-1: Recommended update of suse/rmt-mariadb Message-ID: <20240910083620.A646AFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4161-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-44.3 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-44.3 , suse/rmt-mariadb:latest Container Release : 44.3 Severity : moderate Type : recommended References : 1228042 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:36:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:36:28 +0200 (CEST) Subject: SUSE-CU-2024:4162-1: Recommended update of bci/rust Message-ID: <20240910083628.28223FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4162-1 Container Tags : bci/rust:1.79 , bci/rust:1.79-2.5.3 , bci/rust:1.79.0 , bci/rust:1.79.0-2.5.3 , bci/rust:oldstable , bci/rust:oldstable-2.5.3 Container Release : 5.3 Severity : moderate Type : recommended References : 1215341 1216908 1228042 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3180-1 Released: Mon Sep 9 14:50:18 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1215341,1216908 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in 'objdump -M insndesc' to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libctf-nobfd0-2.43-150100.7.49.1 updated - libctf0-2.43-150100.7.49.1 updated - binutils-2.43-150100.7.49.1 updated - glibc-devel-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:36:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:36:35 +0200 (CEST) Subject: SUSE-CU-2024:4163-1: Recommended update of bci/rust Message-ID: <20240910083635.7D99EFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4163-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-1.5.3 , bci/rust:1.80.1 , bci/rust:1.80.1-1.5.3 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.5.3 Container Release : 5.3 Severity : moderate Type : recommended References : 1215341 1216908 1228042 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3180-1 Released: Mon Sep 9 14:50:18 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1215341,1216908 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in 'objdump -M insndesc' to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libctf-nobfd0-2.43-150100.7.49.1 updated - libctf0-2.43-150100.7.49.1 updated - binutils-2.43-150100.7.49.1 updated - glibc-devel-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:36:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:36:43 +0200 (CEST) Subject: SUSE-CU-2024:4164-1: Security update of containers/apache-tomcat Message-ID: <20240910083643.A7F99FCA2@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4164-1 Container Tags : containers/apache-tomcat:10-jre21 , containers/apache-tomcat:10-jre21-43.6 , containers/apache-tomcat:10.1-jre21 , containers/apache-tomcat:10.1-jre21-43.6 , containers/apache-tomcat:10.1.25-jre21 , containers/apache-tomcat:10.1.25-jre21-43.6 Container Release : 43.6 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - container:micro-image-15.6.0-47.11.12 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:36:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:36:59 +0200 (CEST) Subject: SUSE-CU-2024:4165-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240910083659.2B379FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4165-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.23.6 , bci/bci-sle15-kernel-module-devel:latest Container Release : 23.6 Severity : moderate Type : recommended References : 1215341 1216908 1228042 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3180-1 Released: Mon Sep 9 14:50:18 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1215341,1216908 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in 'objdump -M insndesc' to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - glibc-locale-base-2.38-150600.14.8.2 updated - libctf-nobfd0-2.43-150100.7.49.1 updated - glibc-locale-2.38-150600.14.8.2 updated - libctf0-2.43-150100.7.49.1 updated - binutils-2.43-150100.7.49.1 updated - glibc-devel-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:37:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:37:10 +0200 (CEST) Subject: SUSE-CU-2024:4166-1: Recommended update of suse/sle15 Message-ID: <20240910083710.8CF4CFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4166-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.12 , suse/sle15:15.6 , suse/sle15:15.6.47.11.12 Container Release : 47.11.12 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228042 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libzypp-17.35.8-150600.3.19.1 updated - zypper-1.14.76-150600.10.6.13 updated - libabsl2401_0_0-20240116.1-150600.17.7 removed - liblz4-1-1.9.4-150600.1.4 removed - libprocps8-3.3.17-150000.7.39.1 removed - libprotobuf-lite25_1_0-25.1-150600.16.4.2 removed - libsystemd0-254.15-150600.4.8.1 removed - procps-3.3.17-150000.7.39.1 removed From sle-container-updates at lists.suse.com Tue Sep 10 08:37:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:37:18 +0200 (CEST) Subject: SUSE-CU-2024:4167-1: Recommended update of bci/spack Message-ID: <20240910083718.CCF10FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4167-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-6.6 , bci/spack:0.21.2 , bci/spack:0.21.2-6.6 , bci/spack:latest Container Release : 6.6 Severity : moderate Type : recommended References : 1215341 1216908 1228042 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3180-1 Released: Mon Sep 9 14:50:18 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1215341,1216908 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in 'objdump -M insndesc' to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libctf-nobfd0-2.43-150100.7.49.1 updated - libctf0-2.43-150100.7.49.1 updated - binutils-2.43-150100.7.49.1 updated - glibc-devel-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:38:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:38:03 +0200 (CEST) Subject: SUSE-CU-2024:4168-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240910083803.7908DFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4168-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.26 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.26 Severity : important Type : security References : 1227276 1227278 1227353 CVE-2024-38473 CVE-2024-38474 CVE-2024-39884 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3173-1 Released: Mon Sep 9 12:56:48 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227276,1227278,1227353,CVE-2024-38473,CVE-2024-38474,CVE-2024-39884 This update for apache2 fixes the following issues: - CVE-2024-38474: Fixed substitution encoding issue in mod_rewrite (bsc#1227278) - CVE-2024-38473: Fixed encoding problem in mod_proxy (bsc#1227276) - CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353) The following package changes have been done: - apache2-utils-2.4.51-150400.6.34.1 updated - apache2-2.4.51-150400.6.34.1 updated - apache2-prefork-2.4.51-150400.6.34.1 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - libprotobuf-lite25_1_0-25.1-150400.9.6.1 removed From sle-container-updates at lists.suse.com Tue Sep 10 08:38:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:38:05 +0200 (CEST) Subject: SUSE-CU-2024:4169-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240910083805.B2B29FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4169-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.27 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.27 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228043 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) The following package changes have been done: - glibc-2.31-150300.86.3 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libzypp-17.35.8-150400.3.85.1 updated - zypper-1.14.76-150400.3.57.16 updated - container:sles15-ltss-image-15.0.0-5.17 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:46:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:46:14 +0200 (CEST) Subject: SUSE-CU-2024:4169-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240910084614.3AB61FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4169-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.27 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.27 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228043 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) The following package changes have been done: - glibc-2.31-150300.86.3 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libzypp-17.35.8-150400.3.85.1 updated - zypper-1.14.76-150400.3.57.16 updated - container:sles15-ltss-image-15.0.0-5.17 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:46:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:46:45 +0200 (CEST) Subject: SUSE-CU-2024:4171-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240910084645.DF983FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4171-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.28 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.28 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228043 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) The following package changes have been done: - glibc-2.31-150300.86.3 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libzypp-17.35.8-150400.3.85.1 updated - zypper-1.14.76-150400.3.57.16 updated - container:sles15-ltss-image-15.0.0-5.17 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:47:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:47:12 +0200 (CEST) Subject: SUSE-CU-2024:4172-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20240910084712.58EBAFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4172-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.13 , suse/manager/4.3/proxy-squid:4.3.13.9.56.19 , suse/manager/4.3/proxy-squid:latest Container Release : 9.56.19 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - container:sles15-ltss-image-15.0.0-5.17 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:47:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:47:49 +0200 (CEST) Subject: SUSE-CU-2024:4173-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20240910084749.2A3B1FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4173-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.20 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.20 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - container:sles15-ltss-image-15.0.0-5.17 updated From sle-container-updates at lists.suse.com Tue Sep 10 08:48:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 10 Sep 2024 10:48:25 +0200 (CEST) Subject: SUSE-CU-2024:4174-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20240910084825.94CE4FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4174-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.20 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.20 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - container:sles15-ltss-image-15.0.0-5.17 updated From sle-container-updates at lists.suse.com Wed Sep 11 07:01:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Sep 2024 09:01:19 +0200 (CEST) Subject: SUSE-IU-2024:1187-1: Security update of suse-sles-15-sp6-chost-byos-v20240905-x86_64-gen2 Message-ID: <20240911070119.9D054FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20240905-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1187-1 Image Tags : suse-sles-15-sp6-chost-byos-v20240905-x86_64-gen2:20240905 Image Release : Severity : critical Type : security References : 1027519 1159034 1194818 1194818 1214855 1218609 1219267 1219268 1219438 1220356 1220523 1220690 1220693 1220696 1221243 1221365 1221677 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1221916 1222021 1222285 1222985 1223409 1223535 1223571 1224014 1224016 1224117 1225907 1226100 1226463 1227127 1227138 1227308 1227525 1228105 1228124 1228159 1228265 1228324 1228398 1228574 1228575 1228732 1228847 1228968 1229160 1229329 1229339 1229465 1229975 CVE-2024-1753 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-28180 CVE-2024-31145 CVE-2024-31146 CVE-2024-3727 CVE-2024-41110 CVE-2024-5535 CVE-2024-6119 CVE-2024-6345 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20240905-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2886-1 Released: Tue Aug 13 09:46:48 2024 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2918-1 Released: Thu Aug 15 06:59:39 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1223535,1226100,1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2932-1 Released: Thu Aug 15 12:05:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2952-1 Released: Fri Aug 16 17:05:34 2024 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1228159 This update for nfs-utils fixes the following issues: - Include source for libnfsidmap 0.26 and build that. This is needed for compatability with SLE15-SP5 and earlier. - Copied from old nfsidmap package (bsc#1228159). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2957-1 Released: Mon Aug 19 10:48:01 2024 Summary: Recommended update for ldb, samba Type: recommended Severity: moderate References: 1228732 This update for ldb, samba fixes the following issues: - Many qsort() comparisons are non-transitive, which can lead to out-of-bounds access in some circumstances. - Fix a crash when joining offline and 'kerberos method' includes keytab (bsc#1228732). - Fix reading the password from STDIN or environment vars if it was already given in the command line (bsc#1228732). - netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0. - Anonymous smb3 signing/encryption should be allowed (similar to Windows Server 2022). - Panic in dreplsrv_op_pull_source_apply_changes_trigger. - winbindd, net ads join and other things don't work on an ipv6 only host. - Smbcacls incorrectly propagates inheritance with Inherit-Only flag. - http library doesn't support 'chunked transfer encoding'. - fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close() - samba-gpupdate: Correctly implement site support. - libgpo: Segfault in python bindings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3103-1 Released: Tue Sep 3 16:59:06 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1229160 This update for xfsprogs fixes the following issue: - xfs_repair: allow symlinks with short remote targets (bsc#1229160) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3113-1 Released: Tue Sep 3 17:04:05 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1228574,1228575,CVE-2024-31145,CVE-2024-31146 This update for xen fixes the following issues: - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) - CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) Other fixes: - Update to Xen 4.18.3 security bug fix release (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3120-1 Released: Tue Sep 3 17:12:57 2024 Summary: Security update for buildah, docker Type: security Severity: critical References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3124-1 Released: Tue Sep 3 17:38:34 2024 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1229975 This update for cryptsetup fixes the following issues: - FIPS: Extend the password for PBKDF2 benchmarking to be more than 20 chars to meet FIPS 140-3 requirements (bsc#1229975) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3135-1 Released: Wed Sep 4 08:36:23 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: This update for rsyslog fixes the following issues: - Version upgrade - patches replaced by upgrade (details in upgrade logs) * Revert 'Update omlibdbi.c' * imkmsg: add params 'readMode' and 'expectedBootCompleteSeconds' * testbench: fix 'typo' in test case * omazureeventhubs: Corrected handling of transport closed failures * imkmsg: add module param parseKernelTimestamp * imfile: remove state file on file delete fix * imklog bugfix: keepKernelTimestamp=off config param did not work * Netstreamdriver: deallocate certificate related resources * TLS subsystem: add remote hostname to error reporting * Fix forking issue do to close_range call * replace debian sample systemd service file by readme * testbench: bump zookeeper version to match current offering * Update rsyslog.service sample unit to the latest version used in Debian Trixie * Only keep a single rsyslog.service for Debian * Remove no longer used --with-systemdsystemunitdir configure switch * use logind instead of utmp for wall messages with systemd * Typo fixes * Drop CAP_IPC_LOCK capability * Add CAP_NET_RAW capability due to the omudpspoof module * Add new global config option 'libcapng.enable' * tcp net subsystem: handle data race gracefully * Avoid crash on restart in imrelp SIGTTIN handler - patches replaced by upgrade * fix startup issue on modern systemd systems * Fix misspeling in message. * tcpflood bugfix: plain tcp send error not properly reported * omprog bugfix: Add CAP_DAC_OVERRIDE to the bounding set * testbench: cleanup and improve some more imfile tests * lookup tables: fix static analyzer issue * lookup tables bugfix: reload on HUP did not work when backgrounded * CI: fix and cleaup github workflow * imjournal: Support input module * testbench: make test more reliable * tcpflood: add -A option to NOT abort when sending fails * tcpflood: fix today's programming error * openssl: Replaced depreceated method SSLv23_method with TLS_method * testbench improvement: define state file directories for imfile tests * testbench: cleanup a test and some nitfixes to it * tcpflood bugfix: TCP sending was not implemented properly * testbench: make waiting for HUP processing more reliable * build system: make rsyslogd execute when --disable-inet is configured * CI: update zookeper download to newer version * ossl driver: Using newer INIT API for OpenSSL 1.1+ Versions * ossl: Fix CRL File Expire from 1 day to 100 years. * PR5175: Add TLS CRL Support for GnuTLS driver and OpenSSL 1.0.2+ * omazureeventhubs: Initial implementation of new output module * TLS CRL Support Issue 5081 * action.resumeintervalmax: the parameter was not respected * IMHIREDIS::FIXED:: Restore compatiblity with hiredis < v1.0.0 * Add the 'batchsize' parameter to imhiredis * Clear undefined behavior in libgcry.c (GH #5167) * Do not try to drop capabilities when we don't have any * testbench: use newer zookeeper version in tests * build system: more precise error message on too-old lib * Fix quoting for omprog, improg, mmexternal ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3147-1 Released: Thu Sep 5 09:30:37 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228398,1228847 This update for dracut fixes the following issues: - Version update with: * feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398) * fix(convertfs) error in conditional expressions (bsc#1228847) The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - dmidecode-3.6-150400.16.11.2 updated - docker-25.0.6_ce-150000.207.1 updated - dracut-059+suse.531.g48487c31-150600.3.6.2 updated - grub2-i386-pc-2.12-150600.8.3.1 updated - grub2-x86_64-efi-2.12-150600.8.3.1 updated - grub2-2.12-150600.8.3.1 updated - libblkid1-2.39.3-150600.4.9.4 updated - libcryptsetup12-2.7.0-150600.3.3.1 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libldb2-2.8.1-150600.3.3.4 updated - libmount1-2.39.3-150600.4.9.4 updated - libnfsidmap1-1.0-150600.28.3.2 updated - libopenssl1_1-1.1.1w-150600.5.6.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libuuid1-2.39.3-150600.4.9.4 updated - libyaml-0-2-0.1.7-150000.3.2.1 added - nfs-client-2.6.4-150600.28.3.2 updated - openssl-3-3.1.4-150600.5.15.1 updated - pam-1.3.0-150000.6.71.2 updated - permissions-20240826-150600.10.9.1 updated - python-azure-agent-config-server-2.9.1.1-150100.3.44.2 updated - python-azure-agent-2.9.1.1-150100.3.44.2 updated - python3-PyYAML-5.4.1-150300.3.3.1 updated - python3-setuptools-44.1.1-150400.9.9.1 updated - rsyslog-module-relp-8.2406.0-150600.12.3.2 updated - rsyslog-8.2406.0-150600.12.3.2 updated - samba-client-libs-4.19.7+git.357.1d7950ebd62-150600.3.3.2 updated - supportutils-3.2.8-150600.3.3.1 updated - suse-build-key-12.0-150000.8.52.3 updated - util-linux-systemd-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated - xen-libs-4.18.3_02-150600.3.6.1 updated - xfsprogs-6.7.0-150600.3.6.2 updated - haveged-1.9.14-150600.9.5 removed - libhavege2-1.9.14-150600.9.5 removed From sle-container-updates at lists.suse.com Wed Sep 11 07:01:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Sep 2024 09:01:48 +0200 (CEST) Subject: SUSE-IU-2024:1188-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20240911070148.E6F6CFCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1188-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.73 , suse/sle-micro/base-5.5:latest Image Release : 5.8.73 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228043 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) The following package changes have been done: - glibc-2.31-150300.86.3 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libzypp-17.35.8-150500.6.13.1 updated - zypper-1.14.76-150500.6.6.15 updated From sle-container-updates at lists.suse.com Wed Sep 11 07:03:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Sep 2024 09:03:45 +0200 (CEST) Subject: SUSE-CU-2024:4176-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240911070345.E93B5FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4176-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.22 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.22 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228043 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) The following package changes have been done: - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libzypp-17.35.8-150400.3.85.1 updated - zypper-1.14.76-150400.3.57.16 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - libprotobuf-lite25_1_0-25.1-150400.9.6.1 removed From sle-container-updates at lists.suse.com Wed Sep 11 07:04:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Sep 2024 09:04:55 +0200 (CEST) Subject: SUSE-CU-2024:4177-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240911070455.BAE10FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4177-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.23 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.23 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228043 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) The following package changes have been done: - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libzypp-17.35.8-150400.3.85.1 updated - zypper-1.14.76-150400.3.57.16 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - libprotobuf-lite25_1_0-25.1-150400.9.6.1 removed From sle-container-updates at lists.suse.com Wed Sep 11 07:05:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Sep 2024 09:05:48 +0200 (CEST) Subject: SUSE-CU-2024:4178-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240911070548.8C2B8FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4178-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.36 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.36 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228043 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) The following package changes have been done: - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libzypp-17.35.8-150500.6.13.1 updated - zypper-1.14.76-150500.6.6.15 updated - container:sles15-image-15.0.0-36.14.21 updated - libabsl2401_0_0-20240116.1-150500.13.7.8 removed - libprotobuf-lite25_1_0-25.1-150500.12.2.2 removed From sle-container-updates at lists.suse.com Wed Sep 11 07:06:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Sep 2024 09:06:00 +0200 (CEST) Subject: SUSE-IU-2024:1193-1: Recommended update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20240911070600.7DBCCFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1193-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.2 , suse/sl-micro/6.0/kvm-os-container:2.1.2-3.50 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 3.50 Severity : critical Type : recommended References : 1215064 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 42 Released: Tue Sep 10 11:43:39 2024 Summary: Recommended update for perl-Bootloader Type: recommended Severity: critical References: 1215064 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) This fixes the %post section for kernel-rt. The following package changes have been done: - perl-Bootloader-1.6-3.1 updated - container:SL-Micro-base-container-2.1.2-3.33 updated From sle-container-updates at lists.suse.com Wed Sep 11 07:06:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Sep 2024 09:06:06 +0200 (CEST) Subject: SUSE-IU-2024:1194-1: Recommended update of suse/sl-micro/6.0/rt-os-container Message-ID: <20240911070606.AD554FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1194-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.2 , suse/sl-micro/6.0/rt-os-container:2.1.2-4.24 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 4.24 Severity : critical Type : recommended References : 1215064 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 42 Released: Tue Sep 10 11:43:39 2024 Summary: Recommended update for perl-Bootloader Type: recommended Severity: critical References: 1215064 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) This fixes the %post section for kernel-rt. The following package changes have been done: - perl-Bootloader-1.6-3.1 updated - container:SL-Micro-container-2.1.2-3.55 updated From sle-container-updates at lists.suse.com Wed Sep 11 07:07:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Sep 2024 09:07:12 +0200 (CEST) Subject: SUSE-CU-2024:4183-1: Recommended update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20240911070712.B933FFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4183-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.4.1 Container Release : 4.1 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - container:sles15-ltss-image-15.0.0-5.17 updated - fipscheck-1.4.1-3.3.1 removed - libfipscheck1-1.4.1-3.3.1 removed From sle-container-updates at lists.suse.com Wed Sep 11 07:10:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Sep 2024 09:10:30 +0200 (CEST) Subject: SUSE-CU-2024:4184-1: Security update of suse/postgres Message-ID: <20240911071030.629E3FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4184-1 Container Tags : suse/postgres:15 , suse/postgres:15-30.1 , suse/postgres:15.8 , suse/postgres:15.8 , suse/postgres:15.8-30.1 , suse/postgres:15.8-30.1 Container Release : 30.1 Severity : important Type : security References : 1194818 1218297 1221479 1224282 1226414 1226463 1227138 1227186 1227187 1228043 1228091 1228770 1229013 1229013 916845 CVE-2013-4235 CVE-2013-4235 CVE-2023-7008 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-5535 CVE-2024-7348 CVE-2024-7348 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3168-1 Released: Mon Sep 9 12:48:13 2024 Summary: Security update for postgresql16 Type: security Severity: important References: 1229013,CVE-2024-7348 This update for postgresql16 fixes the following issues: - Upgrade to 15.8 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3170-1 Released: Mon Sep 9 12:51:44 2024 Summary: Security update for postgresql16 Type: security Severity: important References: 1229013,CVE-2024-7348 This update for postgresql16 fixes the following issues: - Upgrade to 16.4 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) The following package changes have been done: - glibc-2.31-150300.86.3 updated - login_defs-4.8.1-150400.10.21.1 updated - libxml2-2-2.10.3-150500.5.17.1 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - krb5-1.20.1-150500.3.9.1 updated - patterns-base-fips-20200124-150400.20.10.1 updated - pam-1.3.0-150000.6.71.2 updated - shadow-4.8.1-150400.10.21.1 updated - libsystemd0-249.17-150400.8.43.1 updated - glibc-locale-base-2.31-150300.86.3 updated - libpq5-16.4-150200.5.16.1 updated - glibc-locale-2.31-150300.86.3 updated - postgresql15-15.8-150200.5.30.1 updated - postgresql15-server-15.8-150200.5.30.1 updated - container:sles15-image-15.0.0-36.14.21 updated From sle-container-updates at lists.suse.com Wed Sep 11 07:10:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Sep 2024 09:10:53 +0200 (CEST) Subject: SUSE-CU-2024:4187-1: Recommended update of bci/ruby Message-ID: <20240911071053.77A6DFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4187-1 Container Tags : bci/ruby:2 , bci/ruby:2-22.8 , bci/ruby:2.5 , bci/ruby:2.5-22.8 , bci/ruby:latest Container Release : 22.8 Severity : moderate Type : recommended References : 1215341 1216908 1228042 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3180-1 Released: Mon Sep 9 14:50:18 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1215341,1216908 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in 'objdump -M insndesc' to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libctf-nobfd0-2.43-150100.7.49.1 updated - libctf0-2.43-150100.7.49.1 updated - binutils-2.43-150100.7.49.1 updated - glibc-devel-2.38-150600.14.8.2 updated - container:sles15-image-15.6.0-47.11.12 updated From sle-container-updates at lists.suse.com Wed Sep 11 07:12:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Sep 2024 09:12:02 +0200 (CEST) Subject: SUSE-CU-2024:4188-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20240911071202.BB3C1FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4188-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.21 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.21 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated From sle-container-updates at lists.suse.com Wed Sep 11 07:13:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 11 Sep 2024 09:13:09 +0200 (CEST) Subject: SUSE-CU-2024:4189-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240911071309.BB1F2FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4189-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.23 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.23 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:06:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:06:01 +0200 (CEST) Subject: SUSE-IU-2024:1196-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20240912070601.7A567FBA3@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1196-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.2 , suse/sl-micro/6.0/base-os-container:2.1.2-3.34 , suse/sl-micro/6.0/base-os-container:latest Image Release : 3.34 Severity : moderate Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 45 Released: Wed Sep 11 13:41:31 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in (bsc#1224282) The following package changes have been done: - libexpat1-2.5.0-3.1 updated - libxml2-2-2.11.6-3.1 updated - SL-Micro-release-6.0-24.15 updated - container:suse-toolbox-image-1.0.0-6.51 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:06:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:06:08 +0200 (CEST) Subject: SUSE-IU-2024:1197-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20240912070608.0F346FBA3@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1197-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.2 , suse/sl-micro/6.0/kvm-os-container:2.1.2-3.51 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 3.51 Severity : moderate Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 45 Released: Wed Sep 11 13:41:31 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in (bsc#1224282) The following package changes have been done: - libexpat1-2.5.0-3.1 updated - libxml2-2-2.11.6-3.1 updated - SL-Micro-release-6.0-24.15 updated - container:SL-Micro-base-container-2.1.2-3.34 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:06:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:06:14 +0200 (CEST) Subject: SUSE-IU-2024:1198-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20240912070614.E02A6FBA3@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1198-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.2 , suse/sl-micro/6.0/rt-os-container:2.1.2-4.25 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 4.25 Severity : moderate Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 45 Released: Wed Sep 11 13:41:31 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in (bsc#1224282) The following package changes have been done: - libexpat1-2.5.0-3.1 updated - libxml2-2-2.11.6-3.1 updated - SL-Micro-release-6.0-24.15 updated - container:SL-Micro-container-2.1.2-3.57 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:06:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:06:40 +0200 (CEST) Subject: SUSE-CU-2024:4196-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20240912070640.CE5DCFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4196-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-6.14 , suse/sl-micro/6.0/toolbox:latest Container Release : 6.14 Severity : moderate Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 45 Released: Wed Sep 11 13:41:31 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in (bsc#1224282) The following package changes have been done: - SL-Micro-release-6.0-24.15 updated - libexpat1-2.5.0-3.1 updated - libxml2-2-2.11.6-3.1 updated - skelcd-EULA-SL-Micro-2024.01.19-7.21 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:09:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:09:10 +0200 (CEST) Subject: SUSE-CU-2024:4197-1: Security update of suse/sles12sp5 Message-ID: <20240912070910.CD621FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4197-1 Container Tags : suse/sles12sp5:6.8.42 , suse/sles12sp5:latest Container Release : 6.8.42 Severity : moderate Type : security References : 1194818 1229930 1229931 1229932 1230093 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3182-1 Released: Mon Sep 9 16:41:38 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: Detect integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: Detect integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: Reject negative len for XML_ParseBuffer. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3184-1 Released: Tue Sep 10 07:31:28 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issues: - Prevent cursor escape from the login prompt (bsc#1194818) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3203-1 Released: Wed Sep 11 10:55:06 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.0.1-11.92.1 updated - libexpat1-2.1.0-21.37.1 updated - pam-1.1.8-24.59.1 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:12:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:12:01 +0200 (CEST) Subject: SUSE-CU-2024:4198-1: Security update of suse/sle15 Message-ID: <20240912071201.8DEE3FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4198-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.40 Container Release : 9.8.40 Severity : moderate Type : security References : 1228535 1230093 CVE-2024-7264 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3202-1 Released: Wed Sep 11 10:54:47 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,1230093,CVE-2024-7264,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) - CVE-2024-7264: ASN.1 date parser overread. (bsc#1228535) The following package changes have been done: - libcurl4-7.66.0-150200.4.78.1 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:12:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:12:19 +0200 (CEST) Subject: SUSE-CU-2024:4199-1: Recommended update of suse/ltss/sle15.3/bci-base-fips Message-ID: <20240912071219.1C056FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4199-1 Container Tags : suse/ltss/sle15.3/bci-base-fips:15.3 , suse/ltss/sle15.3/bci-base-fips:15.3.8.1 Container Release : 8.1 Severity : moderate Type : recommended References : 1228043 ----------------------------------------------------------------- The container suse/ltss/sle15.3/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). The following package changes have been done: - glibc-2.31-150300.86.3 updated - container:sles15-ltss-image-15.0.0-6.24 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:12:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:12:48 +0200 (CEST) Subject: SUSE-CU-2024:4200-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240912071248.B2CB9FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4200-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.25 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.25 Container Release : 6.25 Severity : moderate Type : security References : 1228535 1230093 CVE-2024-7264 CVE-2024-8096 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3202-1 Released: Wed Sep 11 10:54:47 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,1230093,CVE-2024-7264,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) - CVE-2024-7264: ASN.1 date parser overread. (bsc#1228535) The following package changes have been done: - curl-7.66.0-150200.4.78.1 updated - libcurl4-7.66.0-150200.4.78.1 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:18:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:18:13 +0200 (CEST) Subject: SUSE-CU-2024:4211-1: Security update of suse/git Message-ID: <20240912071813.E0890FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4211-1 Container Tags : suse/git:2 , suse/git:2-23.3 , suse/git:2.43 , suse/git:2.43-23.3 , suse/git:2.43.0 , suse/git:2.43.0-23.3 , suse/git:latest Container Release : 23.3 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:18:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:18:21 +0200 (CEST) Subject: SUSE-CU-2024:4212-1: Security update of bci/golang Message-ID: <20240912071821.D4AA3FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4212-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-41.5 , bci/golang:1.20.12.1 , bci/golang:1.20.12.1-41.5 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-41.5 Container Release : 41.5 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:18:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:18:26 +0200 (CEST) Subject: SUSE-CU-2024:4213-1: Security update of bci/golang Message-ID: <20240912071826.D8F17FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4213-1 Container Tags : bci/golang:1.23 , bci/golang:1.23-1.35.5 , bci/golang:1.23.0 , bci/golang:1.23.0-1.35.5 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.35.5 Container Release : 35.5 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:18:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:18:36 +0200 (CEST) Subject: SUSE-CU-2024:4214-1: Security update of bci/golang Message-ID: <20240912071836.40DF5FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4214-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-41.5 , bci/golang:1.21.5.1 , bci/golang:1.21.5.1-41.5 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-41.5 Container Release : 41.5 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:18:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:18:43 +0200 (CEST) Subject: SUSE-CU-2024:4215-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240912071843.A9319FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4215-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.28 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.28 Severity : important Type : security References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228042 1228138 1228206 1228208 1228398 1228420 1228787 1228847 1230093 222971 CVE-2024-8096 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3147-1 Released: Thu Sep 5 09:30:37 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228398,1228847 This update for dracut fixes the following issues: - Version update with: * feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398) * fix(convertfs) error in conditional expressions (bsc#1228847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - curl-8.6.0-150600.4.6.1 updated - dracut-059+suse.531.g48487c31-150600.3.6.2 updated - glibc-locale-base-2.38-150600.14.8.2 updated - glibc-2.38-150600.14.8.2 updated - libcurl4-8.6.0-150600.4.6.1 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libzypp-17.35.8-150600.3.19.1 updated - zypper-1.14.76-150600.10.6.13 updated - libabsl2401_0_0-20240116.1-150600.17.7 removed - libprotobuf-lite25_1_0-25.1-150600.16.4.2 removed From sle-container-updates at lists.suse.com Thu Sep 12 07:19:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:19:16 +0200 (CEST) Subject: SUSE-CU-2024:4218-1: Security update of bci/nodejs Message-ID: <20240912071916.94D7BFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4218-1 Container Tags : bci/node:20 , bci/node:20-37.5 , bci/node:20.15.1 , bci/node:20.15.1-37.5 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-37.5 , bci/nodejs:20.15.1 , bci/nodejs:20.15.1-37.5 , bci/nodejs:latest Container Release : 37.5 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:19:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:19:49 +0200 (CEST) Subject: SUSE-CU-2024:4220-1: Security update of bci/openjdk Message-ID: <20240912071949.C69A3FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4220-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-21.8 , bci/openjdk:latest Container Release : 21.8 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:20:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:20:07 +0200 (CEST) Subject: SUSE-CU-2024:4222-1: Security update of bci/php-apache Message-ID: <20240912072007.D895AFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4222-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-37.2 , bci/php-apache:8.2.20 , bci/php-apache:8.2.20-37.2 , bci/php-apache:latest Container Release : 37.2 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:20:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:20:15 +0200 (CEST) Subject: SUSE-CU-2024:4223-1: Security update of bci/php-fpm Message-ID: <20240912072015.5FAF8FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4223-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-37.2 , bci/php-fpm:8.2.20 , bci/php-fpm:8.2.20-37.2 , bci/php-fpm:latest Container Release : 37.2 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:20:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:20:23 +0200 (CEST) Subject: SUSE-CU-2024:4224-1: Security update of bci/php Message-ID: <20240912072023.25C84FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4224-1 Container Tags : bci/php:8 , bci/php:8-37.2 , bci/php:8.2.20 , bci/php:8.2.20-37.2 , bci/php:latest Container Release : 37.2 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:20:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:20:42 +0200 (CEST) Subject: SUSE-CU-2024:4226-1: Security update of bci/python Message-ID: <20240912072042.DD032FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4226-1 Container Tags : bci/python:3 , bci/python:3-49.5 , bci/python:3.11 , bci/python:3.11-49.5 , bci/python:3.11.9 , bci/python:3.11.9-49.5 Container Release : 49.5 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:20:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:20:55 +0200 (CEST) Subject: SUSE-CU-2024:4227-1: Security update of bci/python Message-ID: <20240912072055.95B00FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4227-1 Container Tags : bci/python:3 , bci/python:3-49.5 , bci/python:3.12 , bci/python:3.12-49.5 , bci/python:3.12.4 , bci/python:3.12.4-49.5 , bci/python:latest Container Release : 49.5 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:20:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:20:32 +0200 (CEST) Subject: SUSE-IU-2024:1199-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20240912152032.86FD9FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1199-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.150 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.150 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.0.1-150400.5.50.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.74 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:20:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:20:50 +0200 (CEST) Subject: SUSE-IU-2024:1200-1: Security update of suse/sle-micro/5.5 Message-ID: <20240912152050.D2651FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1200-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.122 , suse/sle-micro/5.5:latest Image Release : 5.5.122 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.0.1-150400.5.50.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.74 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:21:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:21:55 +0200 (CEST) Subject: SUSE-CU-2024:4228-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240912152155.64588FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4228-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.23 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.23 Severity : moderate Type : security References : 1230020 1230034 1230093 CVE-2023-7256 CVE-2024-8006 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3210-1 Released: Wed Sep 11 17:39:30 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - curl-8.0.1-150400.5.50.1 updated - libcurl4-8.0.1-150400.5.50.1 updated - libpcap1-1.10.1-150400.3.3.2 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:22:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:22:47 +0200 (CEST) Subject: SUSE-CU-2024:4229-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240912152247.5827CFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4229-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.24 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.24 Severity : moderate Type : security References : 1230020 1230034 1230093 CVE-2023-7256 CVE-2024-8006 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3210-1 Released: Wed Sep 11 17:39:30 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - curl-8.0.1-150400.5.50.1 updated - libcurl4-8.0.1-150400.5.50.1 updated - libpcap1-1.10.1-150400.3.3.2 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:23:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:23:29 +0200 (CEST) Subject: SUSE-CU-2024:4230-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240912152329.DABF9FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4230-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.37 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.37 Severity : moderate Type : security References : 1230020 1230034 CVE-2023-7256 CVE-2024-8006 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3210-1 Released: Wed Sep 11 17:39:30 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) The following package changes have been done: - libpcap1-1.10.1-150400.3.3.2 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:23:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:23:34 +0200 (CEST) Subject: SUSE-IU-2024:1201-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20240912152334.E2EF1FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1201-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.2 , suse/sl-micro/6.0/baremetal-os-container:2.1.2-3.57 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 3.57 Severity : important Type : security References : 1210717 1215405 1224282 1225984 1227930 1228247 1229132 CVE-2024-34459 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 43 Released: Wed Sep 11 13:37:26 2024 Summary: Security update for selinux-policy Type: security Severity: important References: 1210717,1215405,1225984,1227930,1228247,1229132 This update for selinux-policy fixes the following issues: Update to version 20230523+git25.ad22dd7f: * Backport wtmpdb label change to have the same wtmpdb label as in SL Micro 6.1 (bsc#1229132) * Add auth_rw_wtmpdb_login_records to domains using auth_manage_login_records * Add auth_rw_wtmpdb_login_records to modules * Allow xdm_t to read-write to wtmpdb (bsc#1225984) * Introduce types for wtmpdb and rw interface * Introduce wtmp_file_type attribute * Revert 'Add policy for wtmpdb (bsc#1210717)' Update to version 20230523+git18.f44daf8a: * Provide type for sysstat lock files (bsc#1228247) Update to version 20230523+git16.0849f54c: * allow firewalld access to /dev/random and write HW acceleration logs (bsc#1215405, bsc#1227930) ----------------------------------------------------------------- Advisory ID: 45 Released: Wed Sep 11 13:41:31 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in (bsc#1224282) The following package changes have been done: - libexpat1-2.5.0-3.1 updated - libxml2-2-2.11.6-3.1 updated - SL-Micro-release-6.0-24.15 updated - selinux-policy-20230523+git25.ad22dd7f-1.1 updated - selinux-policy-targeted-20230523+git25.ad22dd7f-1.1 updated - container:SL-Micro-base-container-2.1.2-3.34 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:24:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:24:42 +0200 (CEST) Subject: SUSE-CU-2024:4232-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240912152442.EA892FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4232-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.18 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.18 Container Release : 5.18 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - curl-8.0.1-150400.5.50.1 updated - libcurl4-8.0.1-150400.5.50.1 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:28:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:28:04 +0200 (CEST) Subject: SUSE-CU-2024:4234-1: Security update of bci/nodejs Message-ID: <20240912152804.2D5ECFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4234-1 Container Tags : bci/node:18 , bci/node:18-30.4 , bci/node:18.20.4 , bci/node:18.20.4-30.4 , bci/nodejs:18 , bci/nodejs:18-30.4 , bci/nodejs:18.20.4 , bci/nodejs:18.20.4-30.4 Container Release : 30.4 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.0.1-150400.5.50.1 updated - curl-8.0.1-150400.5.50.1 updated - container:sles15-image-15.0.0-36.14.22 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:29:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:29:38 +0200 (CEST) Subject: SUSE-CU-2024:4236-1: Security update of bci/openjdk Message-ID: <20240912152938.99FB5FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4236-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-27.13 Container Release : 27.13 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.0.1-150400.5.50.1 updated - curl-8.0.1-150400.5.50.1 updated - container:sles15-image-15.0.0-36.14.22 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:31:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:31:09 +0200 (CEST) Subject: SUSE-CU-2024:4238-1: Security update of bci/openjdk Message-ID: <20240912153109.9DC35FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4238-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-29.13 Container Release : 29.13 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.0.1-150400.5.50.1 updated - curl-8.0.1-150400.5.50.1 updated - container:sles15-image-15.0.0-36.14.22 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:32:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:32:13 +0200 (CEST) Subject: SUSE-CU-2024:4240-1: Security update of suse/sle15 Message-ID: <20240912153213.22AF4FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4240-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.22 , suse/sle15:15.5 , suse/sle15:15.5.36.14.22 Container Release : 36.14.22 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - curl-8.0.1-150400.5.50.1 updated - libcurl4-8.0.1-150400.5.50.1 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:32:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:32:17 +0200 (CEST) Subject: SUSE-CU-2024:4241-1: Security update of bci/kiwi Message-ID: <20240912153217.BD526FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4241-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-2.5 , bci/kiwi:9.24 , bci/kiwi:9.24-2.5 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-2.5 , bci/kiwi:latest Container Release : 2.5 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:32:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:32:27 +0200 (CEST) Subject: SUSE-CU-2024:4227-1: Security update of bci/python Message-ID: <20240912153227.DC56AFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4227-1 Container Tags : bci/python:3 , bci/python:3-49.5 , bci/python:3.12 , bci/python:3.12-49.5 , bci/python:3.12.4 , bci/python:3.12.4-49.5 , bci/python:latest Container Release : 49.5 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:32:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:32:34 +0200 (CEST) Subject: SUSE-CU-2024:4242-1: Security update of bci/python Message-ID: <20240912153234.D6CAEFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4242-1 Container Tags : bci/python:3 , bci/python:3-48.5 , bci/python:3.6 , bci/python:3.6-48.5 , bci/python:3.6.15 , bci/python:3.6.15-48.5 Container Release : 48.5 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:32:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:32:40 +0200 (CEST) Subject: SUSE-CU-2024:4243-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20240912153240.9E75AFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4243-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-42.8 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-42.8 , suse/rmt-mariadb-client:latest Container Release : 42.8 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3205-1 Released: Wed Sep 11 12:53:23 2024 Summary: Recommended update for mariadb Type: recommended Severity: moderate References: This update for mariadb fixes the following issue: - Update to 10.11.9 The following package changes have been done: - mariadb-errormessages-10.11.9-150600.4.6.1 updated - mariadb-client-10.11.9-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:32:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:32:47 +0200 (CEST) Subject: SUSE-CU-2024:4244-1: Recommended update of suse/rmt-mariadb Message-ID: <20240912153247.6DFADFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4244-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-45.3 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-45.3 , suse/rmt-mariadb:latest Container Release : 45.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3205-1 Released: Wed Sep 11 12:53:23 2024 Summary: Recommended update for mariadb Type: recommended Severity: moderate References: This update for mariadb fixes the following issue: - Update to 10.11.9 The following package changes have been done: - mariadb-errormessages-10.11.9-150600.4.6.1 updated - mariadb-client-10.11.9-150600.4.6.1 updated - mariadb-10.11.9-150600.4.6.1 updated - mariadb-tools-10.11.9-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:32:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:32:54 +0200 (CEST) Subject: SUSE-CU-2024:4245-1: Security update of bci/ruby Message-ID: <20240912153254.80A85FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4245-1 Container Tags : bci/ruby:2 , bci/ruby:2-22.10 , bci/ruby:2.5 , bci/ruby:2.5-22.10 , bci/ruby:latest Container Release : 22.10 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:33:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:33:00 +0200 (CEST) Subject: SUSE-CU-2024:4246-1: Security update of bci/rust Message-ID: <20240912153300.36F1EFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4246-1 Container Tags : bci/rust:1.79 , bci/rust:1.79-2.5.5 , bci/rust:1.79.0 , bci/rust:1.79.0-2.5.5 , bci/rust:oldstable , bci/rust:oldstable-2.5.5 Container Release : 5.5 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:33:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:33:06 +0200 (CEST) Subject: SUSE-CU-2024:4247-1: Security update of bci/rust Message-ID: <20240912153306.3DB62FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4247-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-1.5.5 , bci/rust:1.80.1 , bci/rust:1.80.1-1.5.5 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.5.5 Container Release : 5.5 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:33:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:33:12 +0200 (CEST) Subject: SUSE-CU-2024:4248-1: Security update of containers/apache-tomcat Message-ID: <20240912153312.1B240FCA2@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4248-1 Container Tags : containers/apache-tomcat:10-jre21 , containers/apache-tomcat:10-jre21-43.7 , containers/apache-tomcat:10.1-jre21 , containers/apache-tomcat:10.1-jre21-43.7 , containers/apache-tomcat:10.1.25-jre21 , containers/apache-tomcat:10.1.25-jre21-43.7 Container Release : 43.7 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - container:micro-image-15.6.0-47.11.13 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:33:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:33:30 +0200 (CEST) Subject: SUSE-CU-2024:4250-1: Security update of suse/sle15 Message-ID: <20240912153330.7A16BFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4250-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.5 , suse/sle15:15.6 , suse/sle15:15.6.47.11.5 Container Release : 47.11.5 Severity : important Type : security References : 1227888 1228322 1228535 1228548 1228770 CVE-2013-4235 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - curl-8.6.0-150600.4.3.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - libgpgme11-1.23.0-150600.3.2.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:39:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:39:10 +0200 (CEST) Subject: SUSE-CU-2024:4250-1: Security update of suse/sle15 Message-ID: <20240912153910.36F1FFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4250-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.5 , suse/sle15:15.6 , suse/sle15:15.6.47.11.5 Container Release : 47.11.5 Severity : important Type : security References : 1227888 1228322 1228535 1228548 1228770 CVE-2013-4235 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - curl-8.6.0-150600.4.3.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - libgpgme11-1.23.0-150600.3.2.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:39:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:39:12 +0200 (CEST) Subject: SUSE-CU-2024:4251-1: Security update of suse/sle15 Message-ID: <20240912153912.F35B9FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4251-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.13 , suse/sle15:15.6 , suse/sle15:15.6.47.11.13 Container Release : 47.11.13 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - curl-8.6.0-150600.4.6.1 updated - libcurl4-8.6.0-150600.4.6.1 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:39:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:39:18 +0200 (CEST) Subject: SUSE-CU-2024:4252-1: Security update of bci/spack Message-ID: <20240912153918.D19A0FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4252-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-6.7 , bci/spack:0.21.2 , bci/spack:0.21.2-6.7 , bci/spack:latest Container Release : 6.7 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - libcurl-devel-8.6.0-150600.4.6.1 updated - container:sles15-image-15.6.0-47.11.13 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:40:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:40:10 +0200 (CEST) Subject: SUSE-CU-2024:4253-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240912154010.B6692FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4253-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.22 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.22 Severity : moderate Type : security References : 1228535 1230093 CVE-2024-7264 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3202-1 Released: Wed Sep 11 10:54:47 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,1230093,CVE-2024-7264,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) - CVE-2024-7264: ASN.1 date parser overread. (bsc#1228535) The following package changes have been done: - curl-7.66.0-150200.4.78.1 updated - libcurl4-7.66.0-150200.4.78.1 updated From sle-container-updates at lists.suse.com Thu Sep 12 15:42:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 17:42:47 +0200 (CEST) Subject: SUSE-CU-2024:4255-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240912154247.832A0FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4255-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.24 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.24 Severity : moderate Type : security References : 1228535 1230093 CVE-2024-7264 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3202-1 Released: Wed Sep 11 10:54:47 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,1230093,CVE-2024-7264,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) - CVE-2024-7264: ASN.1 date parser overread. (bsc#1228535) The following package changes have been done: - curl-7.66.0-150200.4.78.1 updated - libcurl4-7.66.0-150200.4.78.1 updated From sle-container-updates at lists.suse.com Fri Sep 13 15:32:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Sep 2024 17:32:19 +0200 (CEST) Subject: SUSE-IU-2024:1231-1: Security update of sles-15-sp4-chost-byos-v20240912-arm64 Message-ID: <20240913153219.56BACF7A3@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20240912-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1231-1 Image Tags : sles-15-sp4-chost-byos-v20240912-arm64:20240912 Image Release : Severity : critical Type : security References : 1081596 1156395 1190336 1191958 1193454 1193554 1193787 1193883 1194324 1194818 1194818 1194826 1194869 1195065 1195254 1195341 1195349 1195357 1195668 1195927 1195957 1196018 1196746 1196823 1197146 1197246 1197762 1197915 1198014 1199295 1200528 1202346 1202686 1202767 1202780 1207230 1209636 1213123 1214855 1215587 1216834 1217070 1217102 1218297 1218820 1219267 1219268 1219438 1220185 1220186 1220187 1220356 1221044 1221243 1221479 1221677 1221916 1222011 1222021 1222728 1222809 1222810 1223094 1223409 1223535 1223635 1223863 1224044 1224117 1224488 1224495 1224671 1224771 1225267 1225573 1225829 1226014 1226030 1226100 1226168 1226226 1226227 1226414 1226463 1226493 1226519 1226537 1226539 1226550 1226553 1226554 1226556 1226557 1226558 1226559 1226561 1226562 1226563 1226564 1226567 1226569 1226572 1226574 1226575 1226576 1226577 1226580 1226583 1226585 1226587 1226601 1226602 1226603 1226607 1226614 1226617 1226618 1226619 1226621 1226624 1226626 1226628 1226629 1226643 1226644 1226645 1226650 1226653 1226662 1226669 1226670 1226672 1226673 1226674 1226675 1226679 1226683 1226685 1226686 1226690 1226691 1226692 1226696 1226697 1226698 1226699 1226701 1226702 1226703 1226705 1226708 1226709 1226710 1226711 1226712 1226713 1226715 1226716 1226719 1226720 1226721 1226732 1226758 1226762 1226785 1227090 1227115 1227127 1227138 1227205 1227383 1227487 1227525 1227549 1227625 1227716 1227750 1227764 1227793 1227808 1227810 1227823 1227829 1227836 1227917 1227920 1227921 1227922 1227923 1227924 1227925 1227928 1227931 1227932 1227933 1227935 1227938 1227941 1227942 1227944 1227945 1227948 1227949 1227952 1227953 1227954 1227956 1227963 1227964 1227965 1227968 1227969 1227970 1227971 1227972 1227975 1227976 1227981 1227982 1227985 1227986 1227987 1227988 1227989 1227990 1227991 1227993 1227995 1227996 1227997 1228000 1228002 1228004 1228005 1228006 1228007 1228008 1228009 1228010 1228013 1228014 1228015 1228019 1228025 1228028 1228035 1228037 1228038 1228039 1228040 1228043 1228045 1228054 1228055 1228056 1228060 1228061 1228062 1228063 1228064 1228066 1228091 1228105 1228114 1228124 1228138 1228206 1228208 1228247 1228265 1228324 1228328 1228420 1228440 1228535 1228553 1228561 1228644 1228680 1228743 1228787 1228801 1228847 1229339 1229930 1229931 1229932 1230020 1230034 1230092 1230093 222971 CVE-2021-4439 CVE-2021-47534 CVE-2021-47576 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47586 CVE-2021-47587 CVE-2021-47589 CVE-2021-47592 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47611 CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47624 CVE-2022-0854 CVE-2022-1996 CVE-2022-20368 CVE-2022-28748 CVE-2022-2964 CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48715 CVE-2022-48717 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2022-48730 CVE-2022-48732 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48749 CVE-2022-48751 CVE-2022-48752 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48771 CVE-2022-48773 CVE-2022-48774 CVE-2022-48775 CVE-2022-48776 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48792 CVE-2022-48793 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48807 CVE-2022-48811 CVE-2022-48812 CVE-2022-48813 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48826 CVE-2022-48827 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2022-48842 CVE-2022-48843 CVE-2022-48847 CVE-2022-48849 CVE-2022-48851 CVE-2022-48853 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48866 CVE-2023-1582 CVE-2023-37453 CVE-2023-45142 CVE-2023-47108 CVE-2023-52591 CVE-2023-52762 CVE-2023-52766 CVE-2023-52800 CVE-2023-52885 CVE-2023-52886 CVE-2023-7008 CVE-2023-7256 CVE-2024-1753 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26800 CVE-2024-26813 CVE-2024-26814 CVE-2024-26976 CVE-2024-28180 CVE-2024-34397 CVE-2024-35878 CVE-2024-35901 CVE-2024-35905 CVE-2024-36926 CVE-2024-36974 CVE-2024-3727 CVE-2024-38541 CVE-2024-38555 CVE-2024-38559 CVE-2024-39463 CVE-2024-39494 CVE-2024-40902 CVE-2024-40937 CVE-2024-40954 CVE-2024-40956 CVE-2024-40989 CVE-2024-40994 CVE-2024-41011 CVE-2024-41012 CVE-2024-41059 CVE-2024-41069 CVE-2024-41090 CVE-2024-41110 CVE-2024-42093 CVE-2024-42145 CVE-2024-42230 CVE-2024-45310 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-5535 CVE-2024-6345 CVE-2024-7264 CVE-2024-8006 CVE-2024-8096 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20240912-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2877-1 Released: Mon Aug 12 13:35:20 2024 Summary: Optional update for sles-release Type: optional Severity: low References: 1227115 This update for sles-release fixes the following issue: - Adjust codestream lifecycle ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2886-1 Released: Tue Aug 13 09:46:48 2024 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2922-1 Released: Thu Aug 15 07:01:20 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1207230,1217102,1223535,1226100,1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) - Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to SLE-15-SP2 (bsc#1217102) - Enhancement to PPC secure boot's root device discovery config (bsc#1207230) - Fix regex for Open Firmware device specifier with encoded commas - Fix regular expression in PPC secure boot config to prevent escaped commas from being treated as delimiters when retrieving partition substrings - Use prep_load_env in PPC secure boot config to handle unset host-specific environment variables and ensure successful command execution ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2927-1 Released: Thu Aug 15 09:02:55 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2929-1 Released: Thu Aug 15 11:31:30 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1156395,1190336,1191958,1193454,1193554,1193787,1193883,1194324,1194826,1194869,1195065,1195254,1195341,1195349,1195357,1195668,1195927,1195957,1196018,1196746,1196823,1197146,1197246,1197762,1197915,1198014,1199295,1202346,1202686,1202767,1202780,1209636,1213123,1215587,1216834,1218820,1220185,1220186,1220187,1221044,1222011,1222728,1222809,1222810,1223635,1223863,1224488,1224495,1224671,1225573,1225829,1226168,1226226,1226519,1226537,1226539,1226550,1226553,1226554,1226556,1226557,1226558,1226559,1226561,1226562,1226563,1226564,1226567,1226569,1226572,1226574,1226575,1226576,1226577,1226580,1226583,1226585,1226587,1226601,1226602,1226603,1226607,1226614,1226617,1226618,1226619,1226621,1226624,1226626,1226628,1226629,1226643,1226644,1226645,1226650,1226653,1226662,1226669,1226670,1226672,1226673,1226674,1226675,1226679,1226683,1226685,1226686,1226690,1226691,1226692,1226696,1226697,1226698,1226699,1226701,1226702,1226703,1226705,1226708,1226709,1226710,1226711,1226712,1 226713,1226715,1226716,1226719,1226720,1226721,1226732,1226758,1226762,1226785,1227090,1227383,1227487,1227549,1227716,1227750,1227764,1227808,1227810,1227823,1227829,1227836,1227917,1227920,1227921,1227922,1227923,1227924,1227925,1227928,1227931,1227932,1227933,1227935,1227938,1227941,1227942,1227944,1227945,1227948,1227949,1227952,1227953,1227954,1227956,1227963,1227964,1227965,1227968,1227969,1227970,1227971,1227972,1227975,1227976,1227981,1227982,1227985,1227986,1227987,1227988,1227989,1227990,1227991,1227993,1227995,1227996,1227997,1228000,1228002,1228004,1228005,1228006,1228007,1228008,1228009,1228010,1228013,1228014,1228015,1228019,1228025,1228028,1228035,1228037,1228038,1228039,1228040,1228045,1228054,1228055,1228056,1228060,1228061,1228062,1228063,1228064,1228066,1228114,1228247,1228328,1228440,1228561,1228644,1228680,1228743,1228801,CVE-2021-4439,CVE-2021-47534,CVE-2021-47576,CVE-2021-47578,CVE-2021-47580,CVE-2021-47582,CVE-2021-47583,CVE-2021-47584,CVE-2021-47585,CVE-2021 -47586,CVE-2021-47587,CVE-2021-47589,CVE-2021-47592,CVE-2021-47596,CVE-2021-47597,CVE-2021-47598,CVE-2021-47600,CVE-2021-47601,CVE-2021-47602,CVE-2021-47603,CVE-2021-47607,CVE-2021-47608,CVE-2021-47609,CVE-2021-47611,CVE-2021-47612,CVE-2021-47614,CVE-2021-47615,CVE-2021-47616,CVE-2021-47617,CVE-2021-47618,CVE-2021-47619,CVE-2021-47620,CVE-2021-47622,CVE-2021-47624,CVE-2022-0854,CVE-2022-20368,CVE-2022-28748,CVE-2022-2964,CVE-2022-48711,CVE-2022-48712,CVE-2022-48713,CVE-2022-48715,CVE-2022-48717,CVE-2022-48720,CVE-2022-48721,CVE-2022-48722,CVE-2022-48723,CVE-2022-48724,CVE-2022-48725,CVE-2022-48726,CVE-2022-48727,CVE-2022-48728,CVE-2022-48729,CVE-2022-48730,CVE-2022-48732,CVE-2022-48734,CVE-2022-48735,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48739,CVE-2022-48740,CVE-2022-48743,CVE-2022-48744,CVE-2022-48745,CVE-2022-48746,CVE-2022-48747,CVE-2022-48749,CVE-2022-48751,CVE-2022-48752,CVE-2022-48754,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48761,CV E-2022-48763,CVE-2022-48765,CVE-2022-48767,CVE-2022-48768,CVE-2022-48769,CVE-2022-48771,CVE-2022-48773,CVE-2022-48774,CVE-2022-48775,CVE-2022-48776,CVE-2022-48777,CVE-2022-48778,CVE-2022-48780,CVE-2022-48783,CVE-2022-48784,CVE-2022-48786,CVE-2022-48787,CVE-2022-48788,CVE-2022-48789,CVE-2022-48790,CVE-2022-48791,CVE-2022-48792,CVE-2022-48793,CVE-2022-48794,CVE-2022-48796,CVE-2022-48797,CVE-2022-48798,CVE-2022-48799,CVE-2022-48800,CVE-2022-48801,CVE-2022-48802,CVE-2022-48803,CVE-2022-48804,CVE-2022-48805,CVE-2022-48806,CVE-2022-48807,CVE-2022-48811,CVE-2022-48812,CVE-2022-48813,CVE-2022-48814,CVE-2022-48815,CVE-2022-48816,CVE-2022-48817,CVE-2022-48818,CVE-2022-48820,CVE-2022-48821,CVE-2022-48822,CVE-2022-48823,CVE-2022-48824,CVE-2022-48825,CVE-2022-48826,CVE-2022-48827,CVE-2022-48828,CVE-2022-48829,CVE-2022-48830,CVE-2022-48831,CVE-2022-48834,CVE-2022-48835,CVE-2022-48836,CVE-2022-48837,CVE-2022-48838,CVE-2022-48839,CVE-2022-48840,CVE-2022-48841,CVE-2022-48842,CVE-2022-48843,CVE-2022- 48847,CVE-2022-48849,CVE-2022-48851,CVE-2022-48853,CVE-2022-48856,CVE-2022-48857,CVE-2022-48858,CVE-2022-48859,CVE-2022-48860,CVE-2022-48861,CVE-2022-48862,CVE-2022-48863,CVE-2022-48866,CVE-2023-1582,CVE-2023-37453,CVE-2023-52591,CVE-2023-52762,CVE-2023-52766,CVE-2023-52800,CVE-2023-52885,CVE-2023-52886,CVE-2024-26583,CVE-2024-26584,CVE-2024-26585,CVE-2024-26800,CVE-2024-26813,CVE-2024-26814,CVE-2024-26976,CVE-2024-35878,CVE-2024-35901,CVE-2024-35905,CVE-2024-36926,CVE-2024-36974,CVE-2024-38541,CVE-2024-38555,CVE-2024-38559,CVE-2024-39463,CVE-2024-39494,CVE-2024-40902,CVE-2024-40937,CVE-2024-40954,CVE-2024-40956,CVE-2024-40989,CVE-2024-40994,CVE-2024-41011,CVE-2024-41012,CVE-2024-41059,CVE-2024-41069,CVE-2024-41090,CVE-2024-42093,CVE-2024-42145,CVE-2024-42230 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495). - CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). The following non-security bugs were fixed: - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863). - X.509: Fix the parser of extended key usage for length (bsc#1218820). - btrfs: sysfs: update fs features directory asynchronously (bsc#1226168). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI: rtas: Workaround false positive due to lost definition (bsc#1227487). - kernel-binary: vdso: Own module_dir - net/dcb: check for detached device before executing callbacks (bsc#1215587). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2966-1 Released: Mon Aug 19 15:37:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issue: - agetty: Prevent login cursor escape (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3120-1 Released: Tue Sep 3 17:12:56 2024 Summary: Security update for buildah, docker Type: security Severity: critical References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3145-1 Released: Thu Sep 5 09:09:27 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228847 This update for dracut fixes the following issue: - Version update * fix(convertfs): error in conditional expressions (bsc#1228847). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:11 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3185-1 Released: Tue Sep 10 08:15:38 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226227 This update for cups fixes the following issues: - Fixed cupsd failing to authenticate users when group membership is required (bsc#1226227) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3210-1 Released: Wed Sep 11 17:39:30 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3221-1 Released: Thu Sep 12 13:18:18 2024 Summary: Security update for containerd Type: security Severity: important References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - containerd-ctr-1.7.21-150000.117.1 updated - containerd-1.7.21-150000.117.1 updated - cups-config-2.2.7-150000.3.65.1 updated - curl-8.0.1-150400.5.50.1 updated - dmidecode-3.6-150400.16.11.2 updated - docker-25.0.6_ce-150000.207.1 updated - dracut-055+suse.359.geb85610b-150400.3.37.2 updated - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated - grub2-i386-pc-2.06-150400.11.46.1 updated - grub2-x86_64-efi-2.06-150400.11.46.1 updated - grub2-2.06-150400.11.46.1 updated - kernel-default-5.14.21-150400.24.128.1 updated - libblkid1-2.37.2-150400.8.32.2 updated - libcups2-2.2.7-150000.3.65.1 updated - libcurl4-8.0.1-150400.5.50.1 updated - libexpat1-2.4.4-150400.3.22.1 updated - libfdisk1-2.37.2-150400.8.32.2 updated - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libmount1-2.37.2-150400.8.32.2 updated - libopenssl1_1-1.1.1l-150400.7.72.1 updated - libpcap1-1.10.1-150400.3.3.2 updated - libsmartcols1-2.37.2-150400.8.32.2 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libsystemd0-249.17-150400.8.43.1 updated - libudev1-249.17-150400.8.43.1 updated - libuuid1-2.37.2-150400.8.32.2 updated - libzypp-17.35.8-150400.3.85.1 updated - openssl-1_1-1.1.1l-150400.7.72.1 updated - pam-1.3.0-150000.6.71.2 updated - python3-setuptools-44.1.1-150400.9.9.1 updated - runc-1.1.14-150000.70.1 updated - sles-release-15.4-150400.58.10.2 updated - supportutils-3.2.8-150300.7.35.33.1 updated - suse-build-key-12.0-150000.8.52.3 updated - systemd-sysvinit-249.17-150400.8.43.1 updated - systemd-249.17-150400.8.43.1 updated - udev-249.17-150400.8.43.1 updated - util-linux-systemd-2.37.2-150400.8.32.2 updated - util-linux-2.37.2-150400.8.32.2 updated - zypper-1.14.76-150400.3.57.16 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - libprotobuf-lite25_1_0-25.1-150400.9.6.1 removed From sle-container-updates at lists.suse.com Fri Sep 13 15:32:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Sep 2024 17:32:33 +0200 (CEST) Subject: SUSE-IU-2024:1233-1: Security update of sles-15-sp5-chost-byos-v20240912-arm64 Message-ID: <20240913153233.B2EABF7A3@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20240912-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1233-1 Image Tags : sles-15-sp5-chost-byos-v20240912-arm64:20240912 Image Release : Severity : critical Type : security References : 1027519 1081596 1200528 1214855 1217070 1218297 1219267 1219268 1219438 1221243 1221479 1221677 1221916 1222021 1223094 1223409 1224044 1224117 1224771 1225267 1226014 1226030 1226414 1226493 1227114 1227127 1227205 1227625 1227793 1228043 1228091 1228105 1228138 1228206 1228208 1228265 1228324 1228398 1228420 1228535 1228553 1228574 1228575 1228787 1228847 1229339 1229930 1229931 1229932 1230020 1230034 1230092 1230093 222971 CVE-2022-1996 CVE-2023-45142 CVE-2023-47108 CVE-2023-7008 CVE-2023-7256 CVE-2024-1753 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-28180 CVE-2024-31145 CVE-2024-31146 CVE-2024-34397 CVE-2024-3727 CVE-2024-41110 CVE-2024-45310 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-6345 CVE-2024-7264 CVE-2024-8006 CVE-2024-8096 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20240912-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3075-1 Released: Mon Sep 2 16:41:07 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1228574,1228575,CVE-2024-31145,CVE-2024-31146 This update for xen fixes the following issues: - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) - CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) Other fixes: - Update to Xen 4.17.5 security bug fix release (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3120-1 Released: Tue Sep 3 17:12:56 2024 Summary: Security update for buildah, docker Type: security Severity: critical References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3143-1 Released: Wed Sep 4 12:45:50 2024 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: 1227114 This update for sles-release fixes the following issue: - Increment Codestream lifecycle by 3 years. - Set Product EOL date. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3146-1 Released: Thu Sep 5 09:14:53 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228398,1228847 This update for dracut fixes the following issues: - Version update with: * feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398). * fix(convertfs) error in conditional expressions (bsc#1228847). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:14 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3210-1 Released: Wed Sep 11 17:39:30 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3221-1 Released: Thu Sep 12 13:18:18 2024 Summary: Security update for containerd Type: security Severity: important References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) The following package changes have been done: - containerd-ctr-1.7.21-150000.117.1 updated - containerd-1.7.21-150000.117.1 updated - curl-8.0.1-150400.5.50.1 updated - docker-25.0.6_ce-150000.207.1 updated - dracut-055+suse.392.g7930ab23-150500.3.24.2 updated - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated - libcurl4-8.0.1-150400.5.50.1 updated - libexpat1-2.4.4-150400.3.22.1 updated - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libpcap1-1.10.1-150400.3.3.2 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libsystemd0-249.17-150400.8.43.1 updated - libudev1-249.17-150400.8.43.1 updated - libzypp-17.35.8-150500.6.13.1 updated - python3-setuptools-44.1.1-150400.9.9.1 updated - runc-1.1.14-150000.70.1 updated - sles-release-15.5-150500.61.4.1 updated - supportutils-3.2.8-150300.7.35.33.1 updated - suse-build-key-12.0-150000.8.52.3 updated - systemd-sysvinit-249.17-150400.8.43.1 updated - systemd-249.17-150400.8.43.1 updated - udev-249.17-150400.8.43.1 updated - xen-libs-4.17.5_02-150500.3.36.1 updated - zypper-1.14.76-150500.6.6.15 updated - libabsl2401_0_0-20240116.1-150500.13.7.8 removed - libprotobuf-lite25_1_0-25.1-150500.12.2.2 removed From sle-container-updates at lists.suse.com Fri Sep 13 15:32:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Sep 2024 17:32:57 +0200 (CEST) Subject: SUSE-IU-2024:1235-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20240913153257.53C90F7A3@maintenance.suse.de> SUSE Image Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1235-1 Image Tags : rancher/elemental-channel/sl-micro:6.0-baremetal , rancher/elemental-channel/sl-micro:6.0-baremetal-2.12 Image Release : 2.12 Severity : important Type : security References : 1221482 1221940 1222992 1223423 1223424 1223425 1228041 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 9 Released: Fri Aug 9 10:33:34 2024 Summary: Recommended update for bash, libcap-ng, libselinux, libselinux-bindings, libsemanage, zypper Type: recommended Severity: low References: This update fixes the following issues: - No change rebuild due to dependency changes. ----------------------------------------------------------------- Advisory ID: 32 Released: Thu Sep 5 12:12:35 2024 Summary: Security update for glibc Type: security Severity: important References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu The following package changes have been done: - compat-usrmerge-tools-84.87-2.195 added - system-user-root-20190513-2.208 updated - filesystem-84.87-5.2 updated - glibc-2.38-7.1 updated - libsepol2-3.5-2.196 added - libpcre2-8-0-10.42-2.179 added - libcrypt1-4.4.36-1.134 added - libselinux1-3.5-3.1 added - container:suse-toolbox-image-1.0.0-6.51 added - container:bci-bci-busybox-15.5-- removed - container:suse-sle-micro-5.5-latest-- removed - elemental-register-1.4.4-150500.3.6.1 removed - jq-1.6-3.3.1 removed - libjq1-1.6-3.3.1 removed - libonig4-6.7.0-150000.3.3.1 removed From sle-container-updates at lists.suse.com Fri Sep 13 15:33:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Sep 2024 17:33:07 +0200 (CEST) Subject: SUSE-CU-2024:4257-1: Security update of rancher/elemental-operator Message-ID: <20240913153307.4A93AF7A3@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4257-1 Container Tags : rancher/elemental-operator:1.6.4 , rancher/elemental-operator:1.6.4-2.12 , rancher/elemental-operator:latest Container Release : 2.12 Severity : important Type : security References : 1188441 1199079 1220356 1220724 1221239 1221482 1221940 1222992 1223423 1223424 1223425 1227525 1228041 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 9 Released: Fri Aug 9 10:33:34 2024 Summary: Recommended update for bash, libcap-ng, libselinux, libselinux-bindings, libsemanage, zypper Type: recommended Severity: low References: This update fixes the following issues: - No change rebuild due to dependency changes. ----------------------------------------------------------------- Advisory ID: 24 Released: Wed Aug 28 13:31:01 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1199079,1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: 29 Released: Wed Sep 4 12:41:35 2024 Summary: Recommended update for gcc13 Type: recommended Severity: important References: 1188441,1220724,1221239 This update for gcc13 fixes the following issues: - Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] ----------------------------------------------------------------- Advisory ID: 32 Released: Thu Sep 5 12:12:35 2024 Summary: Security update for glibc Type: security Severity: important References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu The following package changes have been done: - compat-usrmerge-tools-84.87-2.195 added - system-user-root-20190513-2.208 updated - filesystem-84.87-5.2 updated - glibc-2.38-7.1 updated - libtasn1-6-4.19.0-2.7 updated - libpcre2-8-0-10.42-2.179 added - libgmp10-6.3.0-1.119 updated - libgcc_s1-13.3.0+git8781-1.1 updated - libffi8-3.4.4-2.182 added - libcap2-2.69-2.83 updated - libattr1-2.5.1-2.193 updated - libacl1-2.3.1-2.187 updated - libselinux1-3.5-3.1 updated - libstdc++6-13.3.0+git8781-1.1 updated - libncurses6-6.4.20240224-10.2 updated - terminfo-base-6.4.20240224-10.2 updated - libp11-kit0-0.25.3-1.6 updated - libreadline8-8.2-2.180 added - bash-5.2.15-3.1 updated - p11-kit-0.25.3-1.6 updated - p11-kit-tools-0.25.3-1.6 updated - bash-sh-5.2.15-3.1 updated - coreutils-9.4-4.8 updated - ca-certificates-2+git20230406.2dae8b7-2.8 updated - ca-certificates-mozilla-2.68-1.1 updated - container:suse-toolbox-image-1.0.0-6.51 added - container:suse-sle15-15.5-- removed - crypto-policies-20210917.c9d86d1-150400.3.6.1 removed - findutils-4.8.0-1.20 removed - info-6.5-4.17 removed - libbz2-1-1.0.8-150400.1.122 removed - libffi7-3.2.1.git259-10.8 removed - libjitterentropy3-3.4.1-150000.1.12.1 removed - liblzma5-5.2.3-150000.4.7.1 removed - libopenssl1_1-1.1.1l-150500.17.31.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.31.1 removed - libreadline7-7.0-150400.25.22 removed - libtasn1-4.13-150000.4.8.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzio1-1.06-2.20 removed - openssl-1_1-1.1.1l-150500.17.31.1 removed - patterns-base-fips-20200124-150400.20.4.1 removed From sle-container-updates at lists.suse.com Fri Sep 13 15:33:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Sep 2024 17:33:13 +0200 (CEST) Subject: SUSE-CU-2024:4258-1: Security update of rancher/seedimage-builder Message-ID: <20240913153313.9F5E0F7A3@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4258-1 Container Tags : rancher/seedimage-builder:1.6.4 , rancher/seedimage-builder:1.6.4-2.12 , rancher/seedimage-builder:latest Container Release : 2.12 Severity : important Type : security References : 1188441 1199079 1220356 1220724 1221239 1221289 1221399 1221482 1221665 1221666 1221667 1221668 1221940 1222992 1223423 1223424 1223425 1224282 1227525 1227888 1228041 1228535 1229930 1229931 1229932 CVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466 CVE-2024-28182 CVE-2024-28757 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-34459 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container rancher/seedimage-builder was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 9 Released: Fri Aug 9 10:33:34 2024 Summary: Recommended update for bash, libcap-ng, libselinux, libselinux-bindings, libsemanage, zypper Type: recommended Severity: low References: This update fixes the following issues: - No change rebuild due to dependency changes. ----------------------------------------------------------------- Advisory ID: 18 Released: Tue Aug 20 13:47:06 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: 24 Released: Wed Aug 28 13:31:01 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1199079,1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: 29 Released: Wed Sep 4 12:41:35 2024 Summary: Recommended update for gcc13 Type: recommended Severity: important References: 1188441,1220724,1221239 This update for gcc13 fixes the following issues: - Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] ----------------------------------------------------------------- Advisory ID: 30 Released: Wed Sep 4 16:07:40 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221666,1221667,1221668,1227888,1228535,CVE-2024-2004,CVE-2024-2379,CVE-2024-2398,CVE-2024-2466,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: Security issues fixed: - CVE-2024-7264: ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Freeing stack buffer in utf8asn1str (bsc#1227888) - CVE-2024-2379: QUIC certificate check bypass with wolfSSL (bsc#1221666) - CVE-2024-2466: TLS certificate check bypass with mbedTLS (bsc#1221668) - CVE-2024-2004: Usage of disabled protocol (bsc#1221665) - CVE-2024-2398: HTTP/2 push headers memory-leak (bsc#1221667) Non-security issue fixed: - Fixed various TLS related issues including FTP over SSL transmission timeouts. ----------------------------------------------------------------- Advisory ID: 32 Released: Thu Sep 5 12:12:35 2024 Summary: Security update for glibc Type: security Severity: important References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu ----------------------------------------------------------------- Advisory ID: 44 Released: Wed Sep 11 13:33:01 2024 Summary: Security update for expat Type: security Severity: important References: 1221289,1229930,1229931,1229932,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: detect integer overflow in function nextScaffoldPart (bsc#1229932) - CVE-2024-45491: detect integer overflow in dtdCopy (bsc#1229931) - CVE-2024-45490: reject negative len for XML_ParseBuffer (bsc#1229930) - CVE-2024-28757: XML Entity Expansion attack when there is isolated use of external parsers (bsc#1221289) ----------------------------------------------------------------- Advisory ID: 45 Released: Wed Sep 11 13:41:31 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in (bsc#1224282) The following package changes have been done: - boost-license1_84_0-1.84.0-1.4 added - compat-usrmerge-tools-84.87-2.195 added - crypto-policies-20230920.570ea89-1.50 updated - file-magic-5.44-4.151 added - kbd-legacy-2.6.4-1.3 added - libsemanage-conf-3.5-3.1 added - libssh-config-0.10.6-1.12 updated - pkgconf-m4-1.8.0-2.205 added - system-user-root-20190513-2.208 updated - filesystem-84.87-5.2 updated - glibc-2.38-7.1 updated - libzstd1-1.5.5-8.142 updated - libz1-1.2.13-6.138 updated - libverto1-0.3.2-12.5 updated - libuuid1-2.39.3-2.7 added - libunistring5-1.1-2.8 added - libtasn1-6-4.19.0-2.7 updated - libsmartcols1-2.39.3-2.7 added - libsepol2-3.5-2.196 added - libseccomp2-2.5.4-2.199 added - libsasl2-3-2.1.28-5.7 updated - libpopt0-1.19-2.184 added - libpkgconf3-1.8.0-2.205 added - libpcre2-8-0-10.42-2.179 added - libnss_usrfiles2-2.27-2.185 added - libnghttp2-14-1.52.0-5.1 updated - liblzma5-5.4.3-4.166 updated - liblz4-1-1.9.4-2.8 added - liblua5_4-5-5.4.6-1.68 added - libkeyutils1-1.6.3-2.8 updated - libip4tc2-1.8.9-2.9 added - libgpg-error0-1.47-4.136 added - libgmp10-6.3.0-1.119 updated - libgcc_s1-13.3.0+git8781-1.1 updated - libffi8-3.4.4-2.182 added - libexpat1-2.5.0-3.1 added - libeconf0-0.6.1-1.13 added - libcrypt1-4.4.36-1.134 added - libcom_err2-1.47.0-2.3 updated - libcap2-2.69-2.83 updated - libcap-ng0-0.8.3-4.1 added - libbz2-1-1.0.8-2.191 updated - libbrotlicommon1-1.1.0-1.6 updated - libblkid1-2.39.3-2.7 added - libaudit1-3.0.9-3.143 added - libattr1-2.5.1-2.193 updated - libalternatives1-1.2+30.a5431e9-2.12 added - libacl1-2.3.1-2.187 updated - fillup-1.42-2.7 added - diffutils-3.10-2.101 added - libidn2-0-2.3.4-2.6 updated - pkgconf-1.8.0-2.205 added - libselinux1-3.5-3.1 updated - netcfg-11.6-4.42 added - libxml2-2-2.11.6-3.1 added - libgcrypt20-1.10.3-1.37 added - libstdc++6-13.3.0+git8781-1.1 updated - libncurses6-6.4.20240224-10.2 updated - terminfo-base-6.4.20240224-10.2 updated - libp11-kit0-0.25.3-1.6 updated - perl-base-5.38.2-1.52 added - libudev1-254.9-1.9 added - chkstat-1600_20240206-1.8 added - libzio1-1.08-2.192 updated - libmagic1-5.44-4.151 added - libbrotlidec1-1.1.0-1.6 updated - libfdisk1-2.39.3-2.7 added - alts-1.2+30.a5431e9-2.12 added - libpsl5-0.21.2-2.5 updated - sed-4.9-2.9 added - libsubid4-4.15.1-1.1 added - libsemanage2-3.5-3.1 added - libmount1-2.39.3-2.7 added - findutils-4.9.0-2.181 updated - libsystemd0-254.9-1.9 added - libreadline8-8.2-2.180 added - bash-5.2.15-3.1 updated - p11-kit-0.25.3-1.6 updated - p11-kit-tools-0.25.3-1.6 updated - ncurses-utils-6.4.20240224-10.2 added - libboost_thread1_84_0-1.84.0-1.4 added - bash-sh-5.2.15-3.1 updated - xz-5.4.3-4.166 added - systemd-default-settings-branding-openSUSE-0.7-2.4 added - systemd-default-settings-0.7-2.4 added - pkgconf-pkg-config-1.8.0-2.205 added - login_defs-4.15.1-1.1 added - grep-3.11-4.8 added - coreutils-9.4-4.8 updated - systemd-presets-common-SUSE-15-5.1 added - rpm-config-SUSE-20240214-1.1 added - rpm-4.18.0-6.133 added - permissions-config-1600_20240206-1.8 added - glibc-locale-base-2.38-7.1 added - ca-certificates-2+git20230406.2dae8b7-2.8 updated - ca-certificates-mozilla-2.68-1.1 updated - systemd-presets-branding-ALP-transactional-20230214-3.1 added - permissions-1600_20240206-1.8 added - libopenssl3-3.1.4-5.6 added - pam-1.6.0-2.22 added - libldap2-2.6.4-4.12 added - libkmod2-30-10.56 added - krb5-1.20.1-4.11 updated - util-linux-2.39.3-2.7 added - shadow-4.15.1-1.1 added - pam-config-2.11-1.1 added - kbd-2.6.4-1.3 added - libssh4-0.10.6-1.12 updated - libcurl4-8.6.0-2.1 updated - curl-8.6.0-2.1 updated - aaa_base-84.87+git20230815.cab7b44-1.8 added - dbus-1-daemon-1.14.10-1.11 added - dbus-1-tools-1.14.10-1.11 added - systemd-254.9-1.9 added - sysuser-shadow-3.1-2.197 added - dbus-1-common-1.14.10-1.11 added - libdbus-1-3-1.14.10-1.11 added - dbus-1-1.14.10-1.11 added - container:suse-toolbox-image-1.0.0-6.51 added - container:suse-sle15-15.5-- removed - info-6.5-4.17 removed - libffi7-3.2.1.git259-10.8 removed - libjitterentropy3-3.4.1-150000.1.12.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - libopenssl1_1-1.1.1l-150500.17.31.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.31.1 removed - libreadline7-7.0-150400.25.22 removed - libtasn1-4.13-150000.4.8.1 removed - libunistring2-0.9.10-1.1 removed - openssl-1_1-1.1.1l-150500.17.31.1 removed - patterns-base-fips-20200124-150400.20.4.1 removed From sle-container-updates at lists.suse.com Sat Sep 14 07:01:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Sep 2024 09:01:30 +0200 (CEST) Subject: SUSE-IU-2024:1239-1: Security update of suse-sles-15-sp5-chost-byos-v20240912-hvm-ssd-x86_64 Message-ID: <20240914070130.82566FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240912-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1239-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240912-hvm-ssd-x86_64:20240912 Image Release : Severity : critical Type : security References : 1027519 1081596 1200528 1214855 1217070 1218297 1219267 1219268 1219438 1221243 1221479 1221677 1221916 1222021 1223094 1223409 1224044 1224117 1224771 1225267 1226014 1226030 1226414 1226493 1227114 1227127 1227205 1227625 1227793 1228043 1228091 1228105 1228138 1228206 1228208 1228265 1228324 1228398 1228420 1228535 1228553 1228574 1228575 1228787 1228847 1229339 1229930 1229931 1229932 1230020 1230034 1230092 1230093 222971 CVE-2022-1996 CVE-2023-45142 CVE-2023-47108 CVE-2023-7008 CVE-2023-7256 CVE-2024-1753 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-28180 CVE-2024-31145 CVE-2024-31146 CVE-2024-34397 CVE-2024-3727 CVE-2024-41110 CVE-2024-45310 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-6345 CVE-2024-7264 CVE-2024-8006 CVE-2024-8096 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240912-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3075-1 Released: Mon Sep 2 16:41:07 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1228574,1228575,CVE-2024-31145,CVE-2024-31146 This update for xen fixes the following issues: - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) - CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) Other fixes: - Update to Xen 4.17.5 security bug fix release (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3120-1 Released: Tue Sep 3 17:12:57 2024 Summary: Security update for buildah, docker Type: security Severity: critical References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3143-1 Released: Wed Sep 4 12:45:50 2024 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: 1227114 This update for sles-release fixes the following issue: - Increment Codestream lifecycle by 3 years. - Set Product EOL date. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3146-1 Released: Thu Sep 5 09:14:53 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228398,1228847 This update for dracut fixes the following issues: - Version update with: * feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398). * fix(convertfs) error in conditional expressions (bsc#1228847). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:14 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3210-1 Released: Wed Sep 11 17:39:30 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3221-1 Released: Thu Sep 12 13:18:18 2024 Summary: Security update for containerd Type: security Severity: important References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) The following package changes have been done: - containerd-ctr-1.7.21-150000.117.1 updated - containerd-1.7.21-150000.117.1 updated - curl-8.0.1-150400.5.50.1 updated - docker-25.0.6_ce-150000.207.1 updated - dracut-055+suse.392.g7930ab23-150500.3.24.2 updated - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated - libcurl4-8.0.1-150400.5.50.1 updated - libexpat1-2.4.4-150400.3.22.1 updated - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libpcap1-1.10.1-150400.3.3.2 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libsystemd0-249.17-150400.8.43.1 updated - libudev1-249.17-150400.8.43.1 updated - libzypp-17.35.8-150500.6.13.1 updated - python3-setuptools-44.1.1-150400.9.9.1 updated - runc-1.1.14-150000.70.1 updated - sles-release-15.5-150500.61.4.1 updated - supportutils-3.2.8-150300.7.35.33.1 updated - suse-build-key-12.0-150000.8.52.3 updated - systemd-sysvinit-249.17-150400.8.43.1 updated - systemd-249.17-150400.8.43.1 updated - udev-249.17-150400.8.43.1 updated - xen-libs-4.17.5_02-150500.3.36.1 updated - xen-tools-domU-4.17.5_02-150500.3.36.1 updated - zypper-1.14.76-150500.6.6.15 updated - libabsl2401_0_0-20240116.1-150500.13.7.8 removed - libprotobuf-lite25_1_0-25.1-150500.12.2.2 removed From sle-container-updates at lists.suse.com Sat Sep 14 07:03:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Sep 2024 09:03:04 +0200 (CEST) Subject: SUSE-CU-2024:4259-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240914070304.72DABFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4259-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.26 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.26 Severity : moderate Type : security References : 1228216 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3238-1 Released: Fri Sep 13 11:56:14 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3242-1 Released: Fri Sep 13 15:57:29 2024 Summary: Recommended update for strace Type: recommended Severity: moderate References: 1228216 This update for strace fixes the following issue: - Change the license to the correct LGPL-2.1-or-later (bsc#1228216). The following package changes have been done: - libblkid1-2.37.2-150400.8.35.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - libfdisk1-2.37.2-150400.8.35.2 updated - libmount1-2.37.2-150400.8.35.2 updated - libsmartcols1-2.37.2-150400.8.35.2 updated - libuuid1-2.37.2-150400.8.35.2 updated - strace-5.14-150400.3.3.2 updated - util-linux-2.37.2-150400.8.35.2 updated From sle-container-updates at lists.suse.com Sat Sep 14 07:04:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Sep 2024 09:04:11 +0200 (CEST) Subject: SUSE-CU-2024:4260-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240914070411.AAF1AFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4260-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.27 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.27 Severity : moderate Type : security References : 1228216 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3238-1 Released: Fri Sep 13 11:56:14 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3242-1 Released: Fri Sep 13 15:57:29 2024 Summary: Recommended update for strace Type: recommended Severity: moderate References: 1228216 This update for strace fixes the following issue: - Change the license to the correct LGPL-2.1-or-later (bsc#1228216). The following package changes have been done: - libblkid1-2.37.2-150400.8.35.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - libfdisk1-2.37.2-150400.8.35.2 updated - libmount1-2.37.2-150400.8.35.2 updated - libsmartcols1-2.37.2-150400.8.35.2 updated - libuuid1-2.37.2-150400.8.35.2 updated - strace-5.14-150400.3.3.2 updated - util-linux-2.37.2-150400.8.35.2 updated From sle-container-updates at lists.suse.com Sat Sep 14 07:05:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Sep 2024 09:05:02 +0200 (CEST) Subject: SUSE-CU-2024:4261-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240914070502.49352FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4261-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.41 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.41 Severity : moderate Type : security References : 1228216 1229930 1229931 1229932 1230093 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3242-1 Released: Fri Sep 13 15:57:29 2024 Summary: Recommended update for strace Type: recommended Severity: moderate References: 1228216 This update for strace fixes the following issue: - Change the license to the correct LGPL-2.1-or-later (bsc#1228216). The following package changes have been done: - libcurl4-8.0.1-150400.5.50.1 updated - libexpat1-2.4.4-150400.3.22.1 updated - strace-5.14-150400.3.3.2 updated - container:sles15-image-15.0.0-36.14.22 updated From sle-container-updates at lists.suse.com Sat Sep 14 07:09:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Sep 2024 09:09:21 +0200 (CEST) Subject: SUSE-CU-2024:4263-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20240914070921.572BBFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4263-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.24 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.24 Severity : moderate Type : recommended References : 1194818 1228216 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3240-1 Released: Fri Sep 13 12:07:02 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3241-1 Released: Fri Sep 13 15:51:32 2024 Summary: Recommended update for strace Type: recommended Severity: moderate References: 1228216 This update for strace fixes the following issue: - Change the license to the correct LGPL-2.1-or-later (bsc#1228216). The following package changes have been done: - libblkid1-2.36.2-150300.4.47.4 updated - libfdisk1-2.36.2-150300.4.47.4 updated - libmount1-2.36.2-150300.4.47.4 updated - libsmartcols1-2.36.2-150300.4.47.4 updated - libuuid1-2.36.2-150300.4.47.4 updated - strace-5.3-150200.3.3.2 updated - util-linux-2.36.2-150300.4.47.4 updated From sle-container-updates at lists.suse.com Sat Sep 14 07:10:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Sep 2024 09:10:30 +0200 (CEST) Subject: SUSE-CU-2024:4264-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240914071030.6F503FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4264-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.26 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.26 Severity : moderate Type : recommended References : 1194818 1228216 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3240-1 Released: Fri Sep 13 12:07:02 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3241-1 Released: Fri Sep 13 15:51:32 2024 Summary: Recommended update for strace Type: recommended Severity: moderate References: 1228216 This update for strace fixes the following issue: - Change the license to the correct LGPL-2.1-or-later (bsc#1228216). The following package changes have been done: - libblkid1-2.36.2-150300.4.47.4 updated - libfdisk1-2.36.2-150300.4.47.4 updated - libmount1-2.36.2-150300.4.47.4 updated - libsmartcols1-2.36.2-150300.4.47.4 updated - libuuid1-2.36.2-150300.4.47.4 updated - strace-5.3-150200.3.3.2 updated - util-linux-2.36.2-150300.4.47.4 updated From sle-container-updates at lists.suse.com Sun Sep 15 07:01:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:01:48 +0200 (CEST) Subject: SUSE-IU-2024:1291-1: Security update of suse-sles-15-sp5-chost-byos-v20240912-x86_64-gen2 Message-ID: <20240915070148.765EBFCC1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240912-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1291-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240912-x86_64-gen2:20240912 Image Release : Severity : critical Type : security References : 1027519 1081596 1200528 1214855 1217070 1218297 1219267 1219268 1219438 1221243 1221479 1221677 1221916 1222021 1223094 1223409 1224044 1224117 1224771 1225267 1226014 1226030 1226414 1226493 1227114 1227127 1227205 1227625 1227793 1228043 1228091 1228105 1228138 1228206 1228208 1228265 1228324 1228398 1228420 1228535 1228553 1228574 1228575 1228787 1228847 1229339 1229930 1229931 1229932 1230020 1230034 1230092 1230093 222971 CVE-2022-1996 CVE-2023-45142 CVE-2023-47108 CVE-2023-7008 CVE-2023-7256 CVE-2024-1753 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-28180 CVE-2024-31145 CVE-2024-31146 CVE-2024-34397 CVE-2024-3727 CVE-2024-41110 CVE-2024-45310 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-6345 CVE-2024-7264 CVE-2024-8006 CVE-2024-8096 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240912-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3075-1 Released: Mon Sep 2 16:41:07 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1228574,1228575,CVE-2024-31145,CVE-2024-31146 This update for xen fixes the following issues: - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) - CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) Other fixes: - Update to Xen 4.17.5 security bug fix release (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3120-1 Released: Tue Sep 3 17:12:56 2024 Summary: Security update for buildah, docker Type: security Severity: critical References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3143-1 Released: Wed Sep 4 12:45:50 2024 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: 1227114 This update for sles-release fixes the following issue: - Increment Codestream lifecycle by 3 years. - Set Product EOL date. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3146-1 Released: Thu Sep 5 09:14:53 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228398,1228847 This update for dracut fixes the following issues: - Version update with: * feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398). * fix(convertfs) error in conditional expressions (bsc#1228847). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:14 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3210-1 Released: Wed Sep 11 17:39:30 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3221-1 Released: Thu Sep 12 13:18:18 2024 Summary: Security update for containerd Type: security Severity: important References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) The following package changes have been done: - containerd-ctr-1.7.21-150000.117.1 updated - containerd-1.7.21-150000.117.1 updated - curl-8.0.1-150400.5.50.1 updated - docker-25.0.6_ce-150000.207.1 updated - dracut-055+suse.392.g7930ab23-150500.3.24.2 updated - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated - libcurl4-8.0.1-150400.5.50.1 updated - libexpat1-2.4.4-150400.3.22.1 updated - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libpcap1-1.10.1-150400.3.3.2 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libsystemd0-249.17-150400.8.43.1 updated - libudev1-249.17-150400.8.43.1 updated - libzypp-17.35.8-150500.6.13.1 updated - python-azure-agent-config-server-2.9.1.1-150100.3.44.2 updated - python-azure-agent-2.9.1.1-150100.3.44.2 updated - python3-setuptools-44.1.1-150400.9.9.1 updated - runc-1.1.14-150000.70.1 updated - sles-release-15.5-150500.61.4.1 updated - supportutils-3.2.8-150300.7.35.33.1 updated - suse-build-key-12.0-150000.8.52.3 updated - systemd-sysvinit-249.17-150400.8.43.1 updated - systemd-249.17-150400.8.43.1 updated - udev-249.17-150400.8.43.1 updated - xen-libs-4.17.5_02-150500.3.36.1 updated - zypper-1.14.76-150500.6.6.15 updated - libabsl2401_0_0-20240116.1-150500.13.7.8 removed - libprotobuf-lite25_1_0-25.1-150500.12.2.2 removed From sle-container-updates at lists.suse.com Sun Sep 15 07:02:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:02:19 +0200 (CEST) Subject: SUSE-IU-2024:1292-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20240915070219.E960CFCC1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1292-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.78 , suse/sle-micro/base-5.5:latest Image Release : 5.8.78 Severity : moderate Type : security References : 1230093 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.0.1-150400.5.50.1 updated - curl-8.0.1-150400.5.50.1 updated From sle-container-updates at lists.suse.com Sun Sep 15 07:02:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:02:28 +0200 (CEST) Subject: SUSE-IU-2024:1293-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20240915070228.CA4A7FCC1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1293-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.157 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.157 Severity : moderate Type : security References : 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.37.4-150500.9.17.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - libblkid1-2.37.4-150500.9.17.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libmount1-2.37.4-150500.9.17.2 updated - util-linux-2.37.4-150500.9.17.2 updated - util-linux-systemd-2.37.4-150500.9.17.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.78 updated From sle-container-updates at lists.suse.com Sun Sep 15 07:02:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:02:39 +0200 (CEST) Subject: SUSE-IU-2024:1294-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20240915070239.1905EFCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1294-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.169 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.169 Severity : moderate Type : security References : 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.37.4-150500.9.17.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - libblkid1-2.37.4-150500.9.17.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libmount1-2.37.4-150500.9.17.2 updated - util-linux-2.37.4-150500.9.17.2 updated - util-linux-systemd-2.37.4-150500.9.17.2 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.129 updated From sle-container-updates at lists.suse.com Sun Sep 15 07:08:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:08:10 +0200 (CEST) Subject: SUSE-CU-2024:4267-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240915070810.C4572FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4267-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.26 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.26 Container Release : 6.26 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3240-1 Released: Fri Sep 13 12:07:02 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). The following package changes have been done: - libblkid1-2.36.2-150300.4.47.4 updated - libfdisk1-2.36.2-150300.4.47.4 updated - libmount1-2.36.2-150300.4.47.4 updated - libsmartcols1-2.36.2-150300.4.47.4 updated - libuuid1-2.36.2-150300.4.47.4 updated - util-linux-2.36.2-150300.4.47.4 updated From sle-container-updates at lists.suse.com Sun Sep 15 07:08:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:08:17 +0200 (CEST) Subject: SUSE-CU-2024:4268-1: Security update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20240915070817.ED292FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4268-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.4.4 Container Release : 4.4 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:sles15-ltss-image-15.0.0-5.19 updated From sle-container-updates at lists.suse.com Sun Sep 15 07:13:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:13:18 +0200 (CEST) Subject: SUSE-CU-2024:4270-1: Security update of bci/openjdk-devel Message-ID: <20240915071318.0B7B2FCF7@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4270-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-27.2 Container Release : 27.2 Severity : moderate Type : security References : 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.37.4-150500.9.17.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libblkid1-2.37.4-150500.9.17.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libmount1-2.37.4-150500.9.17.2 updated - util-linux-2.37.4-150500.9.17.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-openjdk-11-15.5.11-28.2 updated From sle-container-updates at lists.suse.com Sun Sep 15 07:14:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:14:20 +0200 (CEST) Subject: SUSE-CU-2024:4271-1: Security update of bci/openjdk Message-ID: <20240915071420.06CC5FCF7@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4271-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-30.2 Container Release : 30.2 Severity : moderate Type : security References : 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.37.4-150500.9.17.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - container:sles15-image-15.0.0-36.14.23 updated From sle-container-updates at lists.suse.com Sun Sep 15 07:15:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:15:17 +0200 (CEST) Subject: SUSE-CU-2024:4273-1: Security update of suse/389-ds Message-ID: <20240915071517.E8CD6FCF7@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4273-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-42.1 , suse/389-ds:latest Container Release : 42.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:suse-sle15-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Sun Sep 15 07:16:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:16:32 +0200 (CEST) Subject: SUSE-CU-2024:4280-1: Security update of suse/git Message-ID: <20240915071632.CD0E5FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4280-1 Container Tags : suse/git:2 , suse/git:2-23.5 , suse/git:2.43 , suse/git:2.43-23.5 , suse/git:2.43.0 , suse/git:2.43.0-23.5 , suse/git:latest Container Release : 23.5 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-micro-15.6-5e0f4fabbbe014adf3b87a3e7074d50e59724c734bef1db25e785ee1baae6d87-0 added - container:micro-image-15.6.0-24.3 removed From sle-container-updates at lists.suse.com Sun Sep 15 07:16:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:16:42 +0200 (CEST) Subject: SUSE-CU-2024:4281-1: Security update of bci/golang Message-ID: <20240915071642.ECC1AFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4281-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-42.1 , bci/golang:1.20.12.1 , bci/golang:1.20.12.1-42.1 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-42.1 Container Release : 42.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Sun Sep 15 07:16:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:16:49 +0200 (CEST) Subject: SUSE-CU-2024:4282-1: Security update of bci/golang Message-ID: <20240915071649.091F1FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4282-1 Container Tags : bci/golang:1.23 , bci/golang:1.23-1.36.1 , bci/golang:1.23.1 , bci/golang:1.23.1-1.36.1 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.36.1 Container Release : 36.1 Severity : moderate Type : security References : 1229122 1229930 1229931 1229932 1230252 1230253 1230254 CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3214-1 Released: Thu Sep 12 11:33:59 2024 Summary: Security update for go1.23 Type: security Severity: moderate References: 1229122,1230252,1230253,1230254,CVE-2024-34155,CVE-2024-34156,CVE-2024-34158 This update for go1.23 fixes the following issues: - Update go v1.23.1 - CVE-2024-34155: Fixed stack exhaustion in all Parse* functions. (bsc#1230252) - CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. (bsc#1230253) - CVE-2024-34158: Fixed stack exhaustion in Parse. (bsc#1230254) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - go1.23-doc-1.23.1-150000.1.6.1 updated - libexpat1-2.4.4-150400.3.22.1 updated - go1.23-1.23.1-150000.1.6.1 updated - go1.23-race-1.23.1-150000.1.6.1 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Sun Sep 15 07:17:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:17:01 +0200 (CEST) Subject: SUSE-CU-2024:4284-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240915071701.B75AAFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4284-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.32 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.32 Severity : moderate Type : security References : 1226497 1228216 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3235-1 Released: Fri Sep 13 08:50:24 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1226497 This update for grub2 fixes the following issues: - Fix failure in bli module (bsc#1226497) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3242-1 Released: Fri Sep 13 15:57:29 2024 Summary: Recommended update for strace Type: recommended Severity: moderate References: 1228216 This update for strace fixes the following issue: - Change the license to the correct LGPL-2.1-or-later (bsc#1228216). The following package changes have been done: - grub2-i386-pc-2.12-150600.8.6.1 updated - grub2-x86_64-efi-2.12-150600.8.6.1 updated - grub2-2.12-150600.8.6.1 updated - libblkid1-2.39.3-150600.4.12.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libmount1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libuuid1-2.39.3-150600.4.12.2 updated - strace-5.14-150400.3.3.2 updated - util-linux-systemd-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated From sle-container-updates at lists.suse.com Sun Sep 15 07:17:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:17:10 +0200 (CEST) Subject: SUSE-CU-2024:4285-1: Security update of suse/nginx Message-ID: <20240915071710.6385EFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4285-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-42.1 , suse/nginx:latest Container Release : 42.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:suse-sle15-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Sun Sep 15 07:17:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:17:19 +0200 (CEST) Subject: SUSE-CU-2024:4286-1: Security update of bci/nodejs Message-ID: <20240915071719.C2C19FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4286-1 Container Tags : bci/node:20 , bci/node:20-38.1 , bci/node:20.15.1 , bci/node:20.15.1-38.1 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-38.1 , bci/nodejs:20.15.1 , bci/nodejs:20.15.1-38.1 , bci/nodejs:latest Container Release : 38.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Sun Sep 15 07:17:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:17:45 +0200 (CEST) Subject: SUSE-CU-2024:4288-1: Security update of bci/php-apache Message-ID: <20240915071745.ED317FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4288-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-38.1 , bci/php-apache:8.2.20 , bci/php-apache:8.2.20-38.1 , bci/php-apache:latest Container Release : 38.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Sun Sep 15 07:18:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:18:04 +0200 (CEST) Subject: SUSE-CU-2024:4290-1: Security update of bci/python Message-ID: <20240915071804.5FD71FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4290-1 Container Tags : bci/python:3 , bci/python:3-50.1 , bci/python:3.11 , bci/python:3.11-50.1 , bci/python:3.11.9 , bci/python:3.11.9-50.1 Container Release : 50.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Sun Sep 15 07:18:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:18:18 +0200 (CEST) Subject: SUSE-CU-2024:4291-1: Security update of bci/python Message-ID: <20240915071818.986F8FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4291-1 Container Tags : bci/python:3 , bci/python:3-50.1 , bci/python:3.12 , bci/python:3.12-50.1 , bci/python:3.12.4 , bci/python:3.12.4-50.1 , bci/python:latest Container Release : 50.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Sun Sep 15 07:18:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:18:29 +0200 (CEST) Subject: SUSE-CU-2024:4292-1: Security update of bci/python Message-ID: <20240915071829.16B56FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4292-1 Container Tags : bci/python:3 , bci/python:3-49.1 , bci/python:3.6 , bci/python:3.6-49.1 , bci/python:3.6.15 , bci/python:3.6.15-49.1 Container Release : 49.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Sun Sep 15 07:12:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:12:02 +0200 (CEST) Subject: SUSE-CU-2024:4269-1: Security update of bci/nodejs Message-ID: <20240915071202.B2EDEFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4269-1 Container Tags : bci/node:18 , bci/node:18-31.2 , bci/node:18.20.4 , bci/node:18.20.4-31.2 , bci/nodejs:18 , bci/nodejs:18-31.2 , bci/nodejs:18.20.4 , bci/nodejs:18.20.4-31.2 Container Release : 31.2 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:sles15-image-15.0.0-36.14.23 updated From sle-container-updates at lists.suse.com Mon Sep 16 07:04:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 16 Sep 2024 09:04:34 +0200 (CEST) Subject: SUSE-CU-2024:4292-1: Security update of bci/python Message-ID: <20240916070434.B8F97F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4292-1 Container Tags : bci/python:3 , bci/python:3-49.1 , bci/python:3.6 , bci/python:3.6-49.1 , bci/python:3.6.15 , bci/python:3.6.15-49.1 Container Release : 49.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Mon Sep 16 07:04:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 16 Sep 2024 09:04:42 +0200 (CEST) Subject: SUSE-CU-2024:4293-1: Security update of bci/ruby Message-ID: <20240916070442.C145EF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4293-1 Container Tags : bci/ruby:2 , bci/ruby:2-23.1 , bci/ruby:2.5 , bci/ruby:2.5-23.1 , bci/ruby:latest Container Release : 23.1 Severity : moderate Type : security References : 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - util-linux-2.39.3-150600.4.12.2 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Mon Sep 16 07:04:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 16 Sep 2024 09:04:50 +0200 (CEST) Subject: SUSE-CU-2024:4294-1: Security update of bci/spack Message-ID: <20240916070450.D3FE5F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4294-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-7.1 , bci/spack:0.21.2 , bci/spack:0.21.2-7.1 , bci/spack:latest Container Release : 7.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Mon Sep 16 07:05:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 16 Sep 2024 09:05:37 +0200 (CEST) Subject: SUSE-CU-2024:4295-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240916070537.B04A6F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4295-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.31 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.31 Severity : moderate Type : security References : 1229930 1229931 1229932 1230093 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-8096 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libcurl4-8.0.1-150400.5.50.1 updated - curl-8.0.1-150400.5.50.1 updated - libexpat1-2.4.4-150400.3.22.1 updated - container:sles15-ltss-image-15.0.0-5.18 updated From sle-container-updates at lists.suse.com Mon Sep 16 07:06:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 16 Sep 2024 09:06:04 +0200 (CEST) Subject: SUSE-CU-2024:4296-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240916070604.D04ABF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4296-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.32 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.32 Severity : moderate Type : security References : 1229930 1229931 1229932 1230093 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-8096 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libcurl4-8.0.1-150400.5.50.1 updated - curl-8.0.1-150400.5.50.1 updated - libexpat1-2.4.4-150400.3.22.1 updated - container:sles15-ltss-image-15.0.0-5.18 updated From sle-container-updates at lists.suse.com Mon Sep 16 07:06:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 16 Sep 2024 09:06:56 +0200 (CEST) Subject: SUSE-CU-2024:4298-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20240916070656.77B5DF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4298-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.22 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.22 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:sles15-ltss-image-15.0.0-5.18 updated From sle-container-updates at lists.suse.com Mon Sep 16 07:07:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 16 Sep 2024 09:07:23 +0200 (CEST) Subject: SUSE-CU-2024:4299-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20240916070723.7173DF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4299-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.22 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.22 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:sles15-ltss-image-15.0.0-5.18 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:01:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:01:31 +0200 (CEST) Subject: SUSE-IU-2024:1349-1: Security update of suse-sles-15-sp3-chost-byos-v20240912-x86_64-gen2 Message-ID: <20240917070131.8F4E7FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20240912-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1349-1 Image Tags : suse-sles-15-sp3-chost-byos-v20240912-x86_64-gen2:20240912 Image Release : Severity : critical Type : security References : 1065729 1081596 1179610 1186463 1194818 1200528 1214855 1216834 1217070 1218820 1219267 1219268 1219438 1220185 1220186 1220187 1220356 1221243 1221539 1221677 1221916 1222021 1222728 1222824 1222985 1223094 1223409 1223571 1223863 1224014 1224016 1224044 1224117 1224771 1224918 1225267 1225404 1225431 1226014 1226030 1226227 1226493 1226519 1226550 1226574 1226575 1226662 1226666 1226785 1227127 1227138 1227205 1227213 1227308 1227362 1227487 1227525 1227625 1227716 1227750 1227793 1227810 1227836 1227976 1228013 1228040 1228043 1228105 1228114 1228124 1228138 1228206 1228208 1228265 1228324 1228328 1228420 1228535 1228535 1228553 1228561 1228574 1228575 1228644 1228743 1228787 1229339 1230092 1230093 222971 CVE-2020-26558 CVE-2021-0129 CVE-2021-47126 CVE-2021-47219 CVE-2021-47291 CVE-2021-47506 CVE-2021-47520 CVE-2021-47580 CVE-2021-47598 CVE-2021-47600 CVE-2022-1996 CVE-2022-48792 CVE-2022-48821 CVE-2022-48822 CVE-2023-45142 CVE-2023-47108 CVE-2023-52686 CVE-2023-52885 CVE-2024-1753 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26800 CVE-2024-28180 CVE-2024-31145 CVE-2024-31146 CVE-2024-34397 CVE-2024-36974 CVE-2024-3727 CVE-2024-38559 CVE-2024-39494 CVE-2024-40937 CVE-2024-40956 CVE-2024-41011 CVE-2024-41059 CVE-2024-41069 CVE-2024-41090 CVE-2024-41110 CVE-2024-42145 CVE-2024-45310 CVE-2024-5535 CVE-2024-6345 CVE-2024-7264 CVE-2024-7264 CVE-2024-8096 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20240912-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2870-1 Released: Mon Aug 12 06:52:05 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Report unsupported compression in solv_xfopen() with errno - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2899-1 Released: Wed Aug 14 02:37:38 2024 Summary: Security update for python-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2909-1 Released: Wed Aug 14 14:47:44 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:12 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2919-1 Released: Thu Aug 15 07:00:00 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2930-1 Released: Thu Aug 15 11:35:03 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2948-1 Released: Fri Aug 16 15:47:51 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1179610,1186463,1216834,1218820,1220185,1220186,1220187,1221539,1222728,1222824,1223863,1224918,1225404,1225431,1226519,1226550,1226574,1226575,1226662,1226666,1226785,1227213,1227362,1227487,1227716,1227750,1227810,1227836,1227976,1228013,1228040,1228114,1228328,1228561,1228644,1228743,CVE-2020-26558,CVE-2021-0129,CVE-2021-47126,CVE-2021-47219,CVE-2021-47291,CVE-2021-47506,CVE-2021-47520,CVE-2021-47580,CVE-2021-47598,CVE-2021-47600,CVE-2022-48792,CVE-2022-48821,CVE-2022-48822,CVE-2023-52686,CVE-2023-52885,CVE-2024-26583,CVE-2024-26584,CVE-2024-26585,CVE-2024-26800,CVE-2024-36974,CVE-2024-38559,CVE-2024-39494,CVE-2024-40937,CVE-2024-40956,CVE-2024-41011,CVE-2024-41059,CVE-2024-41069,CVE-2024-41090,CVE-2024-42145 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (bsc#1179610). - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bsc#1186463). - CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539). - CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824). - CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918). - CVE-2021-47506: nfsd: fix use-after-free due to delegation race (bsc#1225404). - CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431). - CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1226575). - CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013). - CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976). - CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). - CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). The following non-security bugs were fixed: - Fix spurious WARNING caused by a qxl driver patch (bsc#1227213) - nfs: Clean up directory array handling (bsc#1226662). - nfs: Clean up nfs_readdir_page_filler() (bsc#1226662). - nfs: Clean up readdir struct nfs_cache_array (bsc#1226662). - nfs: Do not discard readdir results (bsc#1226662). - nfs: Do not overfill uncached readdir pages (bsc#1226662). - nfs: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - nfs: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662). - nfs: Fix up directory verifier races (bsc#1226662). - nfs: Further optimisations for 'ls -l' (bsc#1226662). - nfs: More readdir cleanups (bsc#1226662). - nfs: Reduce number of RPC calls when doing uncached readdir (bsc#1226662). - nfs: Reduce use of uncached readdir (bsc#1226662). - nfs: Support larger readdir buffers (bsc#1226662). - nfs: Use the 64-bit server readdir cookies when possible (bsc#1226662). - nfs: optimise readdir cache page invalidation (bsc#1226662). - nfsv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362) - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487). - x.509: Fix the parser of extended key usage for length (bsc#1218820, bsc#1226666). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2998-1 Released: Thu Aug 22 12:52:17 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3001-1 Released: Fri Aug 23 10:15:42 2024 Summary: Security update for xen Type: security Severity: important References: 1228574,1228575,CVE-2024-31145,CVE-2024-31146 This update for xen fixes the following issues: - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) - CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3120-1 Released: Tue Sep 3 17:12:56 2024 Summary: Security update for buildah, docker Type: security Severity: critical References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3185-1 Released: Tue Sep 10 08:15:38 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226227 This update for cups fixes the following issues: - Fixed cupsd failing to authenticate users when group membership is required (bsc#1226227) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3202-1 Released: Wed Sep 11 10:54:47 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,1230093,CVE-2024-7264,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) - CVE-2024-7264: ASN.1 date parser overread. (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3221-1 Released: Thu Sep 12 13:18:18 2024 Summary: Security update for containerd Type: security Severity: important References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - containerd-ctr-1.7.21-150000.117.1 updated - containerd-1.7.21-150000.117.1 updated - cups-config-2.2.7-150000.3.65.1 updated - curl-7.66.0-150200.4.78.1 updated - docker-25.0.6_ce-150000.207.1 updated - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated - grub2-i386-pc-2.04-150300.22.46.1 updated - grub2-x86_64-efi-2.04-150300.22.46.1 updated - grub2-2.04-150300.22.46.1 updated - kernel-default-5.3.18-150300.59.170.1 updated - libcups2-2.2.7-150000.3.65.1 updated - libcurl4-7.66.0-150200.4.78.1 updated - libglib-2_0-0-2.62.6-150200.3.21.1 updated - libopenssl1_1-1.1.1d-150200.11.94.1 updated - libsolv-tools-base-0.7.30-150200.37.2 updated - libsolv-tools-0.7.30-150200.37.2 updated - libyaml-0-2-0.1.7-150000.3.2.1 added - libzypp-17.35.8-150200.121.1 updated - openssl-1_1-1.1.1d-150200.11.94.1 updated - pam-1.3.0-150000.6.71.2 updated - python-azure-agent-config-server-2.9.1.1-150100.3.44.2 updated - python-azure-agent-2.9.1.1-150100.3.44.2 updated - python3-PyYAML-5.4.1-150300.3.3.1 updated - python3-setuptools-40.5.0-150100.6.9.1 updated - runc-1.1.14-150000.70.1 updated - supportutils-3.2.8-150300.7.35.33.1 updated - suse-build-key-12.0-150000.8.52.3 updated - xen-libs-4.14.6_18-150300.3.78.1 updated - zypper-1.14.76-150200.88.10 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Tue Sep 17 07:01:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:01:55 +0200 (CEST) Subject: SUSE-IU-2024:1351-1: Security update of sles-15-sp3-chost-byos-v20240912-x86-64 Message-ID: <20240917070155.505B7FCA2@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20240912-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1351-1 Image Tags : sles-15-sp3-chost-byos-v20240912-x86-64:20240912 Image Release : Severity : critical Type : security References : 1065729 1081596 1179610 1186463 1194818 1200528 1214855 1216834 1217070 1218820 1219267 1219268 1219438 1220185 1220186 1220187 1220356 1221243 1221539 1221677 1221916 1222021 1222728 1222824 1223094 1223409 1223863 1224044 1224117 1224771 1224918 1225267 1225404 1225431 1226014 1226030 1226227 1226493 1226519 1226550 1226574 1226575 1226662 1226666 1226785 1227127 1227138 1227205 1227213 1227362 1227487 1227525 1227625 1227716 1227750 1227793 1227810 1227836 1227976 1228013 1228040 1228043 1228105 1228114 1228124 1228138 1228206 1228208 1228265 1228324 1228328 1228420 1228535 1228535 1228553 1228561 1228574 1228575 1228644 1228743 1228787 1229339 1230092 1230093 222971 CVE-2020-26558 CVE-2021-0129 CVE-2021-47126 CVE-2021-47219 CVE-2021-47291 CVE-2021-47506 CVE-2021-47520 CVE-2021-47580 CVE-2021-47598 CVE-2021-47600 CVE-2022-1996 CVE-2022-48792 CVE-2022-48821 CVE-2022-48822 CVE-2023-45142 CVE-2023-47108 CVE-2023-52686 CVE-2023-52885 CVE-2024-1753 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26800 CVE-2024-28180 CVE-2024-31145 CVE-2024-31146 CVE-2024-34397 CVE-2024-36974 CVE-2024-3727 CVE-2024-38559 CVE-2024-39494 CVE-2024-40937 CVE-2024-40956 CVE-2024-41011 CVE-2024-41059 CVE-2024-41069 CVE-2024-41090 CVE-2024-41110 CVE-2024-42145 CVE-2024-45310 CVE-2024-5535 CVE-2024-6345 CVE-2024-7264 CVE-2024-7264 CVE-2024-8096 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20240912-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2870-1 Released: Mon Aug 12 06:52:05 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Report unsupported compression in solv_xfopen() with errno - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2899-1 Released: Wed Aug 14 02:37:38 2024 Summary: Security update for python-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2909-1 Released: Wed Aug 14 14:47:44 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2919-1 Released: Thu Aug 15 07:00:00 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2930-1 Released: Thu Aug 15 11:35:03 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2948-1 Released: Fri Aug 16 15:47:51 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1179610,1186463,1216834,1218820,1220185,1220186,1220187,1221539,1222728,1222824,1223863,1224918,1225404,1225431,1226519,1226550,1226574,1226575,1226662,1226666,1226785,1227213,1227362,1227487,1227716,1227750,1227810,1227836,1227976,1228013,1228040,1228114,1228328,1228561,1228644,1228743,CVE-2020-26558,CVE-2021-0129,CVE-2021-47126,CVE-2021-47219,CVE-2021-47291,CVE-2021-47506,CVE-2021-47520,CVE-2021-47580,CVE-2021-47598,CVE-2021-47600,CVE-2022-48792,CVE-2022-48821,CVE-2022-48822,CVE-2023-52686,CVE-2023-52885,CVE-2024-26583,CVE-2024-26584,CVE-2024-26585,CVE-2024-26800,CVE-2024-36974,CVE-2024-38559,CVE-2024-39494,CVE-2024-40937,CVE-2024-40956,CVE-2024-41011,CVE-2024-41059,CVE-2024-41069,CVE-2024-41090,CVE-2024-42145 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (bsc#1179610). - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bsc#1186463). - CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539). - CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824). - CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918). - CVE-2021-47506: nfsd: fix use-after-free due to delegation race (bsc#1225404). - CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431). - CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1226575). - CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013). - CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976). - CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). - CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). The following non-security bugs were fixed: - Fix spurious WARNING caused by a qxl driver patch (bsc#1227213) - nfs: Clean up directory array handling (bsc#1226662). - nfs: Clean up nfs_readdir_page_filler() (bsc#1226662). - nfs: Clean up readdir struct nfs_cache_array (bsc#1226662). - nfs: Do not discard readdir results (bsc#1226662). - nfs: Do not overfill uncached readdir pages (bsc#1226662). - nfs: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - nfs: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662). - nfs: Fix up directory verifier races (bsc#1226662). - nfs: Further optimisations for 'ls -l' (bsc#1226662). - nfs: More readdir cleanups (bsc#1226662). - nfs: Reduce number of RPC calls when doing uncached readdir (bsc#1226662). - nfs: Reduce use of uncached readdir (bsc#1226662). - nfs: Support larger readdir buffers (bsc#1226662). - nfs: Use the 64-bit server readdir cookies when possible (bsc#1226662). - nfs: optimise readdir cache page invalidation (bsc#1226662). - nfsv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362) - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487). - x.509: Fix the parser of extended key usage for length (bsc#1218820, bsc#1226666). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2998-1 Released: Thu Aug 22 12:52:17 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3001-1 Released: Fri Aug 23 10:15:42 2024 Summary: Security update for xen Type: security Severity: important References: 1228574,1228575,CVE-2024-31145,CVE-2024-31146 This update for xen fixes the following issues: - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) - CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3120-1 Released: Tue Sep 3 17:12:56 2024 Summary: Security update for buildah, docker Type: security Severity: critical References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3185-1 Released: Tue Sep 10 08:15:38 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226227 This update for cups fixes the following issues: - Fixed cupsd failing to authenticate users when group membership is required (bsc#1226227) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3202-1 Released: Wed Sep 11 10:54:47 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,1230093,CVE-2024-7264,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) - CVE-2024-7264: ASN.1 date parser overread. (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3221-1 Released: Thu Sep 12 13:18:18 2024 Summary: Security update for containerd Type: security Severity: important References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - containerd-ctr-1.7.21-150000.117.1 updated - containerd-1.7.21-150000.117.1 updated - cups-config-2.2.7-150000.3.65.1 updated - curl-7.66.0-150200.4.78.1 updated - docker-25.0.6_ce-150000.207.1 updated - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated - grub2-i386-pc-2.04-150300.22.46.1 updated - grub2-x86_64-efi-2.04-150300.22.46.1 updated - grub2-2.04-150300.22.46.1 updated - kernel-default-5.3.18-150300.59.170.1 updated - libcups2-2.2.7-150000.3.65.1 updated - libcurl4-7.66.0-150200.4.78.1 updated - libglib-2_0-0-2.62.6-150200.3.21.1 updated - libopenssl1_1-1.1.1d-150200.11.94.1 updated - libsolv-tools-base-0.7.30-150200.37.2 updated - libsolv-tools-0.7.30-150200.37.2 updated - libzypp-17.35.8-150200.121.1 updated - openssl-1_1-1.1.1d-150200.11.94.1 updated - pam-1.3.0-150000.6.71.2 updated - python3-setuptools-40.5.0-150100.6.9.1 updated - runc-1.1.14-150000.70.1 updated - supportutils-3.2.8-150300.7.35.33.1 updated - suse-build-key-12.0-150000.8.52.3 updated - xen-libs-4.14.6_18-150300.3.78.1 updated - zypper-1.14.76-150200.88.10 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Tue Sep 17 07:05:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:05:56 +0200 (CEST) Subject: SUSE-CU-2024:4303-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240917070556.8BF02F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4303-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.19 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.19 Container Release : 5.19 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3238-1 Released: Fri Sep 13 11:56:14 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libblkid1-2.37.2-150400.8.35.2 updated - libfdisk1-2.37.2-150400.8.35.2 updated - libmount1-2.37.2-150400.8.35.2 updated - libsmartcols1-2.37.2-150400.8.35.2 updated - libuuid1-2.37.2-150400.8.35.2 updated - util-linux-2.37.2-150400.8.35.2 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:09:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:09:27 +0200 (CEST) Subject: SUSE-CU-2024:4304-1: Security update of bci/bci-init Message-ID: <20240917070927.352D1F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4304-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.27.3 Container Release : 27.3 Severity : moderate Type : security References : 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.37.4-150500.9.17.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libblkid1-2.37.4-150500.9.17.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libmount1-2.37.4-150500.9.17.2 updated - util-linux-2.37.4-150500.9.17.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - container:sles15-image-15.0.0-36.14.23 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:10:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:10:38 +0200 (CEST) Subject: SUSE-CU-2024:4305-1: Recommended update of bci/openjdk-devel Message-ID: <20240917071038.CC7DCF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4305-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-27.3 Container Release : 27.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3245-1 Released: Mon Sep 16 07:55:19 2024 Summary: Recommended update for maven, maven-resolver, sbt, xmvn Type: recommended Severity: moderate References: This update for maven, maven-resolver, sbt, xmvn fixes the following issues: maven-resolver was upgraded to version 1.9.22: - Bugs fixed: * Resolver-Supplier unusable in OSGi runtimes * Invalid Cookie set under proxy conditions * In typical setups, DefaultArtifact copies the same maps over and over again * Memory consumption improvements - New Features: * Import o.e.aether packages with the exact same version in OSGi metadata - Improvements: * Removed excessive strictness of OSGi dependency metadata maven was upgraded to version 3.9.9: - Bugs fixed: * Fixed search for topDirectory when using -f / --file for Maven 3.9.x * Fixed Maven not finding extensions for -f when current dir is root * Fixed warning for com.sun:tools:jar that refers to a non-existing file * Fixed profile activation based on OS properties for 'mvn site' * Fixed Resolver wrongly assuming it is deploying a plugin by presence of META-INF/maven/plugins.xml in JAR * Fixed missing or mismatching Trusted Checksum for some artifacts is not properly reported * Fixed regression causing Property not resolved in profile pluginManagement sbt, xmvn: - Minor code improvements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3247-1 Released: Mon Sep 16 07:59:42 2024 Summary: Recommended update for hamcrest Type: recommended Severity: moderate References: This update for hamcrest fixes the following issues: - hamcrest was updated to version 3.0: * Breaking Changes: + From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar. * Improvements: + FileMatchersTest simplification + License cleanup The following package changes have been done: - hamcrest-3.0-150200.12.20.1 updated - maven-resolver-api-1.9.22-150200.3.26.1 updated - maven-resolver-util-1.9.22-150200.3.26.1 updated - maven-resolver-spi-1.9.22-150200.3.26.1 updated - maven-resolver-named-locks-1.9.22-150200.3.26.1 updated - maven-resolver-transport-file-1.9.22-150200.3.26.1 updated - maven-resolver-connector-basic-1.9.22-150200.3.26.1 updated - maven-resolver-transport-wagon-1.9.22-150200.3.26.1 updated - maven-resolver-impl-1.9.22-150200.3.26.1 updated - maven-resolver-transport-http-1.9.22-150200.3.26.1 updated - maven-lib-3.9.9-150200.4.30.1 updated - maven-3.9.9-150200.4.30.1 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:11:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:11:35 +0200 (CEST) Subject: SUSE-CU-2024:4306-1: Security update of bci/openjdk Message-ID: <20240917071135.B03D5F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4306-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-28.2 Container Release : 28.2 Severity : moderate Type : security References : 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.37.4-150500.9.17.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - container:sles15-image-15.0.0-36.14.23 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:12:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:12:41 +0200 (CEST) Subject: SUSE-CU-2024:4307-1: Security update of bci/openjdk-devel Message-ID: <20240917071241.CB3B7F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4307-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-29.3 Container Release : 29.3 Severity : moderate Type : security References : 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3245-1 Released: Mon Sep 16 07:55:19 2024 Summary: Recommended update for maven, maven-resolver, sbt, xmvn Type: recommended Severity: moderate References: This update for maven, maven-resolver, sbt, xmvn fixes the following issues: maven-resolver was upgraded to version 1.9.22: - Bugs fixed: * Resolver-Supplier unusable in OSGi runtimes * Invalid Cookie set under proxy conditions * In typical setups, DefaultArtifact copies the same maps over and over again * Memory consumption improvements - New Features: * Import o.e.aether packages with the exact same version in OSGi metadata - Improvements: * Removed excessive strictness of OSGi dependency metadata maven was upgraded to version 3.9.9: - Bugs fixed: * Fixed search for topDirectory when using -f / --file for Maven 3.9.x * Fixed Maven not finding extensions for -f when current dir is root * Fixed warning for com.sun:tools:jar that refers to a non-existing file * Fixed profile activation based on OS properties for 'mvn site' * Fixed Resolver wrongly assuming it is deploying a plugin by presence of META-INF/maven/plugins.xml in JAR * Fixed missing or mismatching Trusted Checksum for some artifacts is not properly reported * Fixed regression causing Property not resolved in profile pluginManagement sbt, xmvn: - Minor code improvements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3247-1 Released: Mon Sep 16 07:59:42 2024 Summary: Recommended update for hamcrest Type: recommended Severity: moderate References: This update for hamcrest fixes the following issues: - hamcrest was updated to version 3.0: * Breaking Changes: + From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar. * Improvements: + FileMatchersTest simplification + License cleanup The following package changes have been done: - libuuid1-2.37.4-150500.9.17.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libblkid1-2.37.4-150500.9.17.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libmount1-2.37.4-150500.9.17.2 updated - util-linux-2.37.4-150500.9.17.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - hamcrest-3.0-150200.12.20.1 updated - maven-resolver-api-1.9.22-150200.3.26.1 updated - maven-resolver-util-1.9.22-150200.3.26.1 updated - maven-resolver-spi-1.9.22-150200.3.26.1 updated - maven-resolver-named-locks-1.9.22-150200.3.26.1 updated - maven-resolver-transport-file-1.9.22-150200.3.26.1 updated - maven-resolver-connector-basic-1.9.22-150200.3.26.1 updated - maven-resolver-transport-wagon-1.9.22-150200.3.26.1 updated - maven-resolver-impl-1.9.22-150200.3.26.1 updated - maven-resolver-transport-http-1.9.22-150200.3.26.1 updated - maven-lib-3.9.9-150200.4.30.1 updated - maven-3.9.9-150200.4.30.1 updated - container:bci-openjdk-17-15.5.17-30.2 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:13:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:13:19 +0200 (CEST) Subject: SUSE-CU-2024:4308-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240917071319.B648DF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4308-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.23.2 Container Release : 23.2 Severity : moderate Type : security References : 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.37.4-150500.9.17.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libblkid1-2.37.4-150500.9.17.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libmount1-2.37.4-150500.9.17.2 updated - util-linux-2.37.4-150500.9.17.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - container:sles15-image-15.0.0-36.14.23 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:14:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:14:04 +0200 (CEST) Subject: SUSE-CU-2024:4309-1: Recommended update of suse/sle15 Message-ID: <20240917071404.CF6F7F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4309-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.23 , suse/sle15:15.5 , suse/sle15:15.5.36.14.23 Container Release : 36.14.23 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libblkid1-2.37.4-150500.9.17.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libmount1-2.37.4-150500.9.17.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libuuid1-2.37.4-150500.9.17.2 updated - util-linux-2.37.4-150500.9.17.2 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:14:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:14:50 +0200 (CEST) Subject: SUSE-CU-2024:4313-1: Security update of bci/bci-base-fips Message-ID: <20240917071450.AE4A3F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4313-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.10.1 , bci/bci-base-fips:latest Container Release : 10.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Tue Sep 17 07:15:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:15:00 +0200 (CEST) Subject: SUSE-CU-2024:4314-1: Security update of suse/registry Message-ID: <20240917071500.92F4FF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4314-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-24.12 , suse/registry:latest Container Release : 24.12 Severity : moderate Type : security References : 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libblkid1-2.39.3-150600.4.12.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libmount1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libuuid1-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated - container:bci-bci-micro-15.6-5e0f4fabbbe014adf3b87a3e7074d50e59724c734bef1db25e785ee1baae6d87-0 added - container:micro-image-15.6.0-24.3 removed From sle-container-updates at lists.suse.com Tue Sep 17 07:16:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:16:06 +0200 (CEST) Subject: SUSE-CU-2024:4321-1: Security update of bci/golang Message-ID: <20240917071606.6336FF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4321-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-42.3 , bci/golang:1.21.5.1 , bci/golang:1.21.5.1-42.3 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-42.3 Container Release : 42.3 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-base-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Tue Sep 17 07:17:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:17:18 +0200 (CEST) Subject: SUSE-CU-2024:4327-1: Security update of bci/openjdk Message-ID: <20240917071718.DC90FFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4327-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-22.1 , bci/openjdk:latest Container Release : 22.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Tue Sep 17 07:17:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:17:29 +0200 (CEST) Subject: SUSE-CU-2024:4329-1: Recommended update of suse/pcp Message-ID: <20240917071729.30A9FFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4329-1 Container Tags : suse/pcp:5 , suse/pcp:5-42.1 , suse/pcp:5.3 , suse/pcp:5.3-42.1 , suse/pcp:5.3.7 , suse/pcp:5.3.7-42.1 , suse/pcp:latest Container Release : 42.1 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - util-linux-systemd-2.39.3-150600.4.12.2 updated - container:bci-bci-init-15.6-c58e28126263cc589846a733f34a9b8a6ab03231bb7aa2fcc392d6bfb02fb26b-0 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:17:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:17:30 +0200 (CEST) Subject: SUSE-CU-2024:4330-1: Security update of suse/pcp Message-ID: <20240917071730.0C162FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4330-1 Container Tags : suse/pcp:5 , suse/pcp:5-42.3 , suse/pcp:5.3 , suse/pcp:5.3-42.3 , suse/pcp:5.3.7 , suse/pcp:5.3.7-42.3 , suse/pcp:latest Container Release : 42.3 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-init-15.6-741aa263962663fcbffe3a2676022bbf350bb2ff2522a5d2393796525adc1a19-0 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:17:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:17:40 +0200 (CEST) Subject: SUSE-CU-2024:4331-1: Recommended update of bci/php-apache Message-ID: <20240917071740.7E862FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4331-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-38.3 , bci/php-apache:8.2.20 , bci/php-apache:8.2.20-38.3 , bci/php-apache:latest Container Release : 38.3 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.39.3-150600.4.12.2 updated - container:bci-bci-base-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:19:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:19:19 +0200 (CEST) Subject: SUSE-CU-2024:4342-1: Recommended update of containers/apache-tomcat Message-ID: <20240917071919.4DBE4FCC1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4342-1 Container Tags : containers/apache-tomcat:10-jre21 , containers/apache-tomcat:10-jre21-45.2 , containers/apache-tomcat:10.1-jre21 , containers/apache-tomcat:10.1-jre21-45.2 , containers/apache-tomcat:10.1.25-jre21 , containers/apache-tomcat:10.1.25-jre21-45.2 Container Release : 45.2 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libmount1-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated - container:bci-bci-micro-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 updated - container:bci-bci-base-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:16:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:16:19 +0200 (CEST) Subject: SUSE-CU-2024:4322-1: Security update of bci/bci-init Message-ID: <20240917071619.62C16F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4322-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.23.1 , bci/bci-init:latest Container Release : 23.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Tue Sep 17 07:18:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:18:23 +0200 (CEST) Subject: SUSE-CU-2024:4336-1: Recommended update of bci/python Message-ID: <20240917071823.1353DFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4336-1 Container Tags : bci/python:3 , bci/python:3-50.3 , bci/python:3.12 , bci/python:3.12-50.3 , bci/python:3.12.4 , bci/python:3.12.4-50.3 , bci/python:latest Container Release : 50.3 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.39.3-150600.4.12.2 updated - container:bci-bci-base-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:17:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:17:03 +0200 (CEST) Subject: SUSE-CU-2024:4326-1: Security update of bci/openjdk-devel Message-ID: <20240917071703.0EC63FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4326-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-22.4 , bci/openjdk-devel:latest Container Release : 22.4 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3245-1 Released: Mon Sep 16 07:55:19 2024 Summary: Recommended update for maven, maven-resolver, sbt, xmvn Type: recommended Severity: moderate References: This update for maven, maven-resolver, sbt, xmvn fixes the following issues: maven-resolver was upgraded to version 1.9.22: - Bugs fixed: * Resolver-Supplier unusable in OSGi runtimes * Invalid Cookie set under proxy conditions * In typical setups, DefaultArtifact copies the same maps over and over again * Memory consumption improvements - New Features: * Import o.e.aether packages with the exact same version in OSGi metadata - Improvements: * Removed excessive strictness of OSGi dependency metadata maven was upgraded to version 3.9.9: - Bugs fixed: * Fixed search for topDirectory when using -f / --file for Maven 3.9.x * Fixed Maven not finding extensions for -f when current dir is root * Fixed warning for com.sun:tools:jar that refers to a non-existing file * Fixed profile activation based on OS properties for 'mvn site' * Fixed Resolver wrongly assuming it is deploying a plugin by presence of META-INF/maven/plugins.xml in JAR * Fixed missing or mismatching Trusted Checksum for some artifacts is not properly reported * Fixed regression causing Property not resolved in profile pluginManagement sbt, xmvn: - Minor code improvements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3247-1 Released: Mon Sep 16 07:59:42 2024 Summary: Recommended update for hamcrest Type: recommended Severity: moderate References: This update for hamcrest fixes the following issues: - hamcrest was updated to version 3.0: * Breaking Changes: + From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar. * Improvements: + FileMatchersTest simplification + License cleanup The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - hamcrest-3.0-150200.12.20.1 updated - maven-resolver-api-1.9.22-150200.3.26.1 updated - maven-resolver-util-1.9.22-150200.3.26.1 updated - maven-resolver-spi-1.9.22-150200.3.26.1 updated - maven-resolver-named-locks-1.9.22-150200.3.26.1 updated - maven-resolver-transport-file-1.9.22-150200.3.26.1 updated - maven-resolver-connector-basic-1.9.22-150200.3.26.1 updated - maven-resolver-transport-wagon-1.9.22-150200.3.26.1 updated - maven-resolver-impl-1.9.22-150200.3.26.1 updated - maven-resolver-transport-http-1.9.22-150200.3.26.1 updated - maven-lib-3.9.9-150200.4.30.1 updated - maven-3.9.9-150200.4.30.1 updated - container:bci-openjdk-21-889620321bd7c8af1b92424f6a8e97eadc708de082593f8c79d2166ff19b7df4-0 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:30:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:30:05 +0200 (CEST) Subject: SUSE-CU-2024:4342-1: Recommended update of containers/apache-tomcat Message-ID: <20240917073005.E4CB9F7A3@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4342-1 Container Tags : containers/apache-tomcat:10-jre21 , containers/apache-tomcat:10-jre21-45.2 , containers/apache-tomcat:10.1-jre21 , containers/apache-tomcat:10.1-jre21-45.2 , containers/apache-tomcat:10.1.25-jre21 , containers/apache-tomcat:10.1.25-jre21-45.2 Container Release : 45.2 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libmount1-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated - container:bci-bci-micro-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 updated - container:bci-bci-base-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:30:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:30:22 +0200 (CEST) Subject: SUSE-CU-2024:4343-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240917073022.4AF85F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4343-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.24.1 , bci/bci-sle15-kernel-module-devel:latest Container Release : 24.1 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - container:bci-bci-base-15.6-600039aa5112c417854a8ef287e5537c189c0887acc2b7bafbfeddc2729d148b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Tue Sep 17 07:30:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:30:34 +0200 (CEST) Subject: SUSE-CU-2024:4344-1: Recommended update of suse/sle15 Message-ID: <20240917073034.152D4F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4344-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.14 , suse/sle15:15.6 , suse/sle15:15.6.47.11.14 Container Release : 47.11.14 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libmount1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libuuid1-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:30:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:30:42 +0200 (CEST) Subject: SUSE-CU-2024:4345-1: Recommended update of bci/spack Message-ID: <20240917073042.A682CF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4345-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-8.1 , bci/spack:0.21.2 , bci/spack:0.21.2-8.1 , bci/spack:latest Container Release : 8.1 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libblkid1-2.39.3-150600.4.12.2 updated - libmount1-2.39.3-150600.4.12.2 updated - container:bci-bci-base-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:31:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:31:28 +0200 (CEST) Subject: SUSE-CU-2024:4346-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240917073128.B7433F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4346-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.32 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.32 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3238-1 Released: Fri Sep 13 11:56:14 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.37.2-150400.8.35.2 updated - libsmartcols1-2.37.2-150400.8.35.2 updated - libblkid1-2.37.2-150400.8.35.2 updated - libfdisk1-2.37.2-150400.8.35.2 updated - libmount1-2.37.2-150400.8.35.2 updated - util-linux-2.37.2-150400.8.35.2 updated - container:sles15-ltss-image-15.0.0-5.19 updated From sle-container-updates at lists.suse.com Tue Sep 17 07:32:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:32:00 +0200 (CEST) Subject: SUSE-CU-2024:4347-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240917073200.28973F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4347-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.33 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.33 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3238-1 Released: Fri Sep 13 11:56:14 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.37.2-150400.8.35.2 updated - libsmartcols1-2.37.2-150400.8.35.2 updated - libblkid1-2.37.2-150400.8.35.2 updated - libfdisk1-2.37.2-150400.8.35.2 updated - libmount1-2.37.2-150400.8.35.2 updated - util-linux-2.37.2-150400.8.35.2 updated - container:sles15-ltss-image-15.0.0-5.19 updated From sle-container-updates at lists.suse.com Tue Sep 17 11:34:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:34:36 +0200 (CEST) Subject: SUSE-CU-2024:4360-1: Recommended update of bci/bci-init Message-ID: <20240917113436.83098FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4360-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.23.3 , bci/bci-init:latest Container Release : 23.3 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libmount1-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated - container:bci-bci-base-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 updated From sle-container-updates at lists.suse.com Tue Sep 17 11:34:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:34:40 +0200 (CEST) Subject: SUSE-CU-2024:4361-1: Security update of bci/kiwi Message-ID: <20240917113440.9834AFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4361-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-3.3 , bci/kiwi:9.24 , bci/kiwi:9.24-3.3 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-3.3 , bci/kiwi:latest Container Release : 3.3 Severity : moderate Type : security References : 1221812 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3232-1 Released: Fri Sep 13 08:48:00 2024 Summary: Recommended update for qemu Type: recommended Severity: moderate References: 1221812 This update for qemu fixes the following issues: * Reschedule query-block during qcow2 invalidation (bsc#1221812) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libmount1-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - libblkid-devel-2.39.3-150600.4.12.2 updated - qemu-pr-helper-8.2.6-150600.3.12.1 updated - qemu-img-8.2.6-150600.3.12.1 updated - util-linux-systemd-2.39.3-150600.4.12.2 updated - qemu-tools-8.2.6-150600.3.12.1 updated - libmount-devel-2.39.3-150600.4.12.2 updated - container:bci-bci-base-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Tue Sep 17 11:35:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:35:09 +0200 (CEST) Subject: SUSE-CU-2024:4364-1: Recommended update of bci/openjdk-devel Message-ID: <20240917113509.7A217FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4364-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-22.6 , bci/openjdk-devel:latest Container Release : 22.6 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libmount1-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated - container:bci-openjdk-21-bb33217880219d15de7ac9e012865a4143d43bee816ecae277015bd414aa88ad-0 updated From sle-container-updates at lists.suse.com Tue Sep 17 11:35:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:35:23 +0200 (CEST) Subject: SUSE-CU-2024:4366-1: Recommended update of bci/python Message-ID: <20240917113523.BB24BFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4366-1 Container Tags : bci/python:3 , bci/python:3-50.3 , bci/python:3.11 , bci/python:3.11-50.3 , bci/python:3.11.9 , bci/python:3.11.9-50.3 Container Release : 50.3 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.39.3-150600.4.12.2 updated - container:bci-bci-base-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 updated From sle-container-updates at lists.suse.com Tue Sep 17 11:35:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:35:30 +0200 (CEST) Subject: SUSE-CU-2024:4367-1: Security update of suse/rmt-mariadb Message-ID: <20240917113530.AD261FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4367-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-47.3 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-47.3 , suse/rmt-mariadb:latest Container Release : 47.3 Severity : moderate Type : security References : 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libmount1-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - container:suse-sle15-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 added - container:sles15-image-15.6.0-47.11.13 removed From sle-container-updates at lists.suse.com Tue Sep 17 11:35:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:35:49 +0200 (CEST) Subject: SUSE-CU-2024:4369-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240917113549.C9E00FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4369-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.24.3 , bci/bci-sle15-kernel-module-devel:latest Container Release : 24.3 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libmount1-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated - container:bci-bci-base-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 updated From sle-container-updates at lists.suse.com Tue Sep 17 11:36:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:36:28 +0200 (CEST) Subject: SUSE-CU-2024:4370-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240917113628.CB3B6FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4370-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.33 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.33 Severity : moderate Type : recommended References : 1229855 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3263-1 Released: Tue Sep 17 07:38:48 2024 Summary: Recommended update for python3-dmidecode Type: recommended Severity: moderate References: 1229855 This update for python3-dmidecode fixes the following issues: - python3-dmidecode was updated to version 3.12.3 (bsc#1229855): * Added support for SMBIOS3.3.0 The following package changes have been done: - python3-dmidecode-3.12.3-150400.21.2 updated From sle-container-updates at lists.suse.com Tue Sep 17 11:36:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:36:32 +0200 (CEST) Subject: SUSE-CU-2024:4371-1: Security update of suse/manager/5.0/x86_64/proxy-httpd Message-ID: <20240917113632.AFC8AFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4371-1 Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.1 , suse/manager/5.0/x86_64/proxy-httpd:5.0.1.7.5.1 , suse/manager/5.0/x86_64/proxy-httpd:latest Container Release : 7.5.1 Severity : important Type : security References : 1082216 1082233 1188441 1211721 1213638 1218609 1219559 1220117 1220664 1221361 1221361 1221407 1221482 1221563 1221632 1221831 1221854 1222075 1222086 1222547 1222985 1223428 1223430 1223571 1223596 1223605 1223766 1224014 1224016 1224044 1224242 1224388 1225291 1225551 1225598 1225907 1226447 1226448 1226463 1227138 1227186 1227187 1227268 1227269 1227270 1227271 1227272 1227276 1227278 1227308 1227353 1228105 CVE-2018-6798 CVE-2018-6913 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-28085 CVE-2024-34397 CVE-2024-36387 CVE-2024-37370 CVE-2024-37371 CVE-2024-38473 CVE-2024-38474 CVE-2024-38475 CVE-2024-38476 CVE-2024-38477 CVE-2024-39573 CVE-2024-39884 CVE-2024-4032 CVE-2024-4603 CVE-2024-4741 CVE-2024-5535 CVE-2024-6345 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1934-1 Released: Thu Jun 6 11:19:24 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - update to SUSE LLC and use https (it's 2024) - use more specific lifecycle url - remove deprecated label duplication as those labels are inherited into all derived containers as well causing confusion - set supportlevel to released and L3 - use the base-container-images landing page - rename kiwi file to match package name - move artifacthub.io labels outside labelling helper to avoid duplication ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1943-1 Released: Fri Jun 7 17:04:06 2024 Summary: Security update for util-linux Type: security Severity: important References: 1218609,1220117,1221831,1223605,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1997-1 Released: Tue Jun 11 17:24:32 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: - EA Inode handling fixes: - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:11 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2066-1 Released: Tue Jun 18 13:16:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741 This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Other issues fixed: - Enable livepatching support (bsc#1223428) - Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2214-1 Released: Tue Jun 25 17:11:26 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1225598 This update for util-linux fixes the following issue: - Fix hang of lscpu -e (bsc#1225598) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2405-1 Released: Thu Jul 11 10:21:19 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227270,1227271,CVE-2024-38477,CVE-2024-39573 This update for apache2 fixes the following issues: - CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270) - CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2597-1 Released: Tue Jul 23 09:03:59 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227268,1227269,1227272,CVE-2024-36387,CVE-2024-38475,CVE-2024-38476 This update for apache2 fixes the following issues: - CVE-2024-36387: Fixed DoS by null pointer in websocket over HTTP/2 (bsc#1227272) - CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268) - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3172-1 Released: Mon Sep 9 12:55:40 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227276,1227278,1227353,CVE-2024-38473,CVE-2024-38474,CVE-2024-39884 This update for apache2 fixes the following issues: - CVE-2024-38474: Fixed substitution encoding issue in mod_rewrite (bsc#1227278) - CVE-2024-38473: Fixed encoding problem in mod_proxy (bsc#1227276) - CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353) The following package changes have been done: - glibc-2.38-150600.14.5.1 updated - libuuid1-2.39.3-150600.4.6.2 updated - libsmartcols1-2.39.3-150600.4.6.2 updated - libcom_err2-1.47.0-150600.4.3.2 updated - libblkid1-2.39.3-150600.4.6.2 updated - libfdisk1-2.39.3-150600.4.6.2 updated - libxml2-2-2.10.3-150500.5.17.1 updated - perl-base-5.26.1-150300.17.17.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libglib-2_0-0-2.78.6-150600.4.3.1 updated - libmount1-2.39.3-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.7.1 updated - libudev1-254.13-150600.4.5.1 updated - libsystemd0-254.13-150600.4.5.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.7.1 updated - krb5-1.20.1-150600.11.3.1 updated - coreutils-8.32-150400.9.6.1 updated - libsolv-tools-base-0.7.29-150400.3.22.4 added - libzypp-17.34.1-150600.3.4.6 updated - zypper-1.14.71-150600.10.2.7 updated - util-linux-2.39.3-150600.4.6.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - libgmodule-2_0-0-2.78.6-150600.4.3.1 updated - libgobject-2_0-0-2.78.6-150600.4.3.1 updated - libyaml-0-2-0.1.7-150000.3.2.1 updated - libopenssl1_1-1.1.1w-150600.5.6.1 updated - apache2-prefork-2.4.58-150600.5.23.1 updated - python3-base-3.6.15-150300.10.65.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - systemd-254.15-150600.4.8.1 updated - gio-branding-SLE-15-150600.35.2.1 updated - libgio-2_0-0-2.78.6-150600.4.3.1 updated - glib2-tools-2.78.6-150600.4.3.1 updated - python3-3.6.15-150300.10.65.2 updated - python3-PyYAML-5.4.1-150300.3.3.1 updated - apache2-2.4.58-150600.5.23.1 updated - python3-setuptools-44.1.1-150400.9.9.1 updated - spacewalk-backend-5.0.8-150600.3.44.11 updated - python3-spacewalk-client-tools-5.0.6-150600.3.90.10 updated - spacewalk-client-tools-5.0.6-150600.3.90.10 updated - container:sles15-image-15.6.0-47.9.1 updated - libabsl2401_0_0-20240116.1-150600.17.7 removed - libprocps8-3.3.17-150000.7.37.1 removed - libprotobuf-lite25_1_0-25.1-150600.14.3 removed - procps-3.3.17-150000.7.37.1 removed From sle-container-updates at lists.suse.com Tue Sep 17 11:36:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:36:36 +0200 (CEST) Subject: SUSE-CU-2024:4372-1: Security update of suse/manager/5.0/x86_64/proxy-salt-broker Message-ID: <20240917113636.027FFFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4372-1 Container Tags : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.1 , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.1.7.5.1 , suse/manager/5.0/x86_64/proxy-salt-broker:latest Container Release : 7.5.1 Severity : critical Type : security References : 1082216 1082233 1188441 1211721 1213638 1218609 1219559 1220117 1220664 1221361 1221361 1221407 1221482 1221563 1221632 1221831 1221854 1222075 1222086 1222547 1222985 1223428 1223430 1223571 1223596 1223605 1223766 1224014 1224016 1224044 1224242 1224282 1224388 1225291 1225551 1225598 1225907 1226415 1226447 1226448 1226463 1227138 1227186 1227187 1227308 CVE-2018-6798 CVE-2018-6913 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-28085 CVE-2024-34397 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-4032 CVE-2024-4603 CVE-2024-4741 CVE-2024-5535 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1934-1 Released: Thu Jun 6 11:19:24 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - update to SUSE LLC and use https (it's 2024) - use more specific lifecycle url - remove deprecated label duplication as those labels are inherited into all derived containers as well causing confusion - set supportlevel to released and L3 - use the base-container-images landing page - rename kiwi file to match package name - move artifacthub.io labels outside labelling helper to avoid duplication ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1943-1 Released: Fri Jun 7 17:04:06 2024 Summary: Security update for util-linux Type: security Severity: important References: 1218609,1220117,1221831,1223605,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1997-1 Released: Tue Jun 11 17:24:32 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: - EA Inode handling fixes: - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:11 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2066-1 Released: Tue Jun 18 13:16:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741 This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Other issues fixed: - Enable livepatching support (bsc#1223428) - Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2214-1 Released: Tue Jun 25 17:11:26 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1225598 This update for util-linux fixes the following issue: - Fix hang of lscpu -e (bsc#1225598) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2239-1 Released: Wed Jun 26 13:09:10 2024 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1226415 This update for systemd contains the following fixes: - testsuite: move a misplaced %endif - Do not remove existing configuration files in /etc. If these files were modified on the systemd, that may cause unwanted side effects (bsc#1226415). - Import upstream commit (merge of v254.13) Use the pty slave fd opened from the namespace when transient service is running in a container. This revert the backport of the broken commit until a fix is released in the v254-stable tree. - Import upstream commit (merge of v254.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - glibc-2.38-150600.14.5.1 updated - libuuid1-2.39.3-150600.4.6.2 updated - libsmartcols1-2.39.3-150600.4.6.2 updated - libcom_err2-1.47.0-150600.4.3.2 updated - libblkid1-2.39.3-150600.4.6.2 updated - libfdisk1-2.39.3-150600.4.6.2 updated - libxml2-2-2.10.3-150500.5.17.1 updated - perl-base-5.26.1-150300.17.17.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libglib-2_0-0-2.78.6-150600.4.3.1 updated - libmount1-2.39.3-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.7.1 updated - libudev1-254.13-150600.4.5.1 updated - libsystemd0-254.13-150600.4.5.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.7.1 updated - krb5-1.20.1-150600.11.3.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - procps-3.3.17-150000.7.39.1 updated - coreutils-8.32-150400.9.6.1 updated - libsolv-tools-base-0.7.29-150400.3.22.4 added - libzypp-17.34.1-150600.3.4.6 updated - zypper-1.14.71-150600.10.2.7 updated - util-linux-2.39.3-150600.4.6.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - openssl-3-3.1.4-150600.5.7.1 updated - libyaml-0-2-0.1.7-150000.3.2.1 added - libopenssl1_1-1.1.1w-150600.5.6.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-3.6.15-150300.10.65.2 updated - python3-PyYAML-5.4.1-150300.3.3.1 updated - container:sles15-image-15.6.0-47.9.1 updated - gio-branding-SLE-15-150600.33.2 removed - glib2-tools-2.78.3-150600.2.2 removed - libabsl2401_0_0-20240116.1-150600.17.7 removed - libgio-2_0-0-2.78.3-150600.2.2 removed - libgmodule-2_0-0-2.78.3-150600.2.2 removed - libgobject-2_0-0-2.78.3-150600.2.2 removed - libprotobuf-lite25_1_0-25.1-150600.14.3 removed - shared-mime-info-2.4-150600.1.3 removed From sle-container-updates at lists.suse.com Tue Sep 17 11:36:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:36:38 +0200 (CEST) Subject: SUSE-CU-2024:4373-1: Security update of suse/manager/5.0/x86_64/proxy-squid Message-ID: <20240917113638.B2AB0FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4373-1 Container Tags : suse/manager/5.0/x86_64/proxy-squid:5.0.1 , suse/manager/5.0/x86_64/proxy-squid:5.0.1.7.5.1 , suse/manager/5.0/x86_64/proxy-squid:latest Container Release : 7.5.1 Severity : important Type : security References : 1082216 1082233 1188441 1213638 1221482 1221632 1223428 1223596 1224282 1224388 1225291 1225551 1227186 1227187 CVE-2018-6798 CVE-2018-6913 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-4603 CVE-2024-4741 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1934-1 Released: Thu Jun 6 11:19:24 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - update to SUSE LLC and use https (it's 2024) - use more specific lifecycle url - remove deprecated label duplication as those labels are inherited into all derived containers as well causing confusion - set supportlevel to released and L3 - use the base-container-images landing page - rename kiwi file to match package name - move artifacthub.io labels outside labelling helper to avoid duplication ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1997-1 Released: Tue Jun 11 17:24:32 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: - EA Inode handling fixes: - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2066-1 Released: Tue Jun 18 13:16:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741 This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Other issues fixed: - Enable livepatching support (bsc#1223428) - Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - glibc-2.38-150600.14.5.1 updated - libcom_err2-1.47.0-150600.4.3.2 updated - libxml2-2-2.10.3-150500.5.17.1 updated - perl-base-5.26.1-150300.17.17.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libopenssl3-3.1.4-150600.5.7.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.7.1 updated - krb5-1.20.1-150600.11.3.1 updated - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.6.0-47.9.1 updated From sle-container-updates at lists.suse.com Tue Sep 17 11:36:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:36:41 +0200 (CEST) Subject: SUSE-CU-2024:4374-1: Security update of suse/manager/5.0/x86_64/proxy-ssh Message-ID: <20240917113641.DE256FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4374-1 Container Tags : suse/manager/5.0/x86_64/proxy-ssh:5.0.1 , suse/manager/5.0/x86_64/proxy-ssh:5.0.1.7.5.1 , suse/manager/5.0/x86_64/proxy-ssh:latest Container Release : 7.5.1 Severity : critical Type : security References : 1188441 1219559 1220664 1221482 1221563 1221632 1221854 1222075 1222985 1223428 1223571 1223596 1224014 1224016 1224388 1225291 1225551 1225907 1226415 1226447 1226448 1226463 1227138 1227186 1227187 1227308 1227456 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-37370 CVE-2024-37371 CVE-2024-4032 CVE-2024-4603 CVE-2024-4741 CVE-2024-5535 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1934-1 Released: Thu Jun 6 11:19:24 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - update to SUSE LLC and use https (it's 2024) - use more specific lifecycle url - remove deprecated label duplication as those labels are inherited into all derived containers as well causing confusion - set supportlevel to released and L3 - use the base-container-images landing page - rename kiwi file to match package name - move artifacthub.io labels outside labelling helper to avoid duplication ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1997-1 Released: Tue Jun 11 17:24:32 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: - EA Inode handling fixes: - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2066-1 Released: Tue Jun 18 13:16:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741 This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Other issues fixed: - Enable livepatching support (bsc#1223428) - Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2239-1 Released: Wed Jun 26 13:09:10 2024 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1226415 This update for systemd contains the following fixes: - testsuite: move a misplaced %endif - Do not remove existing configuration files in /etc. If these files were modified on the systemd, that may cause unwanted side effects (bsc#1226415). - Import upstream commit (merge of v254.13) Use the pty slave fd opened from the namespace when transient service is running in a container. This revert the backport of the broken commit until a fix is released in the v254-stable tree. - Import upstream commit (merge of v254.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2587-1 Released: Mon Jul 22 13:44:54 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1227456 This update for openssh fixes the following issues: - Remove empty line at the end of sshd-sle.pamd (bsc#1227456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - glibc-2.38-150600.14.5.1 updated - libcom_err2-1.47.0-150600.4.3.2 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libopenssl3-3.1.4-150600.5.7.1 updated - libudev1-254.13-150600.4.5.1 updated - libsystemd0-254.13-150600.4.5.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.7.1 updated - krb5-1.20.1-150600.11.3.1 updated - coreutils-8.32-150400.9.6.1 updated - libyaml-0-2-0.1.7-150000.3.2.1 added - openssh-common-9.6p1-150600.6.9.1 updated - libopenssl1_1-1.1.1w-150600.5.6.1 updated - openssh-fips-9.6p1-150600.6.9.1 updated - openssh-server-9.6p1-150600.6.9.1 updated - openssh-clients-9.6p1-150600.6.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-3.6.15-150300.10.65.2 updated - openssh-9.6p1-150600.6.9.1 updated - python3-PyYAML-5.4.1-150300.3.3.1 updated - container:sles15-image-15.6.0-47.9.1 updated From sle-container-updates at lists.suse.com Tue Sep 17 11:36:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:36:44 +0200 (CEST) Subject: SUSE-CU-2024:4375-1: Security update of suse/manager/5.0/x86_64/proxy-tftpd Message-ID: <20240917113644.9594FFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4375-1 Container Tags : suse/manager/5.0/x86_64/proxy-tftpd:5.0.1 , suse/manager/5.0/x86_64/proxy-tftpd:5.0.1.7.5.1 , suse/manager/5.0/x86_64/proxy-tftpd:latest Container Release : 7.5.1 Severity : important Type : security References : 1188441 1219559 1220664 1221482 1221563 1221632 1221854 1222075 1222985 1223428 1223571 1223596 1224014 1224016 1224388 1225291 1225551 1225907 1226447 1226448 1226463 1226469 1227138 1227186 1227187 1227308 1228105 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-37370 CVE-2024-37371 CVE-2024-37891 CVE-2024-4032 CVE-2024-4603 CVE-2024-4741 CVE-2024-5535 CVE-2024-6345 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1934-1 Released: Thu Jun 6 11:19:24 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - update to SUSE LLC and use https (it's 2024) - use more specific lifecycle url - remove deprecated label duplication as those labels are inherited into all derived containers as well causing confusion - set supportlevel to released and L3 - use the base-container-images landing page - rename kiwi file to match package name - move artifacthub.io labels outside labelling helper to avoid duplication ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1997-1 Released: Tue Jun 11 17:24:32 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: - EA Inode handling fixes: - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2066-1 Released: Tue Jun 18 13:16:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741 This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Other issues fixed: - Enable livepatching support (bsc#1223428) - Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) The following package changes have been done: - glibc-2.38-150600.14.5.1 updated - libcom_err2-1.47.0-150600.4.3.2 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libopenssl3-3.1.4-150600.5.7.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.7.1 updated - krb5-1.20.1-150600.11.3.1 updated - coreutils-8.32-150400.9.6.1 updated - openssl-3-3.1.4-150600.5.7.1 updated - libyaml-0-2-0.1.7-150000.3.2.1 added - libopenssl1_1-1.1.1w-150600.5.6.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-3.6.15-150300.10.65.2 updated - python3-PyYAML-5.4.1-150300.3.3.1 updated - python3-setuptools-44.1.1-150400.9.9.1 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - container:sles15-image-15.6.0-47.9.1 updated From sle-container-updates at lists.suse.com Tue Sep 17 11:36:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:36:47 +0200 (CEST) Subject: SUSE-CU-2024:4376-1: Security update of suse/manager/5.0/x86_64/server-attestation Message-ID: <20240917113647.71746FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-attestation ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4376-1 Container Tags : suse/manager/5.0/x86_64/server-attestation:5.0.1 , suse/manager/5.0/x86_64/server-attestation:5.0.1.6.5.1 , suse/manager/5.0/x86_64/server-attestation:latest Container Release : 6.5.1 Severity : important Type : security References : 1096974 1096984 1126117 1126118 1126119 1154661 1169512 1176123 1189996 1214980 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1222899 1223336 1223724 1224113 1224113 1224115 1224116 1224118 1226463 1227138 1227298 1227918 1228042 1228046 1228047 1228048 1228050 1228051 1228052 1228322 1229465 CVE-2018-10360 CVE-2019-18218 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 CVE-2023-5388 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147 CVE-2024-5535 CVE-2024-6119 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-attestation was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:571-1 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Type: security Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1294-1 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Type: security Severity: moderate References: 1154661,1169512,CVE-2019-18218 This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1934-1 Released: Thu Jun 6 11:19:24 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - update to SUSE LLC and use https (it's 2024) - use more specific lifecycle url - remove deprecated label duplication as those labels are inherited into all derived containers as well causing confusion - set supportlevel to released and L3 - use the base-container-images landing page - rename kiwi file to match package name - move artifacthub.io labels outside labelling helper to avoid duplication ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2629-1 Released: Tue Jul 30 09:11:33 2024 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1227298,1228046,1228047,1228048,1228050,1228051,1228052,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21144,CVE-2024-21145,CVE-2024-21147 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.24+8 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). - CVE-2024-21144: Fixed an excessive loading time in Pack200 due to improper header validation (bsc#1228050). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - file-magic-5.32-7.14.1 added - libopenssl3-3.1.4-150600.5.15.1 updated - file-5.32-7.14.1 added - libmagic1-5.32-7.14.1 added - libpcsclite1-1.9.4-150400.3.2.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - glibc-2.38-150600.14.8.2 updated - openssl-3-3.1.4-150600.5.15.1 updated - libfreebl3-3.101.2-150400.3.51.1 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - java-11-openjdk-headless-11.0.24.0-150000.3.116.1 updated - uyuni-java-common-5.0.4-150600.1.3 updated - uyuni-coco-attestation-core-5.0.4-150600.1.3 updated - uyuni-coco-attestation-module-snpguest-5.0.4-150600.1.3 updated - uyuni-coco-attestation-module-secureboot-5.0.4-150600.1.3 updated - container:sles15-image-15.6.0-47.9.1 updated From sle-container-updates at lists.suse.com Tue Sep 17 11:36:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:36:50 +0200 (CEST) Subject: SUSE-CU-2024:4377-1: Security update of suse/manager/5.0/x86_64/server-hub-xmlrpc-api Message-ID: <20240917113651.00381FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-hub-xmlrpc-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4377-1 Container Tags : suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.1 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.1.6.5.1 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest Container Release : 6.5.1 Severity : important Type : security References : 1082216 1082233 1159034 1188441 1194818 1211721 1213638 1218609 1221361 1221361 1221407 1221482 1221632 1222285 1222547 1223428 1223596 1224388 1225291 1225551 1225976 1226125 1226664 1227186 1227187 CVE-2018-6798 CVE-2018-6913 CVE-2024-37370 CVE-2024-37371 CVE-2024-4603 CVE-2024-4741 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1934-1 Released: Thu Jun 6 11:19:24 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - update to SUSE LLC and use https (it's 2024) - use more specific lifecycle url - remove deprecated label duplication as those labels are inherited into all derived containers as well causing confusion - set supportlevel to released and L3 - use the base-container-images landing page - rename kiwi file to match package name - move artifacthub.io labels outside labelling helper to avoid duplication ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1997-1 Released: Tue Jun 11 17:24:32 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: - EA Inode handling fixes: - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2066-1 Released: Tue Jun 18 13:16:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741 This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Other issues fixed: - Enable livepatching support (bsc#1223428) - Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2677-1 Released: Wed Jul 31 06:58:52 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3135-1 Released: Wed Sep 4 08:36:23 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: This update for rsyslog fixes the following issues: - Version upgrade - patches replaced by upgrade (details in upgrade logs) * Revert 'Update omlibdbi.c' * imkmsg: add params 'readMode' and 'expectedBootCompleteSeconds' * testbench: fix 'typo' in test case * omazureeventhubs: Corrected handling of transport closed failures * imkmsg: add module param parseKernelTimestamp * imfile: remove state file on file delete fix * imklog bugfix: keepKernelTimestamp=off config param did not work * Netstreamdriver: deallocate certificate related resources * TLS subsystem: add remote hostname to error reporting * Fix forking issue do to close_range call * replace debian sample systemd service file by readme * testbench: bump zookeeper version to match current offering * Update rsyslog.service sample unit to the latest version used in Debian Trixie * Only keep a single rsyslog.service for Debian * Remove no longer used --with-systemdsystemunitdir configure switch * use logind instead of utmp for wall messages with systemd * Typo fixes * Drop CAP_IPC_LOCK capability * Add CAP_NET_RAW capability due to the omudpspoof module * Add new global config option 'libcapng.enable' * tcp net subsystem: handle data race gracefully * Avoid crash on restart in imrelp SIGTTIN handler - patches replaced by upgrade * fix startup issue on modern systemd systems * Fix misspeling in message. * tcpflood bugfix: plain tcp send error not properly reported * omprog bugfix: Add CAP_DAC_OVERRIDE to the bounding set * testbench: cleanup and improve some more imfile tests * lookup tables: fix static analyzer issue * lookup tables bugfix: reload on HUP did not work when backgrounded * CI: fix and cleaup github workflow * imjournal: Support input module * testbench: make test more reliable * tcpflood: add -A option to NOT abort when sending fails * tcpflood: fix today's programming error * openssl: Replaced depreceated method SSLv23_method with TLS_method * testbench improvement: define state file directories for imfile tests * testbench: cleanup a test and some nitfixes to it * tcpflood bugfix: TCP sending was not implemented properly * testbench: make waiting for HUP processing more reliable * build system: make rsyslogd execute when --disable-inet is configured * CI: update zookeper download to newer version * ossl driver: Using newer INIT API for OpenSSL 1.1+ Versions * ossl: Fix CRL File Expire from 1 day to 100 years. * PR5175: Add TLS CRL Support for GnuTLS driver and OpenSSL 1.0.2+ * omazureeventhubs: Initial implementation of new output module * TLS CRL Support Issue 5081 * action.resumeintervalmax: the parameter was not respected * IMHIREDIS::FIXED:: Restore compatiblity with hiredis < v1.0.0 * Add the 'batchsize' parameter to imhiredis * Clear undefined behavior in libgcry.c (GH #5167) * Do not try to drop capabilities when we don't have any * testbench: use newer zookeeper version in tests * build system: more precise error message on too-old lib * Fix quoting for omprog, improg, mmexternal The following package changes have been done: - glibc-2.38-150600.14.5.1 updated - libuuid1-2.39.3-150600.4.6.2 updated - libsmartcols1-2.39.3-150600.4.6.2 updated - libcom_err2-1.47.0-150600.4.3.2 updated - libblkid1-2.39.3-150600.4.6.2 updated - libfdisk1-2.39.3-150600.4.6.2 updated - perl-base-5.26.1-150300.17.17.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libmount1-2.39.3-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.7.1 updated - libudev1-254.13-150600.4.5.1 updated - libsystemd0-254.13-150600.4.5.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.7.1 updated - krb5-1.20.1-150600.11.3.1 updated - coreutils-8.32-150400.9.6.1 updated - util-linux-2.39.3-150600.4.6.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - systemd-254.15-150600.4.8.1 updated - util-linux-systemd-2.39.3-150600.4.9.4 updated - wicked-0.6.76-150600.11.9.1 updated - wicked-service-0.6.76-150600.11.9.1 updated - rsyslog-8.2406.0-150600.12.3.2 updated - container:sles15-image-15.6.0-47.9.1 updated From sle-container-updates at lists.suse.com Tue Sep 17 11:36:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:36:58 +0200 (CEST) Subject: SUSE-CU-2024:4379-1: Security update of suse/manager/5.0/x86_64/server-migration-14-16 Message-ID: <20240917113658.A4370FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-migration-14-16 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4379-1 Container Tags : suse/manager/5.0/x86_64/server-migration-14-16:5.0.1 , suse/manager/5.0/x86_64/server-migration-14-16:5.0.1.7.5.1 , suse/manager/5.0/x86_64/server-migration-14-16:latest Container Release : 7.5.1 Severity : critical Type : security References : 1159034 1188441 1194818 1194818 1218609 1218609 1219559 1220117 1220523 1220664 1220690 1220693 1220696 1221365 1221563 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1221831 1221854 1222075 1222285 1222899 1223336 1223428 1223596 1223605 1224038 1224051 1224282 1224388 1225291 1225551 1225598 1225907 1226415 1226447 1226448 1226463 1226463 1227138 1227138 1227186 1227187 1228042 1228548 1228770 1228968 1229013 1229013 1229329 1229465 916845 CVE-2013-4235 CVE-2013-4235 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-28085 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-4032 CVE-2024-4317 CVE-2024-4603 CVE-2024-4741 CVE-2024-5535 CVE-2024-5535 CVE-2024-6119 CVE-2024-7348 CVE-2024-7348 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-migration-14-16 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1943-1 Released: Fri Jun 7 17:04:06 2024 Summary: Security update for util-linux Type: security Severity: important References: 1218609,1220117,1221831,1223605,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1997-1 Released: Tue Jun 11 17:24:32 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: - EA Inode handling fixes: - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2066-1 Released: Tue Jun 18 13:16:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741 This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Other issues fixed: - Enable livepatching support (bsc#1223428) - Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2214-1 Released: Tue Jun 25 17:11:26 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1225598 This update for util-linux fixes the following issue: - Fix hang of lscpu -e (bsc#1225598) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2239-1 Released: Wed Jun 26 13:09:10 2024 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1226415 This update for systemd contains the following fixes: - testsuite: move a misplaced %endif - Do not remove existing configuration files in /etc. If these files were modified on the systemd, that may cause unwanted side effects (bsc#1226415). - Import upstream commit (merge of v254.13) Use the pty slave fd opened from the namespace when transient service is running in a container. This revert the backport of the broken commit until a fix is released in the v254-stable tree. - Import upstream commit (merge of v254.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3159-1 Released: Fri Sep 6 12:15:52 2024 Summary: Security update for postgresql16 Type: security Severity: important References: 1224038,1224051,1229013,CVE-2024-4317,CVE-2024-7348 This update for postgresql16 fixes the following issues: - Upgrade to 16.4 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) - CVE-2024-4317: Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner. See the release notes for the steps that have to be taken to fix existing PostgreSQL instances. (bsc#1224038) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3160-1 Released: Fri Sep 6 12:16:19 2024 Summary: Security update for postgresql16 Type: security Severity: important References: 1229013,CVE-2024-7348 This update for postgresql16 fixes the following issues: - Upgrade to 14.13 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libuuid1-2.39.3-150600.4.9.4 updated - libcom_err2-1.47.0-150600.4.3.2 updated - libxml2-2-2.10.3-150500.5.17.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - krb5-1.20.1-150600.11.3.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240826-150600.10.9.1 updated - pam-1.3.0-150000.6.71.2 updated - shadow-4.8.1-150600.17.6.1 updated - libsystemd0-254.15-150600.4.8.1 updated - glibc-locale-base-2.38-150600.14.8.2 updated - libopenssl1_1-1.1.1w-150600.5.6.1 updated - libpq5-16.4-150600.16.5.1 updated - glibc-locale-2.38-150600.14.8.2 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-base-3.6.15-150300.10.65.1 updated - postgresql14-14.13-150600.16.6.1 updated - postgresql16-16.4-150600.16.5.1 updated - postgresql14-server-14.13-150600.16.6.1 updated - postgresql16-server-16.4-150600.16.5.1 updated - postgresql16-contrib-16.4-150600.16.5.1 updated - postgresql14-contrib-14.13-150600.16.6.1 updated - container:suse-manager-5.0-init-5.0.1-5.0.1-7.3.17 added - container:suse-manager-5.0-init-5.0.0-5.0.0-5.19 removed From sle-container-updates at lists.suse.com Wed Sep 18 12:12:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 18 Sep 2024 14:12:52 +0200 (CEST) Subject: SUSE-CU-2024:4388-1: Security update of bci/golang Message-ID: <20240918121252.AA3E3FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4388-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-2.36.3 , bci/golang:1.22.7 , bci/golang:1.22.7-2.36.3 , bci/golang:oldstable , bci/golang:oldstable-2.36.3 Container Release : 36.3 Severity : moderate Type : security References : 1218424 1229930 1229931 1229932 1230093 1230252 1230253 1230254 CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-8096 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3213-1 Released: Thu Sep 12 11:33:41 2024 Summary: Security update for go1.22 Type: security Severity: moderate References: 1218424,1230252,1230253,1230254,CVE-2024-34155,CVE-2024-34156,CVE-2024-34158 This update for go1.22 fixes the following issues: - Update go v1.22.7 - CVE-2024-34155: Fixed stack exhaustion in all Parse* functions. (bsc#1230252) - CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. (bsc#1230253) - CVE-2024-34158: Fixed stack exhaustion in Parse. (bsc#1230254) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libcurl4-8.6.0-150600.4.6.1 updated - curl-8.6.0-150600.4.6.1 updated - go1.22-doc-1.22.7-150000.1.27.1 updated - libexpat1-2.4.4-150400.3.22.1 updated - go1.22-1.22.7-150000.1.27.1 updated - go1.22-race-1.22.7-150000.1.27.1 updated - container:bci-bci-base-15.6-675ba453c3677561e76fd3b8689bf028b2f3053170dadf3c3d3c43f6401ed79b-0 added - container:sles15-image-15.6.0-47.11.12 removed From sle-container-updates at lists.suse.com Wed Sep 18 12:13:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 18 Sep 2024 14:13:00 +0200 (CEST) Subject: SUSE-CU-2024:4390-1: Security update of suse/manager/5.0/x86_64/proxy-salt-broker Message-ID: <20240918121300.B8435FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4390-1 Container Tags : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.1 , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.1.7.5.2 , suse/manager/5.0/x86_64/proxy-salt-broker:latest Container Release : 7.5.2 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated From sle-container-updates at lists.suse.com Wed Sep 18 12:13:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 18 Sep 2024 14:13:04 +0200 (CEST) Subject: SUSE-CU-2024:4392-1: Security update of suse/manager/5.0/x86_64/proxy-ssh Message-ID: <20240918121304.61FD5FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4392-1 Container Tags : suse/manager/5.0/x86_64/proxy-ssh:5.0.1 , suse/manager/5.0/x86_64/proxy-ssh:5.0.1.7.5.2 , suse/manager/5.0/x86_64/proxy-ssh:latest Container Release : 7.5.2 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated From sle-container-updates at lists.suse.com Wed Sep 18 12:13:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 18 Sep 2024 14:13:08 +0200 (CEST) Subject: SUSE-CU-2024:4394-1: Recommended update of suse/manager/5.0/x86_64/server-attestation Message-ID: <20240918121308.84228FD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-attestation ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4394-1 Container Tags : suse/manager/5.0/x86_64/server-attestation:5.0.1 , suse/manager/5.0/x86_64/server-attestation:5.0.1.6.5.2 , suse/manager/5.0/x86_64/server-attestation:latest Container Release : 6.5.2 Severity : moderate Type : recommended References : 1146701 1211899 1217248 1219450 1219645 1223312 1223988 1224004 1224209 1225619 1225960 1226313 1226439 1226461 1226491 1226728 1226917 1227133 1227406 1227526 1227599 1228036 1228101 1228198 1228286 1228545 1229339 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-attestation was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-Manager-5.0-2024-3265 Released: Tue Sep 17 09:41:47 2024 Summary: Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1146701,1211899,1217248,1219450,1219645,1223312,1223988,1224004,1224209,1225619,1225960,1226313,1226439,1226461,1226491,1226728,1226917,1227133,1227406,1227526,1227599,1228036,1228101,1228198,1228286,1228545,1229339 Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - uyuni-java-common-5.0.5-150600.3.3.24 updated - uyuni-coco-attestation-core-5.0.5-150600.3.3.23 updated - uyuni-coco-attestation-module-snpguest-5.0.5-150600.3.3.23 updated - uyuni-coco-attestation-module-secureboot-5.0.5-150600.3.3.23 updated From sle-container-updates at lists.suse.com Wed Sep 18 12:13:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 18 Sep 2024 14:13:10 +0200 (CEST) Subject: SUSE-CU-2024:4395-1: Security update of suse/manager/5.0/x86_64/server-hub-xmlrpc-api Message-ID: <20240918121311.007D5FD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-hub-xmlrpc-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4395-1 Container Tags : suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.1 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.1.6.5.2 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest Container Release : 6.5.2 Severity : moderate Type : security References : 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - util-linux-systemd-2.39.3-150600.4.12.2 updated From sle-container-updates at lists.suse.com Wed Sep 18 12:13:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 18 Sep 2024 14:13:14 +0200 (CEST) Subject: SUSE-CU-2024:4396-1: Security update of suse/manager/5.0/x86_64/server Message-ID: <20240918121314.5EFA7FD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4396-1 Container Tags : suse/manager/5.0/x86_64/server:5.0.1 , suse/manager/5.0/x86_64/server:5.0.1.7.5.2 , suse/manager/5.0/x86_64/server:latest Container Release : 7.5.2 Severity : moderate Type : security References : 1146701 1211899 1217248 1219450 1219645 1222684 1223312 1223988 1224004 1224209 1225619 1225960 1226313 1226439 1226461 1226491 1226497 1226728 1226917 1227133 1227406 1227526 1227599 1228036 1228101 1228198 1228286 1228545 1229339 1229476 1229855 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3235-1 Released: Fri Sep 13 08:50:24 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1226497 This update for grub2 fixes the following issues: - Fix failure in bli module (bsc#1226497) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3263-1 Released: Tue Sep 17 07:38:48 2024 Summary: Recommended update for python3-dmidecode Type: recommended Severity: moderate References: 1229855 This update for python3-dmidecode fixes the following issues: - python3-dmidecode was updated to version 3.12.3 (bsc#1229855): * Added support for SMBIOS3.3.0 ----------------------------------------------------------------- Advisory ID: SUSE-Manager-5.0-2024-3265 Released: Tue Sep 17 09:41:47 2024 Summary: Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1146701,1211899,1217248,1219450,1219645,1223312,1223988,1224004,1224209,1225619,1225960,1226313,1226439,1226461,1226491,1226728,1226917,1227133,1227406,1227526,1227599,1228036,1228101,1228198,1228286,1228545,1229339 Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3287-1 Released: Tue Sep 17 09:47:47 2024 Summary: Recommended update for salt Type: recommended Severity: moderate References: 1222684 This update for salt fixes the following issues: - Fix rich rule comparison in firewalld module (bsc#1222684) - test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL - Make auth.pam more robust with Salt Bundle and fix tests - Fix performance of user.list_groups with many remote groups - Fix 'status.diskusage' function and exclude some tests for Salt Bundle - Skip certain tests if necessary for some OSes and set flaky ones - Add a timer to delete old env post update for venv-minion - Several fixes for tests to avoid errors and failures in some OSes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3290-1 Released: Tue Sep 17 15:24:09 2024 Summary: Recommended update for python-netaddr Type: recommended Severity: moderate References: This update for python-netaddr fixes the following issue: New python packages: - python311-netaddr The following package changes have been done: - libuuid1-2.39.3-150600.4.12.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - libmount1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - grafana-formula-0.11.0-150600.3.3.25 updated - libfdisk1-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated - release-notes-susemanager-5.0.1-150600.11.11.1 updated - susemanager-schema-utility-5.0.11-150600.3.3.29 updated - util-linux-systemd-2.39.3-150600.4.12.2 updated - uyuni-config-modules-5.0.10-150600.3.3.21 updated - libmodulemd2-2.13.0-150400.3.3.3 updated - susemanager-docs_en-5.0-150600.11.3.23 updated - spacewalk-java-lib-5.0.12-150600.3.3.30 updated - susemanager-docs_en-pdf-5.0-150600.11.3.23 updated - susemanager-schema-5.0.11-150600.3.3.29 updated - susemanager-sync-data-5.0.6-150600.3.3.25 updated - grub2-2.12-150600.8.6.1 updated - grub2-i386-pc-2.12-150600.8.6.1 updated - typelib-1_0-Modulemd-2_0-2.13.0-150400.3.3.3 updated - susemanager-build-keys-15.5.1-150600.5.3.2 updated - grub2-x86_64-efi-2.12-150600.8.6.1 updated - inter-server-sync-0.3.5-150600.3.3.29 updated - spacecmd-5.0.9-150600.4.3.25 updated - python3-dmidecode-3.12.3-150400.21.2 updated - spacewalk-backend-sql-postgresql-5.0.9-150600.4.3.33 updated - python3-libmodulemd-2.13.0-150400.3.3.3 updated - spacewalk-base-minimal-5.0.12-150600.3.3.34 updated - susemanager-build-keys-web-15.5.1-150600.5.3.2 updated - spacewalk-config-5.0.4-150600.3.3.25 updated - spacewalk-base-minimal-config-5.0.12-150600.3.3.34 updated - byte-buddy-1.14.16-150600.3.3.16 updated - python3-rhnlib-5.0.4-150600.4.3.5 updated - spacewalk-backend-5.0.9-150600.4.3.33 updated - python3-spacewalk-client-tools-5.0.7-150600.4.3.31 updated - spacewalk-client-tools-5.0.7-150600.4.3.31 updated - spacewalk-base-5.0.12-150600.3.3.34 updated - python3-salt-3006.0-150500.4.41.2 updated - salt-3006.0-150500.4.41.2 updated - spacewalk-backend-sql-5.0.9-150600.4.3.33 updated - python3-spacewalk-certs-tools-5.0.7-150600.3.3.25 updated - spacewalk-certs-tools-5.0.7-150600.3.3.25 updated - spacewalk-admin-5.0.8-150600.3.3.24 updated - salt-master-3006.0-150500.4.41.2 updated - cobbler-3.3.3-150600.5.3.29 updated - spacewalk-backend-server-5.0.9-150600.4.3.33 updated - susemanager-sls-5.0.10-150600.3.3.21 updated - spacewalk-java-postgresql-5.0.12-150600.3.3.30 updated - spacewalk-java-config-5.0.12-150600.3.3.30 updated - salt-api-3006.0-150500.4.41.2 updated - spacewalk-backend-xmlrpc-5.0.9-150600.4.3.33 updated - spacewalk-backend-xml-export-libs-5.0.9-150600.4.3.33 updated - spacewalk-backend-package-push-server-5.0.9-150600.4.3.33 updated - spacewalk-backend-iss-5.0.9-150600.4.3.33 updated - spacewalk-backend-app-5.0.9-150600.4.3.33 updated - spacewalk-html-5.0.12-150600.3.3.34 updated - spacewalk-taskomatic-5.0.12-150600.3.3.30 updated - spacewalk-java-5.0.12-150600.3.3.30 updated - spacewalk-backend-iss-export-5.0.9-150600.4.3.33 updated - susemanager-tools-5.0.9-150600.3.3.23 updated - spacewalk-backend-tools-5.0.9-150600.4.3.33 updated - susemanager-5.0.9-150600.3.3.23 updated - byte-buddy-dep-1.11.12-150600.1.11 removed From sle-container-updates at lists.suse.com Wed Sep 18 12:13:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 18 Sep 2024 14:13:06 +0200 (CEST) Subject: SUSE-CU-2024:4393-1: Security update of suse/manager/5.0/x86_64/proxy-tftpd Message-ID: <20240918121306.AAC42FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4393-1 Container Tags : suse/manager/5.0/x86_64/proxy-tftpd:5.0.1 , suse/manager/5.0/x86_64/proxy-tftpd:5.0.1.7.5.2 , suse/manager/5.0/x86_64/proxy-tftpd:latest Container Release : 7.5.2 Severity : moderate Type : security References : 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated From sle-container-updates at lists.suse.com Wed Sep 18 12:12:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 18 Sep 2024 14:12:58 +0200 (CEST) Subject: SUSE-CU-2024:4389-1: Security update of suse/manager/5.0/x86_64/proxy-httpd Message-ID: <20240918121258.4DECAFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4389-1 Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.1 , suse/manager/5.0/x86_64/proxy-httpd:5.0.1.7.5.2 , suse/manager/5.0/x86_64/proxy-httpd:latest Container Release : 7.5.2 Severity : moderate Type : security References : 1146701 1211899 1217248 1219450 1219645 1223312 1223988 1224004 1224209 1225619 1225960 1226313 1226439 1226461 1226491 1226728 1226917 1227133 1227406 1227526 1227599 1228036 1228101 1228198 1228286 1228545 1229339 1229855 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3263-1 Released: Tue Sep 17 07:38:48 2024 Summary: Recommended update for python3-dmidecode Type: recommended Severity: moderate References: 1229855 This update for python3-dmidecode fixes the following issues: - python3-dmidecode was updated to version 3.12.3 (bsc#1229855): * Added support for SMBIOS3.3.0 ----------------------------------------------------------------- Advisory ID: SUSE-Manager-5.0-2024-3265 Released: Tue Sep 17 09:41:47 2024 Summary: Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1146701,1211899,1217248,1219450,1219645,1223312,1223988,1224004,1224209,1225619,1225960,1226313,1226439,1226461,1226491,1226728,1226917,1227133,1227406,1227526,1227599,1228036,1228101,1228198,1228286,1228545,1229339 Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3290-1 Released: Tue Sep 17 15:24:09 2024 Summary: Recommended update for python-netaddr Type: recommended Severity: moderate References: This update for python-netaddr fixes the following issue: New python packages: - python311-netaddr The following package changes have been done: - libexpat1-2.4.4-150400.3.22.1 updated - release-notes-susemanager-proxy-5.0.1-150600.11.7.1 updated - libmodulemd2-2.13.0-150400.3.3.3 updated - typelib-1_0-Modulemd-2_0-2.13.0-150400.3.3.3 updated - python3-libmodulemd-2.13.0-150400.3.3.3 updated - python3-dmidecode-3.12.3-150400.21.2 updated - python3-rhnlib-5.0.4-150600.4.3.5 updated - spacewalk-backend-5.0.9-150600.4.3.33 updated - python3-spacewalk-client-tools-5.0.7-150600.4.3.31 updated - spacewalk-client-tools-5.0.7-150600.4.3.31 updated From sle-container-updates at lists.suse.com Thu Sep 19 07:01:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 09:01:45 +0200 (CEST) Subject: SUSE-IU-2024:1374-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20240919070145.10587FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1374-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.173 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.173 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.132 updated From sle-container-updates at lists.suse.com Thu Sep 19 07:07:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 09:07:36 +0200 (CEST) Subject: SUSE-CU-2024:4400-1: Recommended update of suse/sle15 Message-ID: <20240919070736.78A50F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4400-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.42 Container Release : 9.8.42 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Thu Sep 19 07:07:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 09:07:59 +0200 (CEST) Subject: SUSE-CU-2024:4401-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240919070759.D86FEF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4401-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.28 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.28 Container Release : 6.28 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Thu Sep 19 07:08:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 09:08:06 +0200 (CEST) Subject: SUSE-CU-2024:4402-1: Recommended update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20240919070806.23EA4F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4402-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.4.5 Container Release : 4.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:sles15-ltss-image-15.0.0-5.20 updated From sle-container-updates at lists.suse.com Thu Sep 19 07:08:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 09:08:32 +0200 (CEST) Subject: SUSE-CU-2024:4403-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240919070832.1EE8AF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4403-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.20 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.20 Container Release : 5.20 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Thu Sep 19 07:11:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 09:11:02 +0200 (CEST) Subject: SUSE-CU-2024:4404-1: Recommended update of bci/bci-micro Message-ID: <20240919071102.DC6DCF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4404-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.31.2 Container Release : 31.2 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Thu Sep 19 07:11:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 09:11:21 +0200 (CEST) Subject: SUSE-CU-2024:4405-1: Recommended update of bci/bci-minimal Message-ID: <20240919071121.C05B2F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4405-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.31.2 Container Release : 31.2 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:micro-image-15.5.0-31.2 updated From sle-container-updates at lists.suse.com Thu Sep 19 07:11:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 09:11:29 +0200 (CEST) Subject: SUSE-CU-2024:4406-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240919071129.AD363F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4406-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.33 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.33 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Thu Sep 19 07:11:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 09:11:34 +0200 (CEST) Subject: SUSE-CU-2024:4407-1: Recommended update of bci/kiwi Message-ID: <20240919071134.A4048F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4407-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-3.4 , bci/kiwi:9.24 , bci/kiwi:9.24-3.4 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-3.4 , bci/kiwi:latest Container Release : 3.4 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - tack-6.1-150000.5.27.1 updated - ncurses-devel-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Thu Sep 19 07:11:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 09:11:39 +0200 (CEST) Subject: SUSE-CU-2024:4408-1: Recommended update of bci/bci-micro Message-ID: <20240919071139.EE71AF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4408-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.25.2 , bci/bci-micro:latest Container Release : 25.2 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Thu Sep 19 07:11:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 09:11:51 +0200 (CEST) Subject: SUSE-CU-2024:4409-1: Security update of bci/python Message-ID: <20240919071151.CB139F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4409-1 Container Tags : bci/python:3 , bci/python:3-50.4 , bci/python:3.12 , bci/python:3.12-50.4 , bci/python:3.12.6 , bci/python:3.12.6-50.4 , bci/python:latest Container Release : 50.4 Severity : important Type : security References : 1227999 1228780 1229596 1229704 1230227 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 CVE-2024-8088 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3303-1 Released: Wed Sep 18 14:52:25 2024 Summary: Security update for python312 Type: security Severity: important References: 1227999,1228780,1229596,1229704,1230227,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592,CVE-2024-8088 This update for python312 fixes the following issues: - Update to 3.12.6 - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module. (bsc#1228780). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines. (bsc#1229596) - CVE-2024-6232: Fixed ReDos via excessive backtracking while parsing header values. (bsc#1230227) - CVE-2024-8088: Fixed denial of service in zipfile. (bsc#1229704) The following package changes have been done: - libpython3_12-1_0-3.12.6-150600.3.6.1 updated - python312-base-3.12.6-150600.3.6.1 updated - python312-3.12.6-150600.3.6.1 updated - python312-devel-3.12.6-150600.3.6.1 updated From sle-container-updates at lists.suse.com Thu Sep 19 07:12:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 09:12:05 +0200 (CEST) Subject: SUSE-CU-2024:4410-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240919071205.EB16DF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4410-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.24.5 , bci/bci-sle15-kernel-module-devel:latest Container Release : 24.5 Severity : moderate Type : recommended References : 1221714 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3317-1 Released: Wed Sep 18 16:38:50 2024 Summary: Recommended update for fipscheck Type: recommended Severity: moderate References: 1221714 This update for fipscheck fixes the following issue: - Backport upstream patches to fix C99 violations which are errors by default with GCC 14 (bsc#1221714). The following package changes have been done: - fipscheck-1.7.0-150600.3.3.2 updated - libfipscheck1-1.7.0-150600.3.3.2 updated From sle-container-updates at lists.suse.com Thu Sep 19 07:12:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 09:12:13 +0200 (CEST) Subject: SUSE-CU-2024:4411-1: Recommended update of bci/spack Message-ID: <20240919071213.C1349F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4411-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-8.2 , bci/spack:0.21.2 , bci/spack:0.21.2-8.2 , bci/spack:latest Container Release : 8.2 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - tack-6.1-150000.5.27.1 updated - ncurses-devel-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Thu Sep 19 14:42:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 16:42:57 +0200 (CEST) Subject: SUSE-CU-2024:4414-1: Recommended update of suse/registry Message-ID: <20240919144257.977A3F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4414-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-25.6 , suse/registry:latest Container Release : 25.6 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-micro-15.6-387d0715642b90627fb1145c510d8415a565154c23b8b644fff51a0c008ab6ec-0 updated From sle-container-updates at lists.suse.com Thu Sep 19 14:43:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 16:43:05 +0200 (CEST) Subject: SUSE-CU-2024:4415-1: Recommended update of suse/git Message-ID: <20240919144305.2E396F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4415-1 Container Tags : suse/git:2 , suse/git:2-24.6 , suse/git:2.43 , suse/git:2.43-24.6 , suse/git:2.43.0 , suse/git:2.43.0-24.6 , suse/git:latest Container Release : 24.6 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-micro-15.6-387d0715642b90627fb1145c510d8415a565154c23b8b644fff51a0c008ab6ec-0 updated From sle-container-updates at lists.suse.com Thu Sep 19 14:43:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 16:43:09 +0200 (CEST) Subject: SUSE-CU-2024:4416-1: Recommended update of suse/helm Message-ID: <20240919144309.868C9F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4416-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-23.6 , suse/helm:latest Container Release : 23.6 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-micro-15.6-387d0715642b90627fb1145c510d8415a565154c23b8b644fff51a0c008ab6ec-0 updated From sle-container-updates at lists.suse.com Thu Sep 19 14:43:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 16:43:16 +0200 (CEST) Subject: SUSE-CU-2024:4417-1: Recommended update of bci/bci-minimal Message-ID: <20240919144316.0E24DF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4417-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.25.6 , bci/bci-minimal:latest Container Release : 25.6 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-micro-15.6-387d0715642b90627fb1145c510d8415a565154c23b8b644fff51a0c008ab6ec-0 updated From sle-container-updates at lists.suse.com Thu Sep 19 14:43:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 16:43:55 +0200 (CEST) Subject: SUSE-CU-2024:4418-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240919144355.83285F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4418-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.35 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.35 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - container:sles15-ltss-image-15.0.0-5.20 updated From sle-container-updates at lists.suse.com Thu Sep 19 14:44:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 16:44:20 +0200 (CEST) Subject: SUSE-CU-2024:4419-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240919144420.F0D21F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4419-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.37 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.37 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - container:sles15-ltss-image-15.0.0-5.20 updated From sle-container-updates at lists.suse.com Thu Sep 19 14:44:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 16:44:43 +0200 (CEST) Subject: SUSE-CU-2024:4420-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20240919144443.DE70EF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4420-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.13 , suse/manager/4.3/proxy-squid:4.3.13.9.56.24 , suse/manager/4.3/proxy-squid:latest Container Release : 9.56.24 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:sles15-ltss-image-15.0.0-5.20 updated From sle-container-updates at lists.suse.com Thu Sep 19 14:45:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 16:45:09 +0200 (CEST) Subject: SUSE-CU-2024:4421-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20240919144509.462BEF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4421-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.25 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.25 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:sles15-ltss-image-15.0.0-5.20 updated From sle-container-updates at lists.suse.com Thu Sep 19 14:45:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 16:45:38 +0200 (CEST) Subject: SUSE-CU-2024:4422-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20240919144538.DFB36F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4422-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.25 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.25 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:sles15-ltss-image-15.0.0-5.20 updated From sle-container-updates at lists.suse.com Thu Sep 19 16:22:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 18:22:48 +0200 (CEST) Subject: SUSE-CU-2024:4424-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240919162248.5522AF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4424-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.28 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.28 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Thu Sep 19 16:23:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 18:23:50 +0200 (CEST) Subject: SUSE-CU-2024:4425-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240919162350.EEACBF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4425-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.29 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.29 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Thu Sep 19 16:24:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 18:24:43 +0200 (CEST) Subject: SUSE-CU-2024:4426-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240919162443.5F106F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4426-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.44 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.44 Severity : moderate Type : recommended References : 1229476 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). The following package changes have been done: - libblkid1-2.37.4-150500.9.17.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libmount1-2.37.4-150500.9.17.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libuuid1-2.37.4-150500.9.17.2 updated - util-linux-2.37.4-150500.9.17.2 updated - container:sles15-image-15.0.0-36.14.23 updated From sle-container-updates at lists.suse.com Thu Sep 19 16:28:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 18:28:30 +0200 (CEST) Subject: SUSE-CU-2024:4427-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20240919162830.0E5EEF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4427-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.26 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.26 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Thu Sep 19 16:29:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Sep 2024 18:29:29 +0200 (CEST) Subject: SUSE-CU-2024:4428-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240919162929.A1444F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4428-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.28 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.28 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Fri Sep 20 07:01:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 20 Sep 2024 09:01:41 +0200 (CEST) Subject: SUSE-IU-2024:1375-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20240920070141.2822FFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1375-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.174 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.174 Severity : important Type : security References : 1230413 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3337-1 Released: Thu Sep 19 16:30:40 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1230413 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following non-security bugs were fixed: - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413) - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413) - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413) The following package changes have been done: - kernel-rt-5.14.21-150500.13.70.2 updated From sle-container-updates at lists.suse.com Fri Sep 20 07:05:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 20 Sep 2024 09:05:48 +0200 (CEST) Subject: SUSE-CU-2024:4432-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240920070548.AB941F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4432-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.34 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.34 Severity : moderate Type : recommended References : 1228647 1230267 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3346-1 Released: Thu Sep 19 17:20:06 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) The following package changes have been done: - libsolv-tools-base-0.7.30-150600.8.2.1 updated - libzypp-17.35.11-150600.3.24.1 updated - zypper-1.14.77-150600.10.11.2 updated From sle-container-updates at lists.suse.com Sat Sep 21 07:06:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 21 Sep 2024 09:06:59 +0200 (CEST) Subject: SUSE-CU-2024:4437-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240921070659.86376F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4437-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.35 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.35 Severity : important Type : security References : 1219975 CVE-2023-52160 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3354-1 Released: Fri Sep 20 15:06:15 2024 Summary: Security update for wpa_supplicant Type: security Severity: important References: 1219975,CVE-2023-52160 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). The following package changes have been done: - wpa_supplicant-2.10-150600.7.3.1 updated From sle-container-updates at lists.suse.com Sat Sep 21 07:07:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 21 Sep 2024 09:07:57 +0200 (CEST) Subject: SUSE-CU-2024:4442-1: Recommended update of suse/postgres Message-ID: <20240921070757.9F33BF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4442-1 Container Tags : suse/postgres:16 , suse/postgres:16-44.5 , suse/postgres:16.4 , suse/postgres:16.4 , suse/postgres:16.4-44.5 , suse/postgres:16.4-44.5 , suse/postgres:latest Container Release : 44.5 Severity : moderate Type : recommended References : 1230423 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3359-1 Released: Fri Sep 20 17:31:14 2024 Summary: Recommended update for pgaudit, postgresql Type: recommended Severity: moderate References: 1230423 This update for pgaudit, postgresql fixes the following issues: - Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirmed on the PostgreSQL packagers list that ABI stability is being taken care of between minor releases. (bsc#1230423) pgaudit is rebuilt with updated postgresql requires. The following package changes have been done: - postgresql-16-150600.17.3.2 updated - postgresql-server-16-150600.17.3.2 updated From sle-container-updates at lists.suse.com Mon Sep 23 14:38:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 23 Sep 2024 16:38:57 +0200 (CEST) Subject: SUSE-CU-2024:4451-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240923143857.361A5FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4451-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.29 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.29 Severity : important Type : security References : 1225973 1225974 1227314 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3360-1 Released: Sun Sep 22 23:45:55 2024 Summary: Security update for container-suseconnect Type: security Severity: important References: 1225973,1225974,1227314,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 The following package changes have been done: - container-suseconnect-2.5.0-150000.4.55.1 updated From sle-container-updates at lists.suse.com Mon Sep 23 14:40:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 23 Sep 2024 16:40:00 +0200 (CEST) Subject: SUSE-CU-2024:4452-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240923144000.E9FDBFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4452-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.30 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.30 Severity : important Type : security References : 1225973 1225974 1227314 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3360-1 Released: Sun Sep 22 23:45:55 2024 Summary: Security update for container-suseconnect Type: security Severity: important References: 1225973,1225974,1227314,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 The following package changes have been done: - container-suseconnect-2.5.0-150000.4.55.1 updated From sle-container-updates at lists.suse.com Mon Sep 23 14:42:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 23 Sep 2024 16:42:25 +0200 (CEST) Subject: SUSE-CU-2024:4453-1: Security update of suse/sle15 Message-ID: <20240923144225.D246AFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4453-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.43 Container Release : 9.8.43 Severity : important Type : security References : 1225973 1225974 1227314 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3360-1 Released: Sun Sep 22 23:45:55 2024 Summary: Security update for container-suseconnect Type: security Severity: important References: 1225973,1225974,1227314,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 The following package changes have been done: - container-suseconnect-2.5.0-150000.4.55.1 updated From sle-container-updates at lists.suse.com Mon Sep 23 14:42:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 23 Sep 2024 16:42:51 +0200 (CEST) Subject: SUSE-CU-2024:4454-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240923144251.F0ADBFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4454-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.29 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.29 Container Release : 6.29 Severity : important Type : security References : 1225973 1225974 1227314 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3360-1 Released: Sun Sep 22 23:45:55 2024 Summary: Security update for container-suseconnect Type: security Severity: important References: 1225973,1225974,1227314,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 The following package changes have been done: - container-suseconnect-2.5.0-150000.4.55.1 updated From sle-container-updates at lists.suse.com Mon Sep 23 14:43:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 23 Sep 2024 16:43:27 +0200 (CEST) Subject: SUSE-CU-2024:4456-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240923144327.D7975FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4456-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.21 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.21 Container Release : 5.21 Severity : important Type : security References : 1225973 1225974 1227314 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3360-1 Released: Sun Sep 22 23:45:55 2024 Summary: Security update for container-suseconnect Type: security Severity: important References: 1225973,1225974,1227314,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 The following package changes have been done: - container-suseconnect-2.5.0-150000.4.55.1 updated From sle-container-updates at lists.suse.com Mon Sep 23 14:46:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 23 Sep 2024 16:46:28 +0200 (CEST) Subject: SUSE-CU-2024:4457-1: Security update of suse/sle15 Message-ID: <20240923144628.DB61AFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4457-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.25 , suse/sle15:15.5 , suse/sle15:15.5.36.14.25 Container Release : 36.14.25 Severity : important Type : security References : 1225973 1225974 1227314 1229028 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3360-1 Released: Sun Sep 22 23:45:55 2024 Summary: Security update for container-suseconnect Type: security Severity: important References: 1225973,1225974,1227314,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 The following package changes have been done: - container-suseconnect-2.5.0-150000.4.55.1 updated - libncurses6-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Mon Sep 23 14:46:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 23 Sep 2024 16:46:42 +0200 (CEST) Subject: SUSE-CU-2024:4458-1: Security update of suse/sle15 Message-ID: <20240923144642.3EC43FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4458-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.17 , suse/sle15:15.6 , suse/sle15:15.6.47.11.17 Container Release : 47.11.17 Severity : important Type : security References : 1225973 1225974 1227314 1228647 1229028 1230267 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3346-1 Released: Thu Sep 19 17:20:06 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3360-1 Released: Sun Sep 22 23:45:55 2024 Summary: Security update for container-suseconnect Type: security Severity: important References: 1225973,1225974,1227314,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 The following package changes have been done: - container-suseconnect-2.5.0-150000.4.55.1 updated - libncurses6-6.1-150000.5.27.1 updated - libsolv-tools-base-0.7.30-150600.8.2.1 updated - libzypp-17.35.11-150600.3.24.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - zypper-1.14.77-150600.10.11.2 updated From sle-container-updates at lists.suse.com Mon Sep 23 14:47:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 23 Sep 2024 16:47:54 +0200 (CEST) Subject: SUSE-CU-2024:4459-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240923144754.7E00EFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4459-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.27 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.27 Severity : important Type : security References : 1225973 1225974 1227314 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3360-1 Released: Sun Sep 22 23:45:55 2024 Summary: Security update for container-suseconnect Type: security Severity: important References: 1225973,1225974,1227314,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 The following package changes have been done: - container-suseconnect-2.5.0-150000.4.55.1 updated From sle-container-updates at lists.suse.com Mon Sep 23 14:48:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 23 Sep 2024 16:48:58 +0200 (CEST) Subject: SUSE-CU-2024:4460-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240923144858.411C2FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4460-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.29 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.29 Severity : important Type : security References : 1225973 1225974 1227314 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3360-1 Released: Sun Sep 22 23:45:55 2024 Summary: Security update for container-suseconnect Type: security Severity: important References: 1225973,1225974,1227314,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 The following package changes have been done: - container-suseconnect-2.5.0-150000.4.55.1 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:09:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:09:38 +0200 (CEST) Subject: SUSE-CU-2024:4464-1: Recommended update of bci/bci-init Message-ID: <20240924070938.B3432F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4464-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.28.3 Container Release : 28.3 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - container:bci-bci-base-15.5-4c65216ece2e86b2ead7e83e865756fce9ce3e0e68a3ef86b39cb4fe29c6f0da-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:10:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:10:28 +0200 (CEST) Subject: SUSE-CU-2024:4465-1: Recommended update of bci/nodejs Message-ID: <20240924071028.206A3F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4465-1 Container Tags : bci/node:18 , bci/node:18-31.5 , bci/node:18.20.4 , bci/node:18.20.4-31.5 , bci/nodejs:18 , bci/nodejs:18-31.5 , bci/nodejs:18.20.4 , bci/nodejs:18.20.4-31.5 Container Release : 31.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.5-4c65216ece2e86b2ead7e83e865756fce9ce3e0e68a3ef86b39cb4fe29c6f0da-0 added - container:sles15-image-15.0.0-36.14.23 removed From sle-container-updates at lists.suse.com Tue Sep 24 07:11:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:11:21 +0200 (CEST) Subject: SUSE-CU-2024:4466-1: Recommended update of bci/openjdk Message-ID: <20240924071121.C601FF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4466-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-29.3 Container Release : 29.3 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.5-4c65216ece2e86b2ead7e83e865756fce9ce3e0e68a3ef86b39cb4fe29c6f0da-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:12:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:12:14 +0200 (CEST) Subject: SUSE-CU-2024:4467-1: Recommended update of bci/openjdk Message-ID: <20240924071214.0973FF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4467-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-31.3 Container Release : 31.3 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.5-4c65216ece2e86b2ead7e83e865756fce9ce3e0e68a3ef86b39cb4fe29c6f0da-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:12:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:12:49 +0200 (CEST) Subject: SUSE-CU-2024:4468-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240924071249.2650FF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4468-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.23.5 Container Release : 23.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.5-4c65216ece2e86b2ead7e83e865756fce9ce3e0e68a3ef86b39cb4fe29c6f0da-0 added - container:sles15-image-15.0.0-36.14.23 removed From sle-container-updates at lists.suse.com Tue Sep 24 07:13:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:13:01 +0200 (CEST) Subject: SUSE-CU-2024:4469-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240924071301.26D28F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4469-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-44.3 , bci/dotnet-aspnet:6.0.33 , bci/dotnet-aspnet:6.0.33-44.3 Container Release : 44.3 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:13:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:13:10 +0200 (CEST) Subject: SUSE-CU-2024:4470-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240924071310.97506F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4470-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-32.3 , bci/dotnet-aspnet:8.0.8 , bci/dotnet-aspnet:8.0.8-32.3 , bci/dotnet-aspnet:latest Container Release : 32.3 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:13:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:13:16 +0200 (CEST) Subject: SUSE-CU-2024:4471-1: Recommended update of bci/bci-base-fips Message-ID: <20240924071316.274F4F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4471-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.11.3 , bci/bci-base-fips:latest Container Release : 11.3 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:13:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:13:26 +0200 (CEST) Subject: SUSE-CU-2024:4472-1: Recommended update of bci/dotnet-sdk Message-ID: <20240924071326.39B77F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4472-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-44.3 , bci/dotnet-sdk:6.0.33 , bci/dotnet-sdk:6.0.33-44.3 Container Release : 44.3 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:13:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:13:36 +0200 (CEST) Subject: SUSE-CU-2024:4473-1: Recommended update of bci/dotnet-sdk Message-ID: <20240924071336.4D16EF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4473-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-33.3 , bci/dotnet-sdk:8.0.8 , bci/dotnet-sdk:8.0.8-33.3 , bci/dotnet-sdk:latest Container Release : 33.3 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:13:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:13:46 +0200 (CEST) Subject: SUSE-CU-2024:4474-1: Recommended update of bci/dotnet-runtime Message-ID: <20240924071346.C1B51F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4474-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-44.3 , bci/dotnet-runtime:6.0.33 , bci/dotnet-runtime:6.0.33-44.3 Container Release : 44.3 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:13:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:13:58 +0200 (CEST) Subject: SUSE-CU-2024:4475-1: Recommended update of bci/dotnet-runtime Message-ID: <20240924071358.3CED1F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4475-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-32.3 , bci/dotnet-runtime:8.0.8 , bci/dotnet-runtime:8.0.8-32.3 , bci/dotnet-runtime:latest Container Release : 32.3 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:14:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:14:07 +0200 (CEST) Subject: SUSE-CU-2024:4476-1: Recommended update of bci/golang Message-ID: <20240924071407.2B33DF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4476-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-42.5 , bci/golang:1.20.12.1 , bci/golang:1.20.12.1-42.5 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-42.5 Container Release : 42.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:14:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:14:14 +0200 (CEST) Subject: SUSE-CU-2024:4477-1: Recommended update of bci/golang Message-ID: <20240924071414.3660EF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4477-1 Container Tags : bci/golang:1.23 , bci/golang:1.23-1.36.5 , bci/golang:1.23.1 , bci/golang:1.23.1-1.36.5 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.36.5 Container Release : 36.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:14:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:14:23 +0200 (CEST) Subject: SUSE-CU-2024:4478-1: Recommended update of bci/golang Message-ID: <20240924071423.2DBDFF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4478-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-42.5 , bci/golang:1.21.5.1 , bci/golang:1.21.5.1-42.5 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-42.5 Container Release : 42.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:14:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:14:45 +0200 (CEST) Subject: SUSE-CU-2024:4480-1: Recommended update of bci/bci-init Message-ID: <20240924071445.0DB3DF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4480-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.24.2 , bci/bci-init:latest Container Release : 24.2 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:14:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:14:51 +0200 (CEST) Subject: SUSE-CU-2024:4481-1: Recommended update of bci/kiwi Message-ID: <20240924071451.90C0CF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4481-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-4.2 , bci/kiwi:9.24 , bci/kiwi:9.24-4.2 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-4.2 , bci/kiwi:latest Container Release : 4.2 Severity : moderate Type : recommended References : 1228647 1230267 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3346-1 Released: Thu Sep 19 17:20:06 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) The following package changes have been done: - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - libsolv-tools-base-0.7.30-150600.8.2.1 updated - libzypp-17.35.11-150600.3.24.1 updated - zypper-1.14.77-150600.10.11.2 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:14:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:14:59 +0200 (CEST) Subject: SUSE-CU-2024:4482-1: Recommended update of bci/nodejs Message-ID: <20240924071459.EA0A8F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4482-1 Container Tags : bci/node:20 , bci/node:20-38.5 , bci/node:20.15.1 , bci/node:20.15.1-38.5 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-38.5 , bci/nodejs:20.15.1 , bci/nodejs:20.15.1-38.5 , bci/nodejs:latest Container Release : 38.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:15:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:15:12 +0200 (CEST) Subject: SUSE-CU-2024:4483-1: Recommended update of bci/openjdk Message-ID: <20240924071512.2477AF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4483-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-23.2 , bci/openjdk:latest Container Release : 23.2 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 07:15:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:15:21 +0200 (CEST) Subject: SUSE-CU-2024:4484-1: Recommended update of bci/php-apache Message-ID: <20240924071521.62F27F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4484-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-38.5 , bci/php-apache:8.2.20 , bci/php-apache:8.2.20-38.5 , bci/php-apache:latest Container Release : 38.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:48:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:48:22 +0200 (CEST) Subject: SUSE-CU-2024:4485-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240924084822.E4E0FFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4485-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.51 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.51 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:suse-sle15-15.5-4c65216ece2e86b2ead7e83e865756fce9ce3e0e68a3ef86b39cb4fe29c6f0da-0 added - container:sles15-image-15.0.0-36.14.23 removed From sle-container-updates at lists.suse.com Tue Sep 24 08:51:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:51:10 +0200 (CEST) Subject: SUSE-CU-2024:4486-1: Recommended update of suse/postgres Message-ID: <20240924085110.2E53EFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4486-1 Container Tags : suse/postgres:15 , suse/postgres:15-31.10 , suse/postgres:15.8 , suse/postgres:15.8 , suse/postgres:15.8-31.10 , suse/postgres:15.8-31.10 Container Release : 31.10 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:suse-sle15-15.5-4c65216ece2e86b2ead7e83e865756fce9ce3e0e68a3ef86b39cb4fe29c6f0da-0 added - container:sles15-image-15.0.0-36.14.23 removed From sle-container-updates at lists.suse.com Tue Sep 24 08:51:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:51:20 +0200 (CEST) Subject: SUSE-CU-2024:4487-1: Recommended update of suse/389-ds Message-ID: <20240924085120.55997FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4487-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-42.10 , suse/389-ds:latest Container Release : 42.10 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:suse-sle15-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:51:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:51:29 +0200 (CEST) Subject: SUSE-CU-2024:4488-1: Recommended update of suse/nginx Message-ID: <20240924085129.22246FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4488-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-42.10 , suse/nginx:latest Container Release : 42.10 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:suse-sle15-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:51:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:51:35 +0200 (CEST) Subject: SUSE-CU-2024:4484-1: Recommended update of bci/php-apache Message-ID: <20240924085135.9338CFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4484-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-38.5 , bci/php-apache:8.2.20 , bci/php-apache:8.2.20-38.5 , bci/php-apache:latest Container Release : 38.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:51:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:51:42 +0200 (CEST) Subject: SUSE-CU-2024:4489-1: Recommended update of bci/php-fpm Message-ID: <20240924085142.56769FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4489-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-38.5 , bci/php-fpm:8.2.20 , bci/php-fpm:8.2.20-38.5 , bci/php-fpm:latest Container Release : 38.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:51:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:51:48 +0200 (CEST) Subject: SUSE-CU-2024:4490-1: Recommended update of bci/php Message-ID: <20240924085148.EC380FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4490-1 Container Tags : bci/php:8 , bci/php:8-38.5 , bci/php:8.2.20 , bci/php:8.2.20-38.5 , bci/php:latest Container Release : 38.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:51:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:51:57 +0200 (CEST) Subject: SUSE-CU-2024:4491-1: Recommended update of suse/postgres Message-ID: <20240924085157.AF5C2FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4491-1 Container Tags : suse/postgres:16 , suse/postgres:16-44.11 , suse/postgres:16.4 , suse/postgres:16.4 , suse/postgres:16.4-44.11 , suse/postgres:16.4-44.11 , suse/postgres:latest Container Release : 44.11 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:suse-sle15-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:52:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:52:04 +0200 (CEST) Subject: SUSE-CU-2024:4492-1: Recommended update of bci/python Message-ID: <20240924085204.ED573FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4492-1 Container Tags : bci/python:3 , bci/python:3-50.5 , bci/python:3.11 , bci/python:3.11-50.5 , bci/python:3.11.9 , bci/python:3.11.9-50.5 Container Release : 50.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:52:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:52:16 +0200 (CEST) Subject: SUSE-CU-2024:4493-1: Recommended update of bci/python Message-ID: <20240924085216.0B9D7FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4493-1 Container Tags : bci/python:3 , bci/python:3-50.5 , bci/python:3.12 , bci/python:3.12-50.5 , bci/python:3.12.6 , bci/python:3.12.6-50.5 , bci/python:latest Container Release : 50.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:52:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:52:24 +0200 (CEST) Subject: SUSE-CU-2024:4494-1: Recommended update of bci/python Message-ID: <20240924085224.5F73FFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4494-1 Container Tags : bci/python:3 , bci/python:3-49.5 , bci/python:3.6 , bci/python:3.6-49.5 , bci/python:3.6.15 , bci/python:3.6.15-49.5 Container Release : 49.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:52:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:52:32 +0200 (CEST) Subject: SUSE-CU-2024:4495-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20240924085232.842CAFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4495-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-44.10 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-44.10 , suse/rmt-mariadb-client:latest Container Release : 44.10 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:suse-sle15-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:52:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:52:41 +0200 (CEST) Subject: SUSE-CU-2024:4496-1: Recommended update of suse/rmt-mariadb Message-ID: <20240924085241.0867AFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4496-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-47.10 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-47.10 , suse/rmt-mariadb:latest Container Release : 47.10 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:suse-sle15-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:52:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:52:48 +0200 (CEST) Subject: SUSE-CU-2024:4497-1: Recommended update of bci/ruby Message-ID: <20240924085248.D60B0FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4497-1 Container Tags : bci/ruby:2 , bci/ruby:2-23.5 , bci/ruby:2.5 , bci/ruby:2.5-23.5 , bci/ruby:latest Container Release : 23.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:52:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:52:55 +0200 (CEST) Subject: SUSE-CU-2024:4498-1: Recommended update of bci/rust Message-ID: <20240924085255.57717FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4498-1 Container Tags : bci/rust:1.79 , bci/rust:1.79-2.6.5 , bci/rust:1.79.0 , bci/rust:1.79.0-2.6.5 , bci/rust:oldstable , bci/rust:oldstable-2.6.5 Container Release : 6.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:53:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:53:01 +0200 (CEST) Subject: SUSE-CU-2024:4499-1: Recommended update of bci/rust Message-ID: <20240924085301.CCCECFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4499-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-1.6.5 , bci/rust:1.80.1 , bci/rust:1.80.1-1.6.5 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.6.5 Container Release : 6.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Thu Sep 12 07:01:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Sep 2024 09:01:43 +0200 (CEST) Subject: SUSE-IU-2024:1195-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20240912070143.C4DE0FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1195-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.160 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.160 Severity : important Type : security References : 1193629 1194111 1194765 1194869 1196261 1196516 1196894 1198017 1203329 1203330 1203360 1205462 1206006 1206258 1206843 1207158 1208783 1210644 1213580 1213632 1214285 1216834 1220428 1220877 1220962 1221269 1221326 1221630 1221645 1222335 1222350 1222372 1222387 1222634 1222808 1222967 1223074 1223191 1223508 1223720 1223742 1223777 1223803 1223807 1224105 1224415 1224496 1224510 1224542 1224578 1224639 1225162 1225352 1225428 1225524 1225578 1225582 1225773 1225814 1225827 1225832 1225903 1226168 1226530 1226613 1226742 1226765 1226798 1226801 1226874 1226885 1227079 1227623 1227761 1227830 1227863 1227867 1227929 1227937 1227958 1228020 1228065 1228114 1228410 1228426 1228427 1228429 1228446 1228447 1228449 1228450 1228452 1228456 1228463 1228466 1228467 1228469 1228480 1228481 1228482 1228483 1228484 1228485 1228487 1228489 1228491 1228493 1228494 1228495 1228496 1228501 1228503 1228509 1228513 1228515 1228516 1228526 1228531 1228563 1228564 1228567 1228576 1228579 1228584 1228588 1228590 1228615 1228616 1228635 1228636 1228654 1228656 1228658 1228660 1228662 1228667 1228673 1228677 1228687 1228706 1228708 1228710 1228718 1228720 1228721 1228722 1228724 1228726 1228727 1228733 1228748 1228766 1228779 1228801 1228850 1228857 1228959 1228964 1228966 1228967 1228979 1228988 1228989 1228991 1228992 1229042 1229054 1229086 1229136 1229154 1229187 1229188 1229190 1229287 1229290 1229292 1229296 1229297 1229301 1229303 1229304 1229305 1229307 1229309 1229312 1229314 1229315 1229317 1229318 1229319 1229327 1229341 1229345 1229346 1229347 1229349 1229350 1229351 1229354 1229356 1229357 1229358 1229359 1229360 1229366 1229370 1229373 1229374 1229381 1229382 1229383 1229386 1229388 1229391 1229392 1229395 1229398 1229399 1229400 1229407 1229409 1229410 1229411 1229413 1229414 1229417 1229418 1229444 1229453 1229454 1229481 1229482 1229488 1229489 1229490 1229493 1229495 1229497 1229500 1229503 1229506 1229507 1229508 1229509 1229510 1229512 1229516 1229521 1229522 1229523 1229524 1229525 1229526 1229527 1229528 1229529 1229531 1229533 1229535 1229536 1229537 1229540 1229544 1229545 1229546 1229547 1229548 1229554 1229557 1229558 1229559 1229560 1229562 1229564 1229565 1229566 1229568 1229569 1229572 1229573 1229576 1229581 1229588 1229598 1229603 1229604 1229605 1229608 1229611 1229612 1229613 1229614 1229615 1229616 1229617 1229620 1229622 1229623 1229624 1229625 1229626 1229628 1229629 1229630 1229631 1229632 1229635 1229636 1229637 1229638 1229639 1229641 1229642 1229643 1229645 1229657 1229658 1229662 1229664 1229707 1229739 1229743 1229746 1229754 1229755 1229756 1229759 1229761 1229767 1229768 1229781 1229784 1229787 1229788 1229789 1229792 1229820 1230093 CVE-2021-4441 CVE-2021-47106 CVE-2021-47517 CVE-2021-47546 CVE-2022-38457 CVE-2022-40133 CVE-2022-48645 CVE-2022-48706 CVE-2022-48808 CVE-2022-48865 CVE-2022-48868 CVE-2022-48869 CVE-2022-48870 CVE-2022-48871 CVE-2022-48872 CVE-2022-48873 CVE-2022-48875 CVE-2022-48878 CVE-2022-48880 CVE-2022-48881 CVE-2022-48882 CVE-2022-48883 CVE-2022-48884 CVE-2022-48885 CVE-2022-48886 CVE-2022-48887 CVE-2022-48888 CVE-2022-48889 CVE-2022-48890 CVE-2022-48891 CVE-2022-48893 CVE-2022-48896 CVE-2022-48898 CVE-2022-48899 CVE-2022-48903 CVE-2022-48904 CVE-2022-48905 CVE-2022-48906 CVE-2022-48907 CVE-2022-48909 CVE-2022-48910 CVE-2022-48912 CVE-2022-48913 CVE-2022-48914 CVE-2022-48915 CVE-2022-48916 CVE-2022-48917 CVE-2022-48918 CVE-2022-48919 CVE-2022-48920 CVE-2022-48921 CVE-2022-48923 CVE-2022-48924 CVE-2022-48925 CVE-2022-48926 CVE-2022-48927 CVE-2022-48928 CVE-2022-48929 CVE-2022-48930 CVE-2022-48931 CVE-2022-48932 CVE-2022-48934 CVE-2022-48937 CVE-2022-48938 CVE-2022-48939 CVE-2022-48940 CVE-2022-48941 CVE-2022-48942 CVE-2022-48943 CVE-2023-3610 CVE-2023-52458 CVE-2023-52489 CVE-2023-52498 CVE-2023-52581 CVE-2023-52859 CVE-2023-52887 CVE-2023-52889 CVE-2023-52893 CVE-2023-52894 CVE-2023-52896 CVE-2023-52898 CVE-2023-52899 CVE-2023-52900 CVE-2023-52901 CVE-2023-52904 CVE-2023-52905 CVE-2023-52906 CVE-2023-52907 CVE-2023-52908 CVE-2023-52909 CVE-2023-52910 CVE-2023-52911 CVE-2023-52912 CVE-2023-52913 CVE-2024-26631 CVE-2024-26668 CVE-2024-26669 CVE-2024-26677 CVE-2024-26735 CVE-2024-26808 CVE-2024-26812 CVE-2024-26835 CVE-2024-26851 CVE-2024-27010 CVE-2024-27011 CVE-2024-27016 CVE-2024-27024 CVE-2024-27079 CVE-2024-27403 CVE-2024-31076 CVE-2024-35897 CVE-2024-35902 CVE-2024-35945 CVE-2024-35971 CVE-2024-36009 CVE-2024-36013 CVE-2024-36270 CVE-2024-36286 CVE-2024-36489 CVE-2024-36929 CVE-2024-36933 CVE-2024-36936 CVE-2024-36962 CVE-2024-38554 CVE-2024-38602 CVE-2024-38662 CVE-2024-39489 CVE-2024-40905 CVE-2024-40978 CVE-2024-40980 CVE-2024-40995 CVE-2024-41000 CVE-2024-41007 CVE-2024-41009 CVE-2024-41011 CVE-2024-41016 CVE-2024-41020 CVE-2024-41022 CVE-2024-41035 CVE-2024-41036 CVE-2024-41038 CVE-2024-41039 CVE-2024-41042 CVE-2024-41045 CVE-2024-41056 CVE-2024-41060 CVE-2024-41062 CVE-2024-41065 CVE-2024-41068 CVE-2024-41073 CVE-2024-41079 CVE-2024-41080 CVE-2024-41087 CVE-2024-41088 CVE-2024-41089 CVE-2024-41092 CVE-2024-41093 CVE-2024-41095 CVE-2024-41097 CVE-2024-41098 CVE-2024-42069 CVE-2024-42074 CVE-2024-42076 CVE-2024-42077 CVE-2024-42080 CVE-2024-42082 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087 CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42095 CVE-2024-42097 CVE-2024-42098 CVE-2024-42101 CVE-2024-42104 CVE-2024-42106 CVE-2024-42107 CVE-2024-42110 CVE-2024-42114 CVE-2024-42115 CVE-2024-42119 CVE-2024-42120 CVE-2024-42121 CVE-2024-42126 CVE-2024-42127 CVE-2024-42130 CVE-2024-42137 CVE-2024-42139 CVE-2024-42142 CVE-2024-42143 CVE-2024-42148 CVE-2024-42152 CVE-2024-42155 CVE-2024-42156 CVE-2024-42157 CVE-2024-42158 CVE-2024-42162 CVE-2024-42223 CVE-2024-42225 CVE-2024-42228 CVE-2024-42229 CVE-2024-42230 CVE-2024-42232 CVE-2024-42236 CVE-2024-42237 CVE-2024-42238 CVE-2024-42239 CVE-2024-42240 CVE-2024-42244 CVE-2024-42246 CVE-2024-42247 CVE-2024-42268 CVE-2024-42271 CVE-2024-42274 CVE-2024-42276 CVE-2024-42277 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42291 CVE-2024-42292 CVE-2024-42295 CVE-2024-42301 CVE-2024-42302 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-42315 CVE-2024-42318 CVE-2024-42319 CVE-2024-42320 CVE-2024-42322 CVE-2024-43816 CVE-2024-43818 CVE-2024-43819 CVE-2024-43821 CVE-2024-43823 CVE-2024-43829 CVE-2024-43830 CVE-2024-43831 CVE-2024-43834 CVE-2024-43837 CVE-2024-43839 CVE-2024-43841 CVE-2024-43842 CVE-2024-43846 CVE-2024-43849 CVE-2024-43853 CVE-2024-43854 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43863 CVE-2024-43866 CVE-2024-43867 CVE-2024-43871 CVE-2024-43872 CVE-2024-43873 CVE-2024-43879 CVE-2024-43880 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43889 CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43895 CVE-2024-43899 CVE-2024-43900 CVE-2024-43902 CVE-2024-43903 CVE-2024-43904 CVE-2024-43905 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909 CVE-2024-44938 CVE-2024-44939 CVE-2024-44947 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3209-1 Released: Wed Sep 11 17:39:02 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1193629,1194111,1194765,1194869,1196261,1196516,1196894,1198017,1203329,1203330,1203360,1205462,1206006,1206258,1206843,1207158,1208783,1210644,1213580,1213632,1214285,1216834,1220428,1220877,1220962,1221269,1221326,1221630,1221645,1222335,1222350,1222372,1222387,1222634,1222808,1222967,1223074,1223191,1223508,1223720,1223742,1223777,1223803,1223807,1224105,1224415,1224496,1224510,1224542,1224578,1224639,1225162,1225352,1225428,1225524,1225578,1225582,1225773,1225814,1225827,1225832,1225903,1226168,1226530,1226613,1226742,1226765,1226798,1226801,1226874,1226885,1227079,1227623,1227761,1227830,1227863,1227867,1227929,1227937,1227958,1228020,1228065,1228114,1228410,1228426,1228427,1228429,1228446,1228447,1228449,1228450,1228452,1228456,1228463,1228466,1228467,1228469,1228480,1228481,1228482,1228483,1228484,1228485,1228487,1228489,1228491,1228493,1228494,1228495,1228496,1228501,1228503,1228509,1228513,1228515,1228516,1228526,1228531,1228563,1228564,1228567,1228576,1228579,1 228584,1228588,1228590,1228615,1228616,1228635,1228636,1228654,1228656,1228658,1228660,1228662,1228667,1228673,1228677,1228687,1228706,1228708,1228710,1228718,1228720,1228721,1228722,1228724,1228726,1228727,1228733,1228748,1228766,1228779,1228801,1228850,1228857,1228959,1228964,1228966,1228967,1228979,1228988,1228989,1228991,1228992,1229042,1229054,1229086,1229136,1229154,1229187,1229188,1229190,1229287,1229290,1229292,1229296,1229297,1229301,1229303,1229304,1229305,1229307,1229309,1229312,1229314,1229315,1229317,1229318,1229319,1229327,1229341,1229345,1229346,1229347,1229349,1229350,1229351,1229354,1229356,1229357,1229358,1229359,1229360,1229366,1229370,1229373,1229374,1229381,1229382,1229383,1229386,1229388,1229391,1229392,1229395,1229398,1229399,1229400,1229407,1229409,1229410,1229411,1229413,1229414,1229417,1229418,1229444,1229453,1229454,1229481,1229482,1229488,1229489,1229490,1229493,1229495,1229497,1229500,1229503,1229506,1229507,1229508,1229509,1229510,1229512,1229516,122952 1,1229522,1229523,1229524,1229525,1229526,1229527,1229528,1229529,1229531,1229533,1229535,1229536,1229537,1229540,1229544,1229545,1229546,1229547,1229548,1229554,1229557,1229558,1229559,1229560,1229562,1229564,1229565,1229566,1229568,1229569,1229572,1229573,1229576,1229581,1229588,1229598,1229603,1229604,1229605,1229608,1229611,1229612,1229613,1229614,1229615,1229616,1229617,1229620,1229622,1229623,1229624,1229625,1229626,1229628,1229629,1229630,1229631,1229632,1229635,1229636,1229637,1229638,1229639,1229641,1229642,1229643,1229645,1229657,1229658,1229662,1229664,1229707,1229739,1229743,1229746,1229754,1229755,1229756,1229759,1229761,1229767,1229768,1229781,1229784,1229787,1229788,1229789,1229792,1229820,CVE-2021-4441,CVE-2021-47106,CVE-2021-47517,CVE-2021-47546,CVE-2022-38457,CVE-2022-40133,CVE-2022-48645,CVE-2022-48706,CVE-2022-48808,CVE-2022-48865,CVE-2022-48868,CVE-2022-48869,CVE-2022-48870,CVE-2022-48871,CVE-2022-48872,CVE-2022-48873,CVE-2022-48875,CVE-2022-48878,CVE-2022-48880 ,CVE-2022-48881,CVE-2022-48882,CVE-2022-48883,CVE-2022-48884,CVE-2022-48885,CVE-2022-48886,CVE-2022-48887,CVE-2022-48888,CVE-2022-48889,CVE-2022-48890,CVE-2022-48891,CVE-2022-48893,CVE-2022-48896,CVE-2022-48898,CVE-2022-48899,CVE-2022-48903,CVE-2022-48904,CVE-2022-48905,CVE-2022-48906,CVE-2022-48907,CVE-2022-48909,CVE-2022-48910,CVE-2022-48912,CVE-2022-48913,CVE-2022-48914,CVE-2022-48915,CVE-2022-48916,CVE-2022-48917,CVE-2022-48918,CVE-2022-48919,CVE-2022-48920,CVE-2022-48921,CVE-2022-48923,CVE-2022-48924,CVE-2022-48925,CVE-2022-48926,CVE-2022-48927,CVE-2022-48928,CVE-2022-48929,CVE-2022-48930,CVE-2022-48931,CVE-2022-48932,CVE-2022-48934,CVE-2022-48937,CVE-2022-48938,CVE-2022-48939,CVE-2022-48940,CVE-2022-48941,CVE-2022-48942,CVE-2022-48943,CVE-2023-3610,CVE-2023-52458,CVE-2023-52489,CVE-2023-52498,CVE-2023-52581,CVE-2023-52859,CVE-2023-52887,CVE-2023-52889,CVE-2023-52893,CVE-2023-52894,CVE-2023-52896,CVE-2023-52898,CVE-2023-52899,CVE-2023-52900,CVE-2023-52901,CVE-2023-52904,CVE-202 3-52905,CVE-2023-52906,CVE-2023-52907,CVE-2023-52908,CVE-2023-52909,CVE-2023-52910,CVE-2023-52911,CVE-2023-52912,CVE-2023-52913,CVE-2024-26631,CVE-2024-26668,CVE-2024-26669,CVE-2024-26677,CVE-2024-26735,CVE-2024-26808,CVE-2024-26812,CVE-2024-26835,CVE-2024-26851,CVE-2024-27010,CVE-2024-27011,CVE-2024-27016,CVE-2024-27024,CVE-2024-27079,CVE-2024-27403,CVE-2024-31076,CVE-2024-35897,CVE-2024-35902,CVE-2024-35945,CVE-2024-35971,CVE-2024-36009,CVE-2024-36013,CVE-2024-36270,CVE-2024-36286,CVE-2024-36489,CVE-2024-36929,CVE-2024-36933,CVE-2024-36936,CVE-2024-36962,CVE-2024-38554,CVE-2024-38602,CVE-2024-38662,CVE-2024-39489,CVE-2024-40905,CVE-2024-40978,CVE-2024-40980,CVE-2024-40995,CVE-2024-41000,CVE-2024-41007,CVE-2024-41009,CVE-2024-41011,CVE-2024-41016,CVE-2024-41020,CVE-2024-41022,CVE-2024-41035,CVE-2024-41036,CVE-2024-41038,CVE-2024-41039,CVE-2024-41042,CVE-2024-41045,CVE-2024-41056,CVE-2024-41060,CVE-2024-41062,CVE-2024-41065,CVE-2024-41068,CVE-2024-41073,CVE-2024-41079,CVE-2024-41080 ,CVE-2024-41087,CVE-2024-41088,CVE-2024-41089,CVE-2024-41092,CVE-2024-41093,CVE-2024-41095,CVE-2024-41097,CVE-2024-41098,CVE-2024-42069,CVE-2024-42074,CVE-2024-42076,CVE-2024-42077,CVE-2024-42080,CVE-2024-42082,CVE-2024-42085,CVE-2024-42086,CVE-2024-42087,CVE-2024-42089,CVE-2024-42090,CVE-2024-42092,CVE-2024-42095,CVE-2024-42097,CVE-2024-42098,CVE-2024-42101,CVE-2024-42104,CVE-2024-42106,CVE-2024-42107,CVE-2024-42110,CVE-2024-42114,CVE-2024-42115,CVE-2024-42119,CVE-2024-42120,CVE-2024-42121,CVE-2024-42126,CVE-2024-42127,CVE-2024-42130,CVE-2024-42137,CVE-2024-42139,CVE-2024-42142,CVE-2024-42143,CVE-2024-42148,CVE-2024-42152,CVE-2024-42155,CVE-2024-42156,CVE-2024-42157,CVE-2024-42158,CVE-2024-42162,CVE-2024-42223,CVE-2024-42225,CVE-2024-42228,CVE-2024-42229,CVE-2024-42230,CVE-2024-42232,CVE-2024-42236,CVE-2024-42237,CVE-2024-42238,CVE-2024-42239,CVE-2024-42240,CVE-2024-42244,CVE-2024-42246,CVE-2024-42247,CVE-2024-42268,CVE-2024-42271,CVE-2024-42274,CVE-2024-42276,CVE-2024-42277,CVE-20 24-42280,CVE-2024-42281,CVE-2024-42283,CVE-2024-42284,CVE-2024-42285,CVE-2024-42286,CVE-2024-42287,CVE-2024-42288,CVE-2024-42289,CVE-2024-42291,CVE-2024-42292,CVE-2024-42295,CVE-2024-42301,CVE-2024-42302,CVE-2024-42308,CVE-2024-42309,CVE-2024-42310,CVE-2024-42311,CVE-2024-42312,CVE-2024-42313,CVE-2024-42315,CVE-2024-42318,CVE-2024-42319,CVE-2024-42320,CVE-2024-42322,CVE-2024-43816,CVE-2024-43818,CVE-2024-43819,CVE-2024-43821,CVE-2024-43823,CVE-2024-43829,CVE-2024-43830,CVE-2024-43831,CVE-2024-43834,CVE-2024-43837,CVE-2024-43839,CVE-2024-43841,CVE-2024-43842,CVE-2024-43846,CVE-2024-43849,CVE-2024-43853,CVE-2024-43854,CVE-2024-43856,CVE-2024-43858,CVE-2024-43860,CVE-2024-43861,CVE-2024-43863,CVE-2024-43866,CVE-2024-43867,CVE-2024-43871,CVE-2024-43872,CVE-2024-43873,CVE-2024-43879,CVE-2024-43880,CVE-2024-43882,CVE-2024-43883,CVE-2024-43884,CVE-2024-43889,CVE-2024-43892,CVE-2024-43893,CVE-2024-43894,CVE-2024-43895,CVE-2024-43899,CVE-2024-43900,CVE-2024-43902,CVE-2024-43903,CVE-2024-4390 4,CVE-2024-43905,CVE-2024-43907,CVE-2024-43908,CVE-2024-43909,CVE-2024-44938,CVE-2024-44939,CVE-2024-44947 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773). - CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524). - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326). - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759). - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756). - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792). - CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820). - CVE-2024-41087: Fix double free on error (bsc#1228466). - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-43902: Add null checker before passing variables (bsc#1229767). - CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768) - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43884: Add error handling to pair_device() (bsc#1229739) - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658). - CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-26812: struct virqfd kABI workaround (bsc#1222808). - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641) - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605) - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569). - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488) - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962) - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428). - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742). - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803). - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290). - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-27016: Validate pppoe header (bsc#1223807). - CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639). - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578). - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727). - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542) - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388) - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2024-26669: Fix chain template offload (bsc#1222350). - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287). - CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508). - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350). - CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319). - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307). - CVE-2024-43841: Do not use strlen() in const context (bsc#1229304). - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469). - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065). - CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269). - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958). - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42139: Fix improper extts handling (bsc#1228503). - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667). - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (bsc#1226613). - CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742). - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777). The following non-security bugs were fixed: - ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC (git-fixes). - ACPI: bus: Indicate support for the Generic Event Device thru _OSC (git-fixes). - ACPI: bus: Rework system-level device notification handling (git-fixes). - ACPI: thermal: Drop nocrt parameter (git-fixes). - ACPI: x86: s2idle: Post-increment variables when getting constraints (git-fixes). - afs: Do not cross .backup mountpoint from backup volume (git-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: timer: Relax start tick time check for slave timer elements (git-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes). - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes). - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes) - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes) - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes) - arm64: barrier: Restore spec_bar() macro (git-fixes) - arm64: cpufeature: Add missing .field_width for GIC system registers (git-fixes) - arm64: cpufeature: Fix the visibility of compat hwcaps (git-fixes) - arm64: cpufeature: Force HWCAP to be based on the sysreg visible to (git-fixes) - arm64: cputype: Add Cortex-A720 definitions (git-fixes) - arm64: cputype: Add Cortex-A725 definitions (git-fixes) - arm64: cputype: Add Cortex-X1C definitions (git-fixes) - arm64: cputype: Add Cortex-X3 definitions (git-fixes) - arm64: cputype: Add Cortex-X4 definitions (git-fixes) - arm64: cputype: Add Cortex-X925 definitions (git-fixes) - arm64: cputype: Add Neoverse-V3 definitions (git-fixes) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes) - arm64: errata: Expand speculative SSBS workaround (again) (git-fixes) - arm64: errata: Expand speculative SSBS workaround (git-fixes) - arm64: errata: Unify speculative SSBS errata logic (git-fixes) Also update default configuration. - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: Fix KASAN random tag seed initialization (git-fixes) - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - async: Introduce async_schedule_dev_nocall() (bsc#1221269). - async: Split async_schedule_node_domain() (bsc#1221269). - Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes). - Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes). - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903). - bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes). - btrfs: fix leak of qgroup extent records after transaction abort (git-fixes). - btrfs: make btrfs_destroy_delayed_refs() return void (git-fixes). - btrfs: remove unnecessary prototype declarations at disk-io.c (git-fixes). - btrfs: sysfs: update fs features directory asynchronously (bsc#1226168). - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418). - ceph: issue a cap release immediately if no cap exists (bsc#1225162). - ceph: periodically flush the cap releases (bsc#1225162). - cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - cpuidle, ACPI: Evaluate LPI arch_flags for broadcast timer (git-fixes). - docs: KVM: Fix register ID of SPSR_FIQ (git-fixes). - drm: add missing MODULE_DESCRIPTION() macros (stable-fixes). - drm: panel-orientation-quirks: Add labels for both Valve Steam Deck revisions (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01 (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes). - drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes). - drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes). - drm/amd/display: avoid using null object of framebuffer (git-fixes). - drm/amd/display: Fix && vs || typos (git-fixes). - drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes). - drm/amd/display: Validate hw_points_num before using it (stable-fixes). - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - drm/amdgpu: Actually check flags for all context ops (stable-fixes). - drm/amdgpu: Add lock around VF RLCG interface (stable-fixes). - drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes). - drm/amdgpu: Validate TA binary size (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes). - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes). - drm/bridge: tc358768: Attempt to fix DSI horizontal timings (stable-fixes). - drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes). - drm/lima: set gp bus_stop bit before hard reset (stable-fixes). - drm/msm/dp: reset the link phy params before link training (git-fixes). - drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes). - drm/msm/dpu: do not play tricks with debug macros (git-fixes). - drm/tegra: Zero-initialize iosys_map (stable-fixes). - exfat: fix inode->i_blocks for non-512 byte sector size device (git-fixes). - exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes). - exfat: redefine DIR_DELETED as the bad cluster number (git-fixes). - exfat: support dynamic allocate bh for exfat_entry_set_cache (git-fixes). - fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229453). - fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - genirq: Add might_sleep() to disable_irq() (git-fixes). - genirq: Always limit the affinity to online CPUs (git-fixes). - genirq: Do not return error on missing optional irq_request_resources() (git-fixes). - genirq: Take the proposed affinity at face value if force==true (git-fixes). - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes). - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes). - genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes). - genirq/irqdesc: Do not try to remove non-existing sysfs files (git-fixes). - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - genirq/msi: Shutdown managed interrupts with unsatifiable affinities (git-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - i2c: smbus: Improve handling of stuck alerts (git-fixes). - i2c: smbus: Send alert notifications to all devices if source not found (git-fixes). - iommu/amd: Convert comma to semicolon (git-fixes). - ip6_tunnel: Fix broken GRO (bsc#1229444). - ipv6: sr: fix incorrect unregister order (git-fixes). - irqdomain: Drop bogus fwspec-mapping error handling (git-fixes). - irqdomain: Fix association race (git-fixes). - irqdomain: Fix disassociation race (git-fixes). - irqdomain: Fix domain registration race (git-fixes). - irqdomain: Fix mapping-creation race (git-fixes). - irqdomain: Fixed unbalanced fwnode get and put (git-fixes). - irqdomain: Look for existing mapping only once (git-fixes). - irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes). - irqdomain: Report irq number for NOMAP domains (git-fixes). - kprobes: Fix to check symbol prefixes correctly (git-fixes). - lockd: move from strlcpy with unused retval to strscpy (git-fixes). - memcg: protect concurrent access to mem_cgroup_idr (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes). - mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes). - net: ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes). - net: ks8851: Fix deadlock with the SPI chip variant (git-fixes). - net: ks8851: Fix potential TX stall after interface reopen (git-fixes). - net: ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes). - net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - net: remove two BUG() from skb_checksum_help() (bsc#1229312). - net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes). - net/rds: fix possible cp null dereference (git-fixes). - net/sched: initialize noop_qdisc owner (git-fixes). - nfc: pn533: Add poll mod list filling check (git-fixes). - nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - nfs: make the rpc_stat per net namespace (git-fixes). - NFSD: add posix ACLs to struct nfsd_attrs (git-fixes). - NFSD: add security label to struct nfsd_attrs (git-fixes). - NFSD: fix regression with setting ACLs (git-fixes). - NFSD: Fix strncpy() fortify warning (git-fixes). - NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes). - NFSD: introduce struct nfsd_attrs (git-fixes). - NFSD: move from strlcpy with unused retval to strscpy (git-fixes). - NFSD: Optimize DRC bucket pruning (git-fixes). - nfsd: return error if nfs4_setacl fails (git-fixes). - NFSD: set attributes when creating symlinks (git-fixes). - nfsd: use locks_inode_context helper (git-fixes). - nilfs2: Remove check for PageError (git-fixes). - nvme_core: scan namespaces asynchronously (bsc#1224105). - ocfs2: use coarse time for new created files (git-fixes). - padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779). - platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779). - platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779). - platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779). - platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779). - power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes). - power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes). - powerpc: Fail build if using recordmcount with binutils v2.37 (bsc#1194869). - powerpc: Mark .opd section read-only (bsc#1194869). - powerpc: use generic version of arch_is_kernel_initmem_freed() (bsc#1194869). - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869). - powerpc/kexec: make the update_cpus_node() function public (bsc#1194869). - powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869). - powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes). - RDMA/rxe: Fix incomplete state save in rxe_requester (git-fixes) - RDMA/rxe: Fix rxe_modify_srq (git-fixes) - RDMA/rxe: Handle zero length rdma (git-fixes) - RDMA/rxe: Move work queue code to subroutines (git-fixes) - s390/cpacf: get rid of register asm (git-fixes bsc#1227079 bsc#1229187). - s390/cpacf: Make use of invalid opcode produce a link error (git-fixes bsc#1227079). - s390/cpacf: Split and rework cpacf query functions (git-fixes bsc#1229187). - s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190). - s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573). - s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229572). - s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229188). - spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes). - sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes). - SUNRPC: Fix a race to wake a sync task (git-fixes). - swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes). - tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - ubifs: add check for crypto_shash_tfm_digest (git-fixes). - ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes). - ubifs: Fix adding orphan entry twice for the same inode (git-fixes). - ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes). - vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes). - wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes). - wifi: mwifiex: duplicate static structs used in driver instances (git-fixes). - x86/APM: drop the duplicate APM_MINOR_DEV macro (git-fixes). - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes). - x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes). - x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes). - x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes). - xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes). - xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - libcurl4-8.0.1-150400.5.50.1 updated - kernel-rt-5.14.21-150500.13.67.3 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.122 updated From sle-container-updates at lists.suse.com Fri Sep 13 15:32:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Sep 2024 17:32:03 +0200 (CEST) Subject: SUSE-IU-2024:1230-1: Security update of suse-sles-15-sp4-chost-byos-v20240912-hvm-ssd-x86_64 Message-ID: <20240913153203.B1F5EF7A3@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20240912-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1230-1 Image Tags : suse-sles-15-sp4-chost-byos-v20240912-hvm-ssd-x86_64:20240912 Image Release : Severity : critical Type : security References : 1081596 1156395 1190336 1191958 1193454 1193554 1193787 1193883 1194324 1194818 1194818 1194826 1194869 1195065 1195254 1195341 1195349 1195357 1195668 1195927 1195957 1196018 1196746 1196823 1197146 1197246 1197762 1197915 1198014 1199295 1200528 1202346 1202686 1202767 1202780 1207230 1209636 1213123 1214855 1215587 1216834 1217070 1217102 1218297 1218820 1219267 1219268 1219438 1220185 1220186 1220187 1220356 1221044 1221243 1221479 1221677 1221916 1222011 1222021 1222728 1222809 1222810 1222985 1223094 1223409 1223535 1223571 1223635 1223863 1224014 1224016 1224044 1224117 1224488 1224495 1224671 1224771 1225267 1225573 1225829 1226014 1226030 1226100 1226168 1226226 1226227 1226414 1226463 1226493 1226519 1226537 1226539 1226550 1226553 1226554 1226556 1226557 1226558 1226559 1226561 1226562 1226563 1226564 1226567 1226569 1226572 1226574 1226575 1226576 1226577 1226580 1226583 1226585 1226587 1226601 1226602 1226603 1226607 1226614 1226617 1226618 1226619 1226621 1226624 1226626 1226628 1226629 1226643 1226644 1226645 1226650 1226653 1226662 1226669 1226670 1226672 1226673 1226674 1226675 1226679 1226683 1226685 1226686 1226690 1226691 1226692 1226696 1226697 1226698 1226699 1226701 1226702 1226703 1226705 1226708 1226709 1226710 1226711 1226712 1226713 1226715 1226716 1226719 1226720 1226721 1226732 1226758 1226762 1226785 1227090 1227115 1227127 1227138 1227205 1227308 1227383 1227487 1227525 1227549 1227625 1227716 1227750 1227764 1227793 1227808 1227810 1227823 1227829 1227836 1227917 1227920 1227921 1227922 1227923 1227924 1227925 1227928 1227931 1227932 1227933 1227935 1227938 1227941 1227942 1227944 1227945 1227948 1227949 1227952 1227953 1227954 1227956 1227963 1227964 1227965 1227968 1227969 1227970 1227971 1227972 1227975 1227976 1227981 1227982 1227985 1227986 1227987 1227988 1227989 1227990 1227991 1227993 1227995 1227996 1227997 1228000 1228002 1228004 1228005 1228006 1228007 1228008 1228009 1228010 1228013 1228014 1228015 1228019 1228025 1228028 1228035 1228037 1228038 1228039 1228040 1228043 1228045 1228054 1228055 1228056 1228060 1228061 1228062 1228063 1228064 1228066 1228091 1228105 1228114 1228124 1228138 1228206 1228208 1228247 1228265 1228324 1228328 1228420 1228440 1228535 1228553 1228561 1228644 1228680 1228743 1228787 1228801 1228847 1229339 1229930 1229931 1229932 1230020 1230034 1230092 1230093 222971 CVE-2021-4439 CVE-2021-47534 CVE-2021-47576 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47586 CVE-2021-47587 CVE-2021-47589 CVE-2021-47592 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47611 CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47624 CVE-2022-0854 CVE-2022-1996 CVE-2022-20368 CVE-2022-28748 CVE-2022-2964 CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48715 CVE-2022-48717 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2022-48730 CVE-2022-48732 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48749 CVE-2022-48751 CVE-2022-48752 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48771 CVE-2022-48773 CVE-2022-48774 CVE-2022-48775 CVE-2022-48776 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48792 CVE-2022-48793 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48807 CVE-2022-48811 CVE-2022-48812 CVE-2022-48813 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48826 CVE-2022-48827 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2022-48842 CVE-2022-48843 CVE-2022-48847 CVE-2022-48849 CVE-2022-48851 CVE-2022-48853 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48866 CVE-2023-1582 CVE-2023-37453 CVE-2023-45142 CVE-2023-47108 CVE-2023-52591 CVE-2023-52762 CVE-2023-52766 CVE-2023-52800 CVE-2023-52885 CVE-2023-52886 CVE-2023-7008 CVE-2023-7256 CVE-2024-1753 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26800 CVE-2024-26813 CVE-2024-26814 CVE-2024-26976 CVE-2024-28180 CVE-2024-34397 CVE-2024-35878 CVE-2024-35901 CVE-2024-35905 CVE-2024-36926 CVE-2024-36974 CVE-2024-3727 CVE-2024-38541 CVE-2024-38555 CVE-2024-38559 CVE-2024-39463 CVE-2024-39494 CVE-2024-40902 CVE-2024-40937 CVE-2024-40954 CVE-2024-40956 CVE-2024-40989 CVE-2024-40994 CVE-2024-41011 CVE-2024-41012 CVE-2024-41059 CVE-2024-41069 CVE-2024-41090 CVE-2024-41110 CVE-2024-42093 CVE-2024-42145 CVE-2024-42230 CVE-2024-45310 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-5535 CVE-2024-6345 CVE-2024-7264 CVE-2024-8006 CVE-2024-8096 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20240912-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2877-1 Released: Mon Aug 12 13:35:20 2024 Summary: Optional update for sles-release Type: optional Severity: low References: 1227115 This update for sles-release fixes the following issue: - Adjust codestream lifecycle ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2886-1 Released: Tue Aug 13 09:46:48 2024 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:12 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2922-1 Released: Thu Aug 15 07:01:20 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1207230,1217102,1223535,1226100,1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) - Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to SLE-15-SP2 (bsc#1217102) - Enhancement to PPC secure boot's root device discovery config (bsc#1207230) - Fix regex for Open Firmware device specifier with encoded commas - Fix regular expression in PPC secure boot config to prevent escaped commas from being treated as delimiters when retrieving partition substrings - Use prep_load_env in PPC secure boot config to handle unset host-specific environment variables and ensure successful command execution ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2927-1 Released: Thu Aug 15 09:02:55 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2929-1 Released: Thu Aug 15 11:31:30 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1156395,1190336,1191958,1193454,1193554,1193787,1193883,1194324,1194826,1194869,1195065,1195254,1195341,1195349,1195357,1195668,1195927,1195957,1196018,1196746,1196823,1197146,1197246,1197762,1197915,1198014,1199295,1202346,1202686,1202767,1202780,1209636,1213123,1215587,1216834,1218820,1220185,1220186,1220187,1221044,1222011,1222728,1222809,1222810,1223635,1223863,1224488,1224495,1224671,1225573,1225829,1226168,1226226,1226519,1226537,1226539,1226550,1226553,1226554,1226556,1226557,1226558,1226559,1226561,1226562,1226563,1226564,1226567,1226569,1226572,1226574,1226575,1226576,1226577,1226580,1226583,1226585,1226587,1226601,1226602,1226603,1226607,1226614,1226617,1226618,1226619,1226621,1226624,1226626,1226628,1226629,1226643,1226644,1226645,1226650,1226653,1226662,1226669,1226670,1226672,1226673,1226674,1226675,1226679,1226683,1226685,1226686,1226690,1226691,1226692,1226696,1226697,1226698,1226699,1226701,1226702,1226703,1226705,1226708,1226709,1226710,1226711,1226712,1 226713,1226715,1226716,1226719,1226720,1226721,1226732,1226758,1226762,1226785,1227090,1227383,1227487,1227549,1227716,1227750,1227764,1227808,1227810,1227823,1227829,1227836,1227917,1227920,1227921,1227922,1227923,1227924,1227925,1227928,1227931,1227932,1227933,1227935,1227938,1227941,1227942,1227944,1227945,1227948,1227949,1227952,1227953,1227954,1227956,1227963,1227964,1227965,1227968,1227969,1227970,1227971,1227972,1227975,1227976,1227981,1227982,1227985,1227986,1227987,1227988,1227989,1227990,1227991,1227993,1227995,1227996,1227997,1228000,1228002,1228004,1228005,1228006,1228007,1228008,1228009,1228010,1228013,1228014,1228015,1228019,1228025,1228028,1228035,1228037,1228038,1228039,1228040,1228045,1228054,1228055,1228056,1228060,1228061,1228062,1228063,1228064,1228066,1228114,1228247,1228328,1228440,1228561,1228644,1228680,1228743,1228801,CVE-2021-4439,CVE-2021-47534,CVE-2021-47576,CVE-2021-47578,CVE-2021-47580,CVE-2021-47582,CVE-2021-47583,CVE-2021-47584,CVE-2021-47585,CVE-2021 -47586,CVE-2021-47587,CVE-2021-47589,CVE-2021-47592,CVE-2021-47596,CVE-2021-47597,CVE-2021-47598,CVE-2021-47600,CVE-2021-47601,CVE-2021-47602,CVE-2021-47603,CVE-2021-47607,CVE-2021-47608,CVE-2021-47609,CVE-2021-47611,CVE-2021-47612,CVE-2021-47614,CVE-2021-47615,CVE-2021-47616,CVE-2021-47617,CVE-2021-47618,CVE-2021-47619,CVE-2021-47620,CVE-2021-47622,CVE-2021-47624,CVE-2022-0854,CVE-2022-20368,CVE-2022-28748,CVE-2022-2964,CVE-2022-48711,CVE-2022-48712,CVE-2022-48713,CVE-2022-48715,CVE-2022-48717,CVE-2022-48720,CVE-2022-48721,CVE-2022-48722,CVE-2022-48723,CVE-2022-48724,CVE-2022-48725,CVE-2022-48726,CVE-2022-48727,CVE-2022-48728,CVE-2022-48729,CVE-2022-48730,CVE-2022-48732,CVE-2022-48734,CVE-2022-48735,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48739,CVE-2022-48740,CVE-2022-48743,CVE-2022-48744,CVE-2022-48745,CVE-2022-48746,CVE-2022-48747,CVE-2022-48749,CVE-2022-48751,CVE-2022-48752,CVE-2022-48754,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48761,CV E-2022-48763,CVE-2022-48765,CVE-2022-48767,CVE-2022-48768,CVE-2022-48769,CVE-2022-48771,CVE-2022-48773,CVE-2022-48774,CVE-2022-48775,CVE-2022-48776,CVE-2022-48777,CVE-2022-48778,CVE-2022-48780,CVE-2022-48783,CVE-2022-48784,CVE-2022-48786,CVE-2022-48787,CVE-2022-48788,CVE-2022-48789,CVE-2022-48790,CVE-2022-48791,CVE-2022-48792,CVE-2022-48793,CVE-2022-48794,CVE-2022-48796,CVE-2022-48797,CVE-2022-48798,CVE-2022-48799,CVE-2022-48800,CVE-2022-48801,CVE-2022-48802,CVE-2022-48803,CVE-2022-48804,CVE-2022-48805,CVE-2022-48806,CVE-2022-48807,CVE-2022-48811,CVE-2022-48812,CVE-2022-48813,CVE-2022-48814,CVE-2022-48815,CVE-2022-48816,CVE-2022-48817,CVE-2022-48818,CVE-2022-48820,CVE-2022-48821,CVE-2022-48822,CVE-2022-48823,CVE-2022-48824,CVE-2022-48825,CVE-2022-48826,CVE-2022-48827,CVE-2022-48828,CVE-2022-48829,CVE-2022-48830,CVE-2022-48831,CVE-2022-48834,CVE-2022-48835,CVE-2022-48836,CVE-2022-48837,CVE-2022-48838,CVE-2022-48839,CVE-2022-48840,CVE-2022-48841,CVE-2022-48842,CVE-2022-48843,CVE-2022- 48847,CVE-2022-48849,CVE-2022-48851,CVE-2022-48853,CVE-2022-48856,CVE-2022-48857,CVE-2022-48858,CVE-2022-48859,CVE-2022-48860,CVE-2022-48861,CVE-2022-48862,CVE-2022-48863,CVE-2022-48866,CVE-2023-1582,CVE-2023-37453,CVE-2023-52591,CVE-2023-52762,CVE-2023-52766,CVE-2023-52800,CVE-2023-52885,CVE-2023-52886,CVE-2024-26583,CVE-2024-26584,CVE-2024-26585,CVE-2024-26800,CVE-2024-26813,CVE-2024-26814,CVE-2024-26976,CVE-2024-35878,CVE-2024-35901,CVE-2024-35905,CVE-2024-36926,CVE-2024-36974,CVE-2024-38541,CVE-2024-38555,CVE-2024-38559,CVE-2024-39463,CVE-2024-39494,CVE-2024-40902,CVE-2024-40937,CVE-2024-40954,CVE-2024-40956,CVE-2024-40989,CVE-2024-40994,CVE-2024-41011,CVE-2024-41012,CVE-2024-41059,CVE-2024-41069,CVE-2024-41090,CVE-2024-42093,CVE-2024-42145,CVE-2024-42230 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495). - CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). The following non-security bugs were fixed: - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863). - X.509: Fix the parser of extended key usage for length (bsc#1218820). - btrfs: sysfs: update fs features directory asynchronously (bsc#1226168). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI: rtas: Workaround false positive due to lost definition (bsc#1227487). - kernel-binary: vdso: Own module_dir - net/dcb: check for detached device before executing callbacks (bsc#1215587). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2966-1 Released: Mon Aug 19 15:37:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issue: - agetty: Prevent login cursor escape (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3120-1 Released: Tue Sep 3 17:12:56 2024 Summary: Security update for buildah, docker Type: security Severity: critical References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3145-1 Released: Thu Sep 5 09:09:27 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228847 This update for dracut fixes the following issue: - Version update * fix(convertfs): error in conditional expressions (bsc#1228847). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:11 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3185-1 Released: Tue Sep 10 08:15:38 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226227 This update for cups fixes the following issues: - Fixed cupsd failing to authenticate users when group membership is required (bsc#1226227) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3210-1 Released: Wed Sep 11 17:39:30 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3221-1 Released: Thu Sep 12 13:18:18 2024 Summary: Security update for containerd Type: security Severity: important References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - containerd-ctr-1.7.21-150000.117.1 updated - containerd-1.7.21-150000.117.1 updated - cups-config-2.2.7-150000.3.65.1 updated - curl-8.0.1-150400.5.50.1 updated - dmidecode-3.6-150400.16.11.2 updated - docker-25.0.6_ce-150000.207.1 updated - dracut-055+suse.359.geb85610b-150400.3.37.2 updated - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated - grub2-i386-pc-2.06-150400.11.46.1 updated - grub2-x86_64-efi-2.06-150400.11.46.1 updated - grub2-x86_64-xen-2.06-150400.11.46.1 updated - grub2-2.06-150400.11.46.1 updated - kernel-default-5.14.21-150400.24.128.1 updated - libblkid1-2.37.2-150400.8.32.2 updated - libcups2-2.2.7-150000.3.65.1 updated - libcurl4-8.0.1-150400.5.50.1 updated - libexpat1-2.4.4-150400.3.22.1 updated - libfdisk1-2.37.2-150400.8.32.2 updated - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libmount1-2.37.2-150400.8.32.2 updated - libopenssl1_1-1.1.1l-150400.7.72.1 updated - libpcap1-1.10.1-150400.3.3.2 updated - libsmartcols1-2.37.2-150400.8.32.2 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libsystemd0-249.17-150400.8.43.1 updated - libudev1-249.17-150400.8.43.1 updated - libuuid1-2.37.2-150400.8.32.2 updated - libyaml-0-2-0.1.7-150000.3.2.1 added - libzypp-17.35.8-150400.3.85.1 updated - openssl-1_1-1.1.1l-150400.7.72.1 updated - pam-1.3.0-150000.6.71.2 updated - python3-PyYAML-5.4.1-150300.3.3.1 updated - python3-setuptools-44.1.1-150400.9.9.1 updated - runc-1.1.14-150000.70.1 updated - sles-release-15.4-150400.58.10.2 updated - supportutils-3.2.8-150300.7.35.33.1 updated - suse-build-key-12.0-150000.8.52.3 updated - systemd-sysvinit-249.17-150400.8.43.1 updated - systemd-249.17-150400.8.43.1 updated - udev-249.17-150400.8.43.1 updated - util-linux-systemd-2.37.2-150400.8.32.2 updated - util-linux-2.37.2-150400.8.32.2 updated - zypper-1.14.76-150400.3.57.16 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - libprotobuf-lite25_1_0-25.1-150400.9.6.1 removed From sle-container-updates at lists.suse.com Sun Sep 15 07:01:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 15 Sep 2024 09:01:36 +0200 (CEST) Subject: SUSE-IU-2024:1290-1: Security update of suse-sles-15-sp4-chost-byos-v20240912-x86_64-gen2 Message-ID: <20240915070136.0FF94FCC1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20240912-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1290-1 Image Tags : suse-sles-15-sp4-chost-byos-v20240912-x86_64-gen2:20240912 Image Release : Severity : critical Type : security References : 1081596 1156395 1190336 1191958 1193454 1193554 1193787 1193883 1194324 1194818 1194818 1194826 1194869 1195065 1195254 1195341 1195349 1195357 1195668 1195927 1195957 1196018 1196746 1196823 1197146 1197246 1197762 1197915 1198014 1199295 1200528 1202346 1202686 1202767 1202780 1207230 1209636 1213123 1214855 1215587 1216834 1217070 1217102 1218297 1218820 1219267 1219268 1219438 1220185 1220186 1220187 1220356 1221044 1221243 1221479 1221677 1221916 1222011 1222021 1222728 1222809 1222810 1222985 1223094 1223409 1223535 1223571 1223635 1223863 1224014 1224016 1224044 1224117 1224488 1224495 1224671 1224771 1225267 1225573 1225829 1226014 1226030 1226100 1226168 1226226 1226227 1226414 1226463 1226493 1226519 1226537 1226539 1226550 1226553 1226554 1226556 1226557 1226558 1226559 1226561 1226562 1226563 1226564 1226567 1226569 1226572 1226574 1226575 1226576 1226577 1226580 1226583 1226585 1226587 1226601 1226602 1226603 1226607 1226614 1226617 1226618 1226619 1226621 1226624 1226626 1226628 1226629 1226643 1226644 1226645 1226650 1226653 1226662 1226669 1226670 1226672 1226673 1226674 1226675 1226679 1226683 1226685 1226686 1226690 1226691 1226692 1226696 1226697 1226698 1226699 1226701 1226702 1226703 1226705 1226708 1226709 1226710 1226711 1226712 1226713 1226715 1226716 1226719 1226720 1226721 1226732 1226758 1226762 1226785 1227090 1227115 1227127 1227138 1227205 1227308 1227383 1227487 1227525 1227549 1227625 1227716 1227750 1227764 1227793 1227808 1227810 1227823 1227829 1227836 1227917 1227920 1227921 1227922 1227923 1227924 1227925 1227928 1227931 1227932 1227933 1227935 1227938 1227941 1227942 1227944 1227945 1227948 1227949 1227952 1227953 1227954 1227956 1227963 1227964 1227965 1227968 1227969 1227970 1227971 1227972 1227975 1227976 1227981 1227982 1227985 1227986 1227987 1227988 1227989 1227990 1227991 1227993 1227995 1227996 1227997 1228000 1228002 1228004 1228005 1228006 1228007 1228008 1228009 1228010 1228013 1228014 1228015 1228019 1228025 1228028 1228035 1228037 1228038 1228039 1228040 1228043 1228045 1228054 1228055 1228056 1228060 1228061 1228062 1228063 1228064 1228066 1228091 1228105 1228114 1228124 1228138 1228206 1228208 1228247 1228265 1228324 1228328 1228420 1228440 1228535 1228553 1228561 1228644 1228680 1228743 1228787 1228801 1228847 1229339 1229930 1229931 1229932 1230020 1230034 1230092 1230093 222971 CVE-2021-4439 CVE-2021-47534 CVE-2021-47576 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47586 CVE-2021-47587 CVE-2021-47589 CVE-2021-47592 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47611 CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47624 CVE-2022-0854 CVE-2022-1996 CVE-2022-20368 CVE-2022-28748 CVE-2022-2964 CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48715 CVE-2022-48717 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2022-48730 CVE-2022-48732 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48749 CVE-2022-48751 CVE-2022-48752 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48771 CVE-2022-48773 CVE-2022-48774 CVE-2022-48775 CVE-2022-48776 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48792 CVE-2022-48793 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48807 CVE-2022-48811 CVE-2022-48812 CVE-2022-48813 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48826 CVE-2022-48827 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2022-48842 CVE-2022-48843 CVE-2022-48847 CVE-2022-48849 CVE-2022-48851 CVE-2022-48853 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48866 CVE-2023-1582 CVE-2023-37453 CVE-2023-45142 CVE-2023-47108 CVE-2023-52591 CVE-2023-52762 CVE-2023-52766 CVE-2023-52800 CVE-2023-52885 CVE-2023-52886 CVE-2023-7008 CVE-2023-7256 CVE-2024-1753 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26800 CVE-2024-26813 CVE-2024-26814 CVE-2024-26976 CVE-2024-28180 CVE-2024-34397 CVE-2024-35878 CVE-2024-35901 CVE-2024-35905 CVE-2024-36926 CVE-2024-36974 CVE-2024-3727 CVE-2024-38541 CVE-2024-38555 CVE-2024-38559 CVE-2024-39463 CVE-2024-39494 CVE-2024-40902 CVE-2024-40937 CVE-2024-40954 CVE-2024-40956 CVE-2024-40989 CVE-2024-40994 CVE-2024-41011 CVE-2024-41012 CVE-2024-41059 CVE-2024-41069 CVE-2024-41090 CVE-2024-41110 CVE-2024-42093 CVE-2024-42145 CVE-2024-42230 CVE-2024-45310 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-5535 CVE-2024-6345 CVE-2024-7264 CVE-2024-8006 CVE-2024-8096 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20240912-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2877-1 Released: Mon Aug 12 13:35:20 2024 Summary: Optional update for sles-release Type: optional Severity: low References: 1227115 This update for sles-release fixes the following issue: - Adjust codestream lifecycle ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2886-1 Released: Tue Aug 13 09:46:48 2024 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:12 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2922-1 Released: Thu Aug 15 07:01:20 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1207230,1217102,1223535,1226100,1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) - Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to SLE-15-SP2 (bsc#1217102) - Enhancement to PPC secure boot's root device discovery config (bsc#1207230) - Fix regex for Open Firmware device specifier with encoded commas - Fix regular expression in PPC secure boot config to prevent escaped commas from being treated as delimiters when retrieving partition substrings - Use prep_load_env in PPC secure boot config to handle unset host-specific environment variables and ensure successful command execution ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2927-1 Released: Thu Aug 15 09:02:55 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2929-1 Released: Thu Aug 15 11:31:30 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1156395,1190336,1191958,1193454,1193554,1193787,1193883,1194324,1194826,1194869,1195065,1195254,1195341,1195349,1195357,1195668,1195927,1195957,1196018,1196746,1196823,1197146,1197246,1197762,1197915,1198014,1199295,1202346,1202686,1202767,1202780,1209636,1213123,1215587,1216834,1218820,1220185,1220186,1220187,1221044,1222011,1222728,1222809,1222810,1223635,1223863,1224488,1224495,1224671,1225573,1225829,1226168,1226226,1226519,1226537,1226539,1226550,1226553,1226554,1226556,1226557,1226558,1226559,1226561,1226562,1226563,1226564,1226567,1226569,1226572,1226574,1226575,1226576,1226577,1226580,1226583,1226585,1226587,1226601,1226602,1226603,1226607,1226614,1226617,1226618,1226619,1226621,1226624,1226626,1226628,1226629,1226643,1226644,1226645,1226650,1226653,1226662,1226669,1226670,1226672,1226673,1226674,1226675,1226679,1226683,1226685,1226686,1226690,1226691,1226692,1226696,1226697,1226698,1226699,1226701,1226702,1226703,1226705,1226708,1226709,1226710,1226711,1226712,1 226713,1226715,1226716,1226719,1226720,1226721,1226732,1226758,1226762,1226785,1227090,1227383,1227487,1227549,1227716,1227750,1227764,1227808,1227810,1227823,1227829,1227836,1227917,1227920,1227921,1227922,1227923,1227924,1227925,1227928,1227931,1227932,1227933,1227935,1227938,1227941,1227942,1227944,1227945,1227948,1227949,1227952,1227953,1227954,1227956,1227963,1227964,1227965,1227968,1227969,1227970,1227971,1227972,1227975,1227976,1227981,1227982,1227985,1227986,1227987,1227988,1227989,1227990,1227991,1227993,1227995,1227996,1227997,1228000,1228002,1228004,1228005,1228006,1228007,1228008,1228009,1228010,1228013,1228014,1228015,1228019,1228025,1228028,1228035,1228037,1228038,1228039,1228040,1228045,1228054,1228055,1228056,1228060,1228061,1228062,1228063,1228064,1228066,1228114,1228247,1228328,1228440,1228561,1228644,1228680,1228743,1228801,CVE-2021-4439,CVE-2021-47534,CVE-2021-47576,CVE-2021-47578,CVE-2021-47580,CVE-2021-47582,CVE-2021-47583,CVE-2021-47584,CVE-2021-47585,CVE-2021 -47586,CVE-2021-47587,CVE-2021-47589,CVE-2021-47592,CVE-2021-47596,CVE-2021-47597,CVE-2021-47598,CVE-2021-47600,CVE-2021-47601,CVE-2021-47602,CVE-2021-47603,CVE-2021-47607,CVE-2021-47608,CVE-2021-47609,CVE-2021-47611,CVE-2021-47612,CVE-2021-47614,CVE-2021-47615,CVE-2021-47616,CVE-2021-47617,CVE-2021-47618,CVE-2021-47619,CVE-2021-47620,CVE-2021-47622,CVE-2021-47624,CVE-2022-0854,CVE-2022-20368,CVE-2022-28748,CVE-2022-2964,CVE-2022-48711,CVE-2022-48712,CVE-2022-48713,CVE-2022-48715,CVE-2022-48717,CVE-2022-48720,CVE-2022-48721,CVE-2022-48722,CVE-2022-48723,CVE-2022-48724,CVE-2022-48725,CVE-2022-48726,CVE-2022-48727,CVE-2022-48728,CVE-2022-48729,CVE-2022-48730,CVE-2022-48732,CVE-2022-48734,CVE-2022-48735,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48739,CVE-2022-48740,CVE-2022-48743,CVE-2022-48744,CVE-2022-48745,CVE-2022-48746,CVE-2022-48747,CVE-2022-48749,CVE-2022-48751,CVE-2022-48752,CVE-2022-48754,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48761,CV E-2022-48763,CVE-2022-48765,CVE-2022-48767,CVE-2022-48768,CVE-2022-48769,CVE-2022-48771,CVE-2022-48773,CVE-2022-48774,CVE-2022-48775,CVE-2022-48776,CVE-2022-48777,CVE-2022-48778,CVE-2022-48780,CVE-2022-48783,CVE-2022-48784,CVE-2022-48786,CVE-2022-48787,CVE-2022-48788,CVE-2022-48789,CVE-2022-48790,CVE-2022-48791,CVE-2022-48792,CVE-2022-48793,CVE-2022-48794,CVE-2022-48796,CVE-2022-48797,CVE-2022-48798,CVE-2022-48799,CVE-2022-48800,CVE-2022-48801,CVE-2022-48802,CVE-2022-48803,CVE-2022-48804,CVE-2022-48805,CVE-2022-48806,CVE-2022-48807,CVE-2022-48811,CVE-2022-48812,CVE-2022-48813,CVE-2022-48814,CVE-2022-48815,CVE-2022-48816,CVE-2022-48817,CVE-2022-48818,CVE-2022-48820,CVE-2022-48821,CVE-2022-48822,CVE-2022-48823,CVE-2022-48824,CVE-2022-48825,CVE-2022-48826,CVE-2022-48827,CVE-2022-48828,CVE-2022-48829,CVE-2022-48830,CVE-2022-48831,CVE-2022-48834,CVE-2022-48835,CVE-2022-48836,CVE-2022-48837,CVE-2022-48838,CVE-2022-48839,CVE-2022-48840,CVE-2022-48841,CVE-2022-48842,CVE-2022-48843,CVE-2022- 48847,CVE-2022-48849,CVE-2022-48851,CVE-2022-48853,CVE-2022-48856,CVE-2022-48857,CVE-2022-48858,CVE-2022-48859,CVE-2022-48860,CVE-2022-48861,CVE-2022-48862,CVE-2022-48863,CVE-2022-48866,CVE-2023-1582,CVE-2023-37453,CVE-2023-52591,CVE-2023-52762,CVE-2023-52766,CVE-2023-52800,CVE-2023-52885,CVE-2023-52886,CVE-2024-26583,CVE-2024-26584,CVE-2024-26585,CVE-2024-26800,CVE-2024-26813,CVE-2024-26814,CVE-2024-26976,CVE-2024-35878,CVE-2024-35901,CVE-2024-35905,CVE-2024-36926,CVE-2024-36974,CVE-2024-38541,CVE-2024-38555,CVE-2024-38559,CVE-2024-39463,CVE-2024-39494,CVE-2024-40902,CVE-2024-40937,CVE-2024-40954,CVE-2024-40956,CVE-2024-40989,CVE-2024-40994,CVE-2024-41011,CVE-2024-41012,CVE-2024-41059,CVE-2024-41069,CVE-2024-41090,CVE-2024-42093,CVE-2024-42145,CVE-2024-42230 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495). - CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). The following non-security bugs were fixed: - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863). - X.509: Fix the parser of extended key usage for length (bsc#1218820). - btrfs: sysfs: update fs features directory asynchronously (bsc#1226168). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI: rtas: Workaround false positive due to lost definition (bsc#1227487). - kernel-binary: vdso: Own module_dir - net/dcb: check for detached device before executing callbacks (bsc#1215587). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2966-1 Released: Mon Aug 19 15:37:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issue: - agetty: Prevent login cursor escape (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3120-1 Released: Tue Sep 3 17:12:56 2024 Summary: Security update for buildah, docker Type: security Severity: critical References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3145-1 Released: Thu Sep 5 09:09:27 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228847 This update for dracut fixes the following issue: - Version update * fix(convertfs): error in conditional expressions (bsc#1228847). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:11 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3185-1 Released: Tue Sep 10 08:15:38 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226227 This update for cups fixes the following issues: - Fixed cupsd failing to authenticate users when group membership is required (bsc#1226227) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3210-1 Released: Wed Sep 11 17:39:30 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3221-1 Released: Thu Sep 12 13:18:18 2024 Summary: Security update for containerd Type: security Severity: important References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - containerd-ctr-1.7.21-150000.117.1 updated - containerd-1.7.21-150000.117.1 updated - cups-config-2.2.7-150000.3.65.1 updated - curl-8.0.1-150400.5.50.1 updated - dmidecode-3.6-150400.16.11.2 updated - docker-25.0.6_ce-150000.207.1 updated - dracut-055+suse.359.geb85610b-150400.3.37.2 updated - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated - grub2-i386-pc-2.06-150400.11.46.1 updated - grub2-x86_64-efi-2.06-150400.11.46.1 updated - grub2-2.06-150400.11.46.1 updated - kernel-default-5.14.21-150400.24.128.1 updated - libblkid1-2.37.2-150400.8.32.2 updated - libcups2-2.2.7-150000.3.65.1 updated - libcurl4-8.0.1-150400.5.50.1 updated - libexpat1-2.4.4-150400.3.22.1 updated - libfdisk1-2.37.2-150400.8.32.2 updated - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libmount1-2.37.2-150400.8.32.2 updated - libopenssl1_1-1.1.1l-150400.7.72.1 updated - libpcap1-1.10.1-150400.3.3.2 updated - libsmartcols1-2.37.2-150400.8.32.2 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libsystemd0-249.17-150400.8.43.1 updated - libudev1-249.17-150400.8.43.1 updated - libuuid1-2.37.2-150400.8.32.2 updated - libyaml-0-2-0.1.7-150000.3.2.1 added - libzypp-17.35.8-150400.3.85.1 updated - openssl-1_1-1.1.1l-150400.7.72.1 updated - pam-1.3.0-150000.6.71.2 updated - python-azure-agent-config-server-2.9.1.1-150100.3.44.2 updated - python-azure-agent-2.9.1.1-150100.3.44.2 updated - python3-PyYAML-5.4.1-150300.3.3.1 updated - python3-setuptools-44.1.1-150400.9.9.1 updated - runc-1.1.14-150000.70.1 updated - sles-release-15.4-150400.58.10.2 updated - supportutils-3.2.8-150300.7.35.33.1 updated - suse-build-key-12.0-150000.8.52.3 updated - systemd-sysvinit-249.17-150400.8.43.1 updated - systemd-249.17-150400.8.43.1 updated - udev-249.17-150400.8.43.1 updated - util-linux-systemd-2.37.2-150400.8.32.2 updated - util-linux-2.37.2-150400.8.32.2 updated - zypper-1.14.76-150400.3.57.16 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - libprotobuf-lite25_1_0-25.1-150400.9.6.1 removed From sle-container-updates at lists.suse.com Tue Sep 17 07:01:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 09:01:43 +0200 (CEST) Subject: SUSE-IU-2024:1350-1: Security update of suse-sles-15-sp3-chost-byos-v20240912-hvm-ssd-x86_64 Message-ID: <20240917070143.3CA55FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20240912-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1350-1 Image Tags : suse-sles-15-sp3-chost-byos-v20240912-hvm-ssd-x86_64:20240912 Image Release : Severity : critical Type : security References : 1023051 1027519 1029961 1041742 1065729 1082216 1082233 1084909 1089497 1107342 1107342 1108281 1111622 1118088 1132160 1140095 1140101 1141157 1151927 1152472 1154353 1154609 1156395 1156395 1157881 1158095 1158763 1158830 1160435 1168699 1170175 1170267 1170415 1170446 1171479 1171511 1171988 1172073 1174585 1174713 1175678 1176447 1176447 1176588 1176774 1176774 1176785 1176869 1178134 1178760 1179534 1179610 1181147 1181147 1181477 1182142 1183663 1184177 1184208 1184631 1184753 1184758 1184942 1185570 1185589 1185902 1186060 1186673 1186885 1187357 1187829 1188441 1188500 1188616 1188772 1189608 1189883 1190576 1190795 1191452 1191731 1191958 1192051 1192107 1192145 1192145 1192986 1193173 1193285 1193412 1193752 1194038 1194288 1194516 1194557 1194591 1195065 1195254 1195798 1196293 1196647 1196933 1196956 1197760 1198029 1198101 1198165 1198269 1198533 1199046 1199282 1199304 1199304 1199636 1200217 1200313 1200528 1200599 1200619 1200710 1200731 1200975 1201010 1201253 1201384 1201399 1201489 1201627 1201817 1202234 1202623 1202845 1203300 1203389 1203393 1203517 1203669 1203750 1203760 1203818 1203906 1203935 1204294 1204405 1204489 1204563 1204614 1204942 1205533 1205588 1205604 1205756 1205758 1205758 1205760 1205762 1205767 1205803 1205855 1206024 1206402 1206418 1206447 1206480 1206480 1206608 1206627 1206646 1206674 1206684 1206684 1206798 1206798 1207004 1207036 1207071 1207157 1207270 1207270 1207534 1207543 1207598 1207653 1207805 1207853 1207987 1207987 1208003 1208074 1208474 1208574 1208600 1208604 1208721 1208928 1208995 1208995 1209039 1209122 1209229 1209233 1209233 1209287 1209342 1209536 1209565 1209635 1209657 1209657 1209779 1209859 1209979 1210015 1210070 1210141 1210169 1210273 1210277 1210286 1210298 1210323 1210335 1210335 1210382 1210419 1210448 1210533 1210557 1210557 1210584 1210629 1210638 1210643 1210652 1210658 1210660 1210715 1210740 1210778 1210780 1210783 1210791 1210797 1210799 1210853 1210940 1210950 1210959 1210996 1210999 1211026 1211037 1211043 1211078 1211079 1211089 1211105 1211131 1211131 1211158 1211186 1211188 1211190 1211203 1211256 1211257 1211261 1211419 1211427 1211427 1211461 1211519 1211547 1211578 1211590 1211592 1211592 1211596 1211598 1211599 1211612 1211622 1211674 1211721 1211738 1211754 1211757 1211796 1211828 1211829 1211867 1211886 1212051 1212101 1212101 1212126 1212128 1212129 1212154 1212158 1212160 1212187 1212222 1212230 1212260 1212301 1212368 1212422 1212475 1212475 1212494 1212501 1212502 1212504 1212513 1212514 1212514 1212516 1212517 1212544 1212606 1212703 1212741 1212756 1212799 1212819 1212835 1212842 1212846 1212879 1212910 1212928 1213004 1213008 1213059 1213061 1213120 1213127 1213167 1213171 1213172 1213173 1213174 1213189 1213212 1213229 1213229 1213231 1213245 1213272 1213286 1213287 1213354 1213384 1213443 1213456 1213456 1213476 1213487 1213500 1213500 1213504 1213514 1213517 1213543 1213546 1213551 1213557 1213582 1213582 1213585 1213586 1213588 1213601 1213616 1213616 1213638 1213653 1213666 1213673 1213748 1213812 1213853 1213854 1213868 1213915 1213915 1213916 1213927 1213940 1213945 1213951 1213968 1213969 1213970 1213971 1214006 1214019 1214025 1214037 1214052 1214052 1214052 1214054 1214071 1214076 1214081 1214082 1214083 1214107 1214108 1214109 1214120 1214149 1214169 1214169 1214233 1214248 1214254 1214275 1214290 1214292 1214297 1214344 1214348 1214350 1214351 1214380 1214386 1214395 1214451 1214460 1214460 1214691 1214692 1214713 1214764 1214768 1214781 1214788 1214806 1214842 1214922 1214924 1214925 1214934 1214960 1215004 1215005 1215006 1215007 1215033 1215064 1215095 1215098 1215099 1215100 1215101 1215102 1215103 1215115 1215117 1215145 1215150 1215204 1215215 1215221 1215237 1215265 1215275 1215275 1215286 1215294 1215299 1215322 1215323 1215323 1215356 1215371 1215375 1215420 1215427 1215434 1215434 1215467 1215472 1215474 1215496 1215518 1215692 1215698 1215713 1215740 1215744 1215745 1215746 1215747 1215748 1215794 1215858 1215860 1215861 1215889 1215891 1215904 1215905 1215908 1215918 1215935 1215936 1215940 1215947 1215968 1215979 1216001 1216007 1216011 1216046 1216049 1216051 1216058 1216091 1216123 1216129 1216134 1216167 1216174 1216223 1216259 1216377 1216378 1216388 1216390 1216410 1216412 1216419 1216474 1216522 1216541 1216584 1216594 1216598 1216654 1216664 1216696 1216702 1216702 1216807 1216827 1216853 1216862 1216922 1216965 1216976 1216987 1217000 1217119 1217140 1217169 1217212 1217215 1217250 1217277 1217287 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217332 1217408 1217432 1217445 1217450 1217513 1217573 1217589 1217592 1217593 1217667 1217695 1217696 1217709 1217775 1217780 1217873 1217946 1217947 1217950 1217952 1217961 1217969 1217987 1217987 1217988 1217988 1217989 1217989 1218014 1218105 1218126 1218148 1218171 1218186 1218195 1218201 1218209 1218215 1218232 1218253 1218258 1218282 1218291 1218336 1218364 1218447 1218475 1218479 1218492 1218544 1218559 1218561 1218562 1218562 1218571 1218632 1218649 1218668 1218689 1218713 1218722 1218730 1218739 1218752 1218757 1218762 1218763 1218765 1218768 1218782 1218804 1218812 1218814 1218831 1218832 1218836 1218851 1218865 1218866 1218871 1218894 1218894 1218915 1218917 1218926 1218926 1218927 1218952 1219004 1219026 1219031 1219053 1219108 1219120 1219123 1219123 1219127 1219128 1219146 1219169 1219170 1219170 1219189 1219189 1219224 1219238 1219241 1219243 1219264 1219264 1219265 1219267 1219268 1219273 1219295 1219412 1219425 1219434 1219438 1219442 1219460 1219520 1219559 1219576 1219581 1219633 1219639 1219653 1219666 1219680 1219767 1219823 1219823 1219826 1219826 1219827 1219835 1219851 1219851 1219852 1219852 1219854 1219854 1219885 1219901 1219915 1220009 1220061 1220082 1220132 1220137 1220140 1220144 1220187 1220238 1220240 1220241 1220243 1220250 1220253 1220255 1220279 1220320 1220328 1220330 1220340 1220344 1220366 1220389 1220398 1220400 1220409 1220411 1220413 1220414 1220416 1220418 1220421 1220425 1220426 1220429 1220432 1220436 1220441 1220442 1220444 1220445 1220459 1220465 1220468 1220469 1220475 1220482 1220484 1220486 1220487 1220513 1220516 1220521 1220526 1220528 1220529 1220532 1220538 1220554 1220556 1220557 1220560 1220561 1220566 1220570 1220572 1220575 1220580 1220583 1220599 1220611 1220615 1220621 1220625 1220627 1220630 1220631 1220638 1220639 1220640 1220641 1220641 1220649 1220660 1220662 1220663 1220664 1220669 1220670 1220677 1220678 1220679 1220679 1220685 1220687 1220688 1220689 1220692 1220697 1220700 1220703 1220706 1220724 1220733 1220734 1220735 1220736 1220737 1220739 1220742 1220743 1220745 1220745 1220749 1220751 1220753 1220754 1220755 1220758 1220759 1220763 1220764 1220767 1220768 1220769 1220770 1220771 1220777 1220779 1220785 1220790 1220794 1220796 1220824 1220825 1220826 1220826 1220829 1220831 1220836 1220845 1220846 1220850 1220854 1220860 1220861 1220863 1220870 1220871 1220877 1220883 1220917 1220918 1220930 1220931 1220932 1220946 1220954 1220960 1220969 1220979 1220982 1220985 1220987 1220996 1221015 1221039 1221040 1221044 1221044 1221050 1221058 1221061 1221077 1221088 1221113 1221113 1221123 1221132 1221184 1221194 1221218 1221239 1221276 1221293 1221299 1221332 1221334 1221358 1221361 1221361 1221399 1221400 1221407 1221525 1221525 1221532 1221534 1221541 1221543 1221545 1221548 1221552 1221563 1221575 1221605 1221606 1221608 1221632 1221665 1221667 1221726 1221829 1221830 1221831 1221854 1221931 1221932 1221934 1221935 1221940 1221949 1221952 1221963 1221965 1221966 1221969 1221973 1221974 1221978 1221984 1221989 1221990 1221991 1221992 1221993 1221994 1221996 1221997 1221998 1221999 1222000 1222001 1222002 1222003 1222004 1222015 1222021 1222075 1222075 1222086 1222086 1222105 1222109 1222113 1222117 1222251 1222302 1222398 1222422 1222449 1222453 1222453 1222482 1222503 1222547 1222548 1222559 1222585 1222585 1222619 1222619 1222624 1222660 1222664 1222666 1222669 1222669 1222706 1222709 1222790 1222792 1222829 1222831 1222838 1222842 1222849 1222867 1222876 1222878 1222881 1222883 1222894 1222976 1222992 1223011 1223016 1223057 1223084 1223094 1223107 1223107 1223111 1223138 1223179 1223187 1223202 1223384 1223384 1223390 1223423 1223424 1223425 1223430 1223469 1223475 1223482 1223509 1223512 1223513 1223522 1223766 1223824 1223921 1223923 1223931 1223932 1223934 1223941 1223948 1223952 1223963 1223980 1224044 1224099 1224100 1224174 1224282 1224323 1224438 1224482 1224511 1224592 1224671 1224703 1224749 1224764 1224765 1224766 1224788 1224816 1224826 1224830 1224831 1224832 1224834 1224841 1224842 1224843 1224844 1224846 1224849 1224852 1224853 1224854 1224859 1224865 1224882 1224886 1224888 1224889 1224891 1224892 1224893 1224899 1224904 1224907 1224909 1224916 1224917 1224922 1224923 1224924 1224926 1224928 1224953 1224954 1224955 1224957 1224961 1224963 1224965 1224966 1224968 1224981 1224982 1224983 1224984 1224987 1224990 1224993 1224996 1224997 1225010 1225026 1225030 1225047 1225058 1225060 1225083 1225084 1225091 1225109 1225112 1225113 1225128 1225140 1225143 1225148 1225155 1225161 1225164 1225177 1225178 1225181 1225184 1225192 1225193 1225198 1225201 1225203 1225206 1225207 1225208 1225214 1225223 1225224 1225230 1225232 1225233 1225237 1225238 1225243 1225244 1225247 1225251 1225252 1225256 1225261 1225262 1225263 1225301 1225303 1225316 1225318 1225320 1225321 1225322 1225326 1225327 1225328 1225330 1225333 1225336 1225341 1225346 1225351 1225354 1225355 1225357 1225358 1225360 1225361 1225365 1225366 1225367 1225369 1225370 1225372 1225374 1225384 1225386 1225387 1225390 1225393 1225400 1225404 1225405 1225409 1225411 1225424 1225427 1225435 1225437 1225438 1225439 1225446 1225447 1225448 1225450 1225453 1225455 1225468 1225487 1225499 1225500 1225508 1225518 1225534 1225551 1225611 1225732 1225749 1225840 1225866 1225912 1225976 1226125 1226128 1226192 1226226 1226419 1226447 1226448 1226469 1226537 1226552 1226554 1226557 1226558 1226562 1226563 1226575 1226583 1226585 1226587 1226595 1226614 1226619 1226621 1226624 1226643 1226644 1226645 1226647 1226650 1226664 1226669 1226670 1226672 1226674 1226679 1226686 1226691 1226692 1226698 1226703 1226708 1226709 1226711 1226712 1226713 1226715 1226716 1226720 1226721 1226732 1226758 1226762 1226786 1226962 1227067 1227106 1227186 1227187 1227355 1227396 1227429 1227681 1227711 1228256 1228257 1228322 1228770 916845 CVE-2007-4559 CVE-2013-4235 CVE-2013-4235 CVE-2018-19787 CVE-2018-6798 CVE-2018-6913 CVE-2019-11068 CVE-2019-13117 CVE-2019-13118 CVE-2019-13225 CVE-2019-14889 CVE-2019-18197 CVE-2019-25162 CVE-2020-12762 CVE-2020-12912 CVE-2020-16135 CVE-2020-1730 CVE-2020-26555 CVE-2020-27783 CVE-2020-36694 CVE-2020-36766 CVE-2020-36777 CVE-2020-36780 CVE-2020-36781 CVE-2020-36782 CVE-2020-36783 CVE-2020-36784 CVE-2020-36788 CVE-2020-8694 CVE-2020-8695 CVE-2021-23134 CVE-2021-28957 CVE-2021-29155 CVE-2021-29650 CVE-2021-30560 CVE-2021-33631 CVE-2021-3429 CVE-2021-3634 CVE-2021-3743 CVE-2021-3896 CVE-2021-39698 CVE-2021-43056 CVE-2021-43389 CVE-2021-43527 CVE-2021-43818 CVE-2021-4439 CVE-2021-46904 CVE-2021-46905 CVE-2021-46906 CVE-2021-46908 CVE-2021-46909 CVE-2021-46911 CVE-2021-46914 CVE-2021-46915 CVE-2021-46917 CVE-2021-46918 CVE-2021-46919 CVE-2021-46920 CVE-2021-46921 CVE-2021-46922 CVE-2021-46924 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931 CVE-2021-46932 CVE-2021-46933 CVE-2021-46934 CVE-2021-46938 CVE-2021-46939 CVE-2021-46943 CVE-2021-46944 CVE-2021-46950 CVE-2021-46951 CVE-2021-46953 CVE-2021-46955 CVE-2021-46956 CVE-2021-46958 CVE-2021-46959 CVE-2021-46960 CVE-2021-46961 CVE-2021-46962 CVE-2021-46963 CVE-2021-46964 CVE-2021-46966 CVE-2021-46968 CVE-2021-46971 CVE-2021-46974 CVE-2021-46976 CVE-2021-46980 CVE-2021-46981 CVE-2021-46983 CVE-2021-46984 CVE-2021-46988 CVE-2021-46989 CVE-2021-46990 CVE-2021-46991 CVE-2021-46992 CVE-2021-46998 CVE-2021-47000 CVE-2021-47001 CVE-2021-47003 CVE-2021-47005 CVE-2021-47006 CVE-2021-47009 CVE-2021-47012 CVE-2021-47013 CVE-2021-47013 CVE-2021-47014 CVE-2021-47015 CVE-2021-47017 CVE-2021-47020 CVE-2021-47026 CVE-2021-47034 CVE-2021-47035 CVE-2021-47038 CVE-2021-47041 CVE-2021-47044 CVE-2021-47045 CVE-2021-47046 CVE-2021-47049 CVE-2021-47051 CVE-2021-47054 CVE-2021-47055 CVE-2021-47056 CVE-2021-47058 CVE-2021-47060 CVE-2021-47061 CVE-2021-47061 CVE-2021-47063 CVE-2021-47065 CVE-2021-47068 CVE-2021-47069 CVE-2021-47069 CVE-2021-47070 CVE-2021-47071 CVE-2021-47073 CVE-2021-47074 CVE-2021-47076 CVE-2021-47077 CVE-2021-47078 CVE-2021-47082 CVE-2021-47083 CVE-2021-47087 CVE-2021-47095 CVE-2021-47097 CVE-2021-47100 CVE-2021-47101 CVE-2021-47104 CVE-2021-47109 CVE-2021-47110 CVE-2021-47112 CVE-2021-47113 CVE-2021-47114 CVE-2021-47117 CVE-2021-47118 CVE-2021-47119 CVE-2021-47120 CVE-2021-47130 CVE-2021-47131 CVE-2021-47136 CVE-2021-47137 CVE-2021-47138 CVE-2021-47139 CVE-2021-47141 CVE-2021-47142 CVE-2021-47144 CVE-2021-47150 CVE-2021-47153 CVE-2021-47160 CVE-2021-47161 CVE-2021-47164 CVE-2021-47165 CVE-2021-47166 CVE-2021-47167 CVE-2021-47168 CVE-2021-47169 CVE-2021-47170 CVE-2021-47171 CVE-2021-47172 CVE-2021-47173 CVE-2021-47174 CVE-2021-47175 CVE-2021-47176 CVE-2021-47177 CVE-2021-47179 CVE-2021-47180 CVE-2021-47181 CVE-2021-47183 CVE-2021-47184 CVE-2021-47185 CVE-2021-47185 CVE-2021-47189 CVE-2021-47192 CVE-2021-47194 CVE-2021-47198 CVE-2021-47200 CVE-2021-47201 CVE-2021-47202 CVE-2021-47203 CVE-2021-47206 CVE-2021-47207 CVE-2021-47212 CVE-2021-47216 CVE-2021-47220 CVE-2021-47227 CVE-2021-47228 CVE-2021-47229 CVE-2021-47230 CVE-2021-47231 CVE-2021-47235 CVE-2021-47236 CVE-2021-47237 CVE-2021-47239 CVE-2021-47240 CVE-2021-47241 CVE-2021-47246 CVE-2021-47247 CVE-2021-47252 CVE-2021-47253 CVE-2021-47254 CVE-2021-47255 CVE-2021-47258 CVE-2021-47259 CVE-2021-47260 CVE-2021-47261 CVE-2021-47263 CVE-2021-47265 CVE-2021-47267 CVE-2021-47269 CVE-2021-47270 CVE-2021-47274 CVE-2021-47275 CVE-2021-47276 CVE-2021-47280 CVE-2021-47281 CVE-2021-47284 CVE-2021-47285 CVE-2021-47288 CVE-2021-47289 CVE-2021-47296 CVE-2021-47301 CVE-2021-47302 CVE-2021-47305 CVE-2021-47307 CVE-2021-47308 CVE-2021-47311 CVE-2021-47314 CVE-2021-47315 CVE-2021-47320 CVE-2021-47321 CVE-2021-47323 CVE-2021-47324 CVE-2021-47328 CVE-2021-47329 CVE-2021-47330 CVE-2021-47332 CVE-2021-47333 CVE-2021-47334 CVE-2021-47337 CVE-2021-47338 CVE-2021-47340 CVE-2021-47341 CVE-2021-47343 CVE-2021-47344 CVE-2021-47347 CVE-2021-47348 CVE-2021-47350 CVE-2021-47353 CVE-2021-47354 CVE-2021-47356 CVE-2021-47368 CVE-2021-47369 CVE-2021-47372 CVE-2021-47375 CVE-2021-47378 CVE-2021-47379 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47387 CVE-2021-47388 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47395 CVE-2021-47396 CVE-2021-47399 CVE-2021-47402 CVE-2021-47404 CVE-2021-47405 CVE-2021-47409 CVE-2021-47413 CVE-2021-47416 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47428 CVE-2021-47431 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47451 CVE-2021-47456 CVE-2021-47458 CVE-2021-47460 CVE-2021-47464 CVE-2021-47465 CVE-2021-47468 CVE-2021-47473 CVE-2021-47478 CVE-2021-47480 CVE-2021-47482 CVE-2021-47483 CVE-2021-47485 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47509 CVE-2021-47511 CVE-2021-47512 CVE-2021-47516 CVE-2021-47518 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47535 CVE-2021-47536 CVE-2021-47538 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47549 CVE-2021-47557 CVE-2021-47562 CVE-2021-47563 CVE-2021-47565 CVE-2021-47571 CVE-2021-47576 CVE-2021-47583 CVE-2021-47589 CVE-2021-47595 CVE-2021-47596 CVE-2021-47600 CVE-2021-47602 CVE-2021-47609 CVE-2021-47611 CVE-2021-47612 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2022-0435 CVE-2022-0487 CVE-2022-1195 CVE-2022-1996 CVE-2022-20132 CVE-2022-20154 CVE-2022-2084 CVE-2022-2127 CVE-2022-22942 CVE-2022-2309 CVE-2022-28737 CVE-2022-2938 CVE-2022-3566 CVE-2022-36402 CVE-2022-40982 CVE-2022-40982 CVE-2022-41409 CVE-2022-4269 CVE-2022-4304 CVE-2022-45154 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2022-4744 CVE-2022-48468 CVE-2022-48566 CVE-2022-48624 CVE-2022-48626 CVE-2022-48627 CVE-2022-48631 CVE-2022-48636 CVE-2022-48638 CVE-2022-48650 CVE-2022-48651 CVE-2022-48654 CVE-2022-48672 CVE-2022-48673 CVE-2022-48686 CVE-2022-48687 CVE-2022-48693 CVE-2022-48695 CVE-2022-48701 CVE-2022-48702 CVE-2022-48704 CVE-2022-48710 CVE-2022-48711 CVE-2022-48715 CVE-2022-48717 CVE-2022-48722 CVE-2022-48724 CVE-2022-48726 CVE-2022-48728 CVE-2022-48730 CVE-2022-48732 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48746 CVE-2022-48747 CVE-2022-48748 CVE-2022-48749 CVE-2022-48752 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48767 CVE-2022-48768 CVE-2022-48771 CVE-2023-0160 CVE-2023-0160 CVE-2023-0459 CVE-2023-1077 CVE-2023-1079 CVE-2023-1192 CVE-2023-1192 CVE-2023-1206 CVE-2023-1249 CVE-2023-1380 CVE-2023-1637 CVE-2023-1667 CVE-2023-1786 CVE-2023-1786 CVE-2023-1786 CVE-2023-1829 CVE-2023-1829 CVE-2023-1859 CVE-2023-2002 CVE-2023-2004 CVE-2023-2007 CVE-2023-20569 CVE-2023-20569 CVE-2023-20588 CVE-2023-20588 CVE-2023-20593 CVE-2023-20593 CVE-2023-20593 CVE-2023-2137 CVE-2023-21400 CVE-2023-2156 CVE-2023-2156 CVE-2023-2163 CVE-2023-2176 CVE-2023-2177 CVE-2023-2194 CVE-2023-22652 CVE-2023-2283 CVE-2023-23454 CVE-2023-23559 CVE-2023-23586 CVE-2023-24023 CVE-2023-2426 CVE-2023-2483 CVE-2023-2513 CVE-2023-2603 CVE-2023-2609 CVE-2023-2610 CVE-2023-26112 CVE-2023-27043 CVE-2023-27534 CVE-2023-2828 CVE-2023-2860 CVE-2023-28746 CVE-2023-28746 CVE-2023-28746 CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2023-2985 CVE-2023-30078 CVE-2023-30079 CVE-2023-3090 CVE-2023-31083 CVE-2023-31084 CVE-2023-31085 CVE-2023-3111 CVE-2023-3117 CVE-2023-31248 CVE-2023-3141 CVE-2023-31436 CVE-2023-31484 CVE-2023-3159 CVE-2023-3161 CVE-2023-32181 CVE-2023-32233 CVE-2023-32269 CVE-2023-32360 CVE-2023-3268 CVE-2023-32681 CVE-2023-33288 CVE-2023-3341 CVE-2023-33460 CVE-2023-3358 CVE-2023-3390 CVE-2023-34241 CVE-2023-34319 CVE-2023-34322 CVE-2023-34323 CVE-2023-34324 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-3446 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 CVE-2023-34969 CVE-2023-35001 CVE-2023-3567 CVE-2023-35788 CVE-2023-35823 CVE-2023-35824 CVE-2023-35827 CVE-2023-35827 CVE-2023-35828 CVE-2023-35945 CVE-2023-36054 CVE-2023-3609 CVE-2023-3611 CVE-2023-3772 CVE-2023-3776 CVE-2023-3777 CVE-2023-3812 CVE-2023-3817 CVE-2023-38408 CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473 CVE-2023-38546 CVE-2023-3863 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-39197 CVE-2023-39198 CVE-2023-39615 CVE-2023-39804 CVE-2023-4004 CVE-2023-4016 CVE-2023-40217 CVE-2023-40283 CVE-2023-4039 CVE-2023-4039 CVE-2023-4039 CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 CVE-2023-4091 CVE-2023-4128 CVE-2023-4132 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4154 CVE-2023-4156 CVE-2023-4194 CVE-2023-4244 CVE-2023-42465 CVE-2023-42669 CVE-2023-4273 CVE-2023-42753 CVE-2023-42754 CVE-2023-43804 CVE-2023-4385 CVE-2023-4387 CVE-2023-4389 CVE-2023-4408 CVE-2023-4408 CVE-2023-44487 CVE-2023-4459 CVE-2023-4504 CVE-2023-45288 CVE-2023-45322 CVE-2023-45803 CVE-2023-45853 CVE-2023-45862 CVE-2023-45863 CVE-2023-45871 CVE-2023-45918 CVE-2023-46218 CVE-2023-4622 CVE-2023-4623 CVE-2023-46246 CVE-2023-46343 CVE-2023-4641 CVE-2023-46835 CVE-2023-46836 CVE-2023-46838 CVE-2023-46839 CVE-2023-46841 CVE-2023-46842 CVE-2023-4692 CVE-2023-4693 CVE-2023-47233 CVE-2023-47233 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4750 CVE-2023-4752 CVE-2023-4781 CVE-2023-4813 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-48795 CVE-2023-48795 CVE-2023-4881 CVE-2023-49083 CVE-2023-4921 CVE-2023-4921 CVE-2023-50387 CVE-2023-50387 CVE-2023-50495 CVE-2023-50868 CVE-2023-50868 CVE-2023-51042 CVE-2023-51043 CVE-2023-51385 CVE-2023-51779 CVE-2023-51780 CVE-2023-51782 CVE-2023-52340 CVE-2023-52425 CVE-2023-52429 CVE-2023-52433 CVE-2023-52439 CVE-2023-52443 CVE-2023-52445 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52454 CVE-2023-52463 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52475 CVE-2023-52476 CVE-2023-52477 CVE-2023-52478 CVE-2023-52482 CVE-2023-52492 CVE-2023-52500 CVE-2023-52502 CVE-2023-52508 CVE-2023-52509 CVE-2023-52530 CVE-2023-52531 CVE-2023-52532 CVE-2023-52569 CVE-2023-52572 CVE-2023-52574 CVE-2023-52575 CVE-2023-52581 CVE-2023-52583 CVE-2023-52590 CVE-2023-52591 CVE-2023-52591 CVE-2023-52597 CVE-2023-52605 CVE-2023-52607 CVE-2023-52628 CVE-2023-52654 CVE-2023-52655 CVE-2023-52686 CVE-2023-52707 CVE-2023-52752 CVE-2023-52840 CVE-2023-52871 CVE-2023-52880 CVE-2023-52881 CVE-2023-5344 CVE-2023-5441 CVE-2023-5517 CVE-2023-5517 CVE-2023-5535 CVE-2023-5678 CVE-2023-5717 CVE-2023-5981 CVE-2023-5981 CVE-2023-6004 CVE-2023-6040 CVE-2023-6121 CVE-2023-6176 CVE-2023-6270 CVE-2023-6270 CVE-2023-6356 CVE-2023-6356 CVE-2023-6516 CVE-2023-6516 CVE-2023-6531 CVE-2023-6531 CVE-2023-6535 CVE-2023-6535 CVE-2023-6536 CVE-2023-6536 CVE-2023-6597 CVE-2023-6606 CVE-2023-6610 CVE-2023-6817 CVE-2023-6915 CVE-2023-6918 CVE-2023-6931 CVE-2023-6932 CVE-2023-7042 CVE-2023-7192 CVE-2023-7207 CVE-2024-0217 CVE-2024-0340 CVE-2024-0397 CVE-2024-0450 CVE-2024-0553 CVE-2024-0565 CVE-2024-0607 CVE-2024-0639 CVE-2024-0727 CVE-2024-0775 CVE-2024-0841 CVE-2024-1086 CVE-2024-1151 CVE-2024-1737 CVE-2024-1975 CVE-2024-2004 CVE-2024-21626 CVE-2024-21626 CVE-2024-2193 CVE-2024-2201 CVE-2024-2201 CVE-2024-22099 CVE-2024-22099 CVE-2024-22195 CVE-2024-22365 CVE-2024-22667 CVE-2024-23307 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-23849 CVE-2024-23851 CVE-2024-2398 CVE-2024-25062 CVE-2024-2511 CVE-2024-25629 CVE-2024-26458 CVE-2024-26461 CVE-2024-26581 CVE-2024-26585 CVE-2024-26586 CVE-2024-26589 CVE-2024-26593 CVE-2024-26595 CVE-2024-26600 CVE-2024-26602 CVE-2024-26607 CVE-2024-26610 CVE-2024-26614 CVE-2024-26622 CVE-2024-26642 CVE-2024-26643 CVE-2024-26688 CVE-2024-26689 CVE-2024-26704 CVE-2024-26733 CVE-2024-26733 CVE-2024-26739 CVE-2024-26744 CVE-2024-26816 CVE-2024-26822 CVE-2024-26828 CVE-2024-26840 CVE-2024-26852 CVE-2024-26862 CVE-2024-26898 CVE-2024-26903 CVE-2024-26906 CVE-2024-26921 CVE-2024-26923 CVE-2024-26925 CVE-2024-26929 CVE-2024-26930 CVE-2024-27043 CVE-2024-27398 CVE-2024-27413 CVE-2024-28085 CVE-2024-28182 CVE-2024-2961 CVE-2024-31142 CVE-2024-31143 CVE-2024-32487 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-34064 CVE-2024-34397 CVE-2024-34459 CVE-2024-35195 CVE-2024-35235 CVE-2024-35789 CVE-2024-35811 CVE-2024-35861 CVE-2024-35862 CVE-2024-35864 CVE-2024-35878 CVE-2024-35895 CVE-2024-35914 CVE-2024-35950 CVE-2024-3651 CVE-2024-36894 CVE-2024-36904 CVE-2024-36940 CVE-2024-36964 CVE-2024-37370 CVE-2024-37371 CVE-2024-37891 CVE-2024-38428 CVE-2024-38541 CVE-2024-38545 CVE-2024-38559 CVE-2024-38560 CVE-2024-4032 CVE-2024-4741 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20240912-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1221-1 Released: Mon May 13 13:28:42 2019 Summary: Security update for libxslt Type: security Severity: moderate References: 1132160,CVE-2019-11068 This update for libxslt fixes the following issues: Security issue fixed: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1409-1 Released: Mon May 25 17:01:33 2020 Summary: Security update for libxslt Type: security Severity: moderate References: 1140095,1140101,1154609,CVE-2019-13117,CVE-2019-13118,CVE-2019-18197 This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:803-1 Released: Thu Mar 10 17:35:53 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1118088,1179534,1184177,1193752,CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-43818 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088). - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177). - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752). - CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical References: This update for python-cssselect implements packages to the unrestrictied repository. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2908-1 Released: Fri Aug 26 11:36:03 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1201253,CVE-2022-2309 This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4391-1 Released: Fri Dec 9 08:02:23 2022 Summary: Recommended update for libxslt Type: recommended Severity: low References: 1203669 This update for libxslt fixes the following issues: - Fix broken license symlink for libxslt-tools (bsc#1203669) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:680-1 Released: Wed Mar 8 17:14:06 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2143-1 Released: Tue May 9 14:49:45 2023 Summary: Security update for protobuf-c Type: security Severity: important References: 1210323,CVE-2022-48468 This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2519-1 Released: Thu Jun 15 08:25:19 2023 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1203818 This update for supportutils fixes the following issues: - Added missed sanitation check on crash.txt (bsc#1203818) - Added check to _sanitize_file - Using variable for replement text in _sanitize_file ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2571-1 Released: Wed Jun 21 13:32:31 2023 Summary: Security update for Salt Type: security Severity: moderate References: 1207071,1209233,1211612,1211754,1212516,1212517 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2611-1 Released: Thu Jun 22 09:55:10 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1184208,1199636,1204405,1205756,1205758,1205760,1205762,1205803,1206024,1208474,1208604,1209287,1209779,1210715,1210783,1210940,1211037,1211043,1211105,1211131,1211186,1211203,1211590,1211592,1211596,1211622,CVE-2020-36694,CVE-2021-29650,CVE-2022-3566,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2023-1079,CVE-2023-1380,CVE-2023-1637,CVE-2023-2156,CVE-2023-2194,CVE-2023-23586,CVE-2023-2483,CVE-2023-2513,CVE-2023-31084,CVE-2023-31436,CVE-2023-32233,CVE-2023-32269,CVE-2023-33288 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208). - CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474). The following non-security bugs were fixed: - SUNRPC: Ensure the transport backchannel association (bsc#1211203). - hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2616-1 Released: Thu Jun 22 16:47:50 2023 Summary: Security update for cups Type: security Severity: important References: 1212230,CVE-2023-34241 This update for cups fixes the following issues: - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2628-1 Released: Fri Jun 23 21:43:22 2023 Summary: Security update for cloud-init Type: security Severity: important References: 1171511,1203393,1210277,1210652,CVE-2022-2084,CVE-2023-1786 This update for cloud-init fixes the following issues: - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277) - CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652) - Update to version 23.1 + Support transactional-updates for SUSE based distros + Set ownership for new folders in Write Files Module + add OpenCloudOS and TencentOS support + lxd: Retry if the server isn't ready + test: switch pycloudlib source to pypi + test: Fix integration test deprecation message + Recognize opensuse-microos, dev tooling fixes + sources/azure: refactor imds handler into own module + docs: deprecation generation support + add function is_virtual to distro/FreeBSD + cc_ssh: support multiple hostcertificates + Fix minor schema validation regression and fixup typing + doc: Reword user data debug section + cli: schema also validate vendordata*. + ci: sort and add checks for cla signers file + Add 'ederst' as contributor + readme: add reference to packages dir + docs: update downstream package list + docs: add google search verification + docs: fix 404 render use default notfound_urls_prefix in RTD conf + Fix OpenStack datasource detection on bare metal + docs: add themed RTD 404 page and pointer to readthedocs-hosted + schema: fix gpt labels, use type string for GUID + cc_disk_setup: code cleanup + netplan: keep custom strict perms when 50-cloud-init.yaml exists + cloud-id: better handling of change in datasource files + Warn on empty network key + Fix Vultr cloud_interfaces usage + cc_puppet: Update puppet service name + docs: Clarify networking docs + lint: remove httpretty + cc_set_passwords: Prevent traceback when restarting ssh + tests: fix lp1912844 + tests: Skip ansible test on bionic + Wait for NetworkManager + docs: minor polishing + CI: migrate integration-test to GH actions + Fix permission of SSH host keys + Fix default route rendering on v2 ipv6 + doc: fix path in net_convert command + docs: update net_convert docs + doc: fix dead link + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty + distros/rhel.py: _read_hostname() missing strip on 'hostname' + integration tests: add IBM VPC support + machine-id: set to uninitialized to trigger regeneration on clones + sources/azure: retry on connection error when fetching metdata + Ensure ssh state accurately obtained + bddeb: drop dh-systemd dependency on newer deb-based releases + doc: fix `config formats` link in cloudsigma.rst + Fix wrong subp syntax in cc_set_passwords.py + docs: update the PR template link to readthedocs + ci: switch unittests to gh actions + Add mount_default_fields for PhotonOS. + sources/azure: minor refactor for metadata source detection logic + add 'CalvoM' as contributor + ci: doc to gh actions + lxd: handle 404 from missing devices route for LXD 4.0 + docs: Diataxis overhaul + vultr: Fix issue regarding cache and region codes + cc_set_passwords: Move ssh status checking later + Improve Wireguard module idempotency + network/netplan: add gateways as on-link when necessary + tests: test_lxd assert features.networks.zones when present + Use btrfs enquque when available (#1926) [Robert Schweikert] + sources/azure: fix device driver matching for net config (#1914) + BSD: fix duplicate macs in Ifconfig parser + pycloudlib: add lunar support for integration tests + nocloud: add support for dmi variable expansion for seedfrom URL + tools: read-version drop extra call to git describe --long + doc: improve cc_write_files doc + read-version: When insufficient tags, use cloudinit.version.get_version + mounts: document weird prefix in schema + Ensure network ready before cloud-init service runs on RHEL + docs: add copy button to code blocks + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag + azure: fix support for systems without az command installed + Fix the distro.osfamily output problem in the openEuler system. + pycloudlib: bump commit dropping azure api smoke test + net: netplan config root read-only as wifi config can contain creds + autoinstall: clarify docs for users + sources/azure: encode health report as utf-8 + Add back gateway4/6 deprecation to docs + networkd: Add support for multiple [Route] sections + doc: add qemu tutorial + lint: fix tip-flake8 and tip-mypy + Add support for setting uid when creating users on FreeBSD + Fix exception in BSD networking code-path + Append derivatives to is_rhel list in cloud.cfg.tmpl + FreeBSD init: use cloudinit_enable as only rcvar + feat: add support aliyun metadata security harden mode + docs: uprate analyze to performance page + test: fix lxd preseed managed network config + Add support for static IPv6 addresses for FreeBSD + Make 3.12 failures not fail the build + Docs: adding relative links + Fix setup.py to align with PEP 440 versioning replacing trailing + Add 'nkukard' as contributor + doc: add how to render new module doc + doc: improve module creation explanation + Add Support for IPv6 metadata to OpenStack + add xiaoge1001 to .github-cla-signers + network: Deprecate gateway{4,6} keys in network config v2 + VMware: Move Guest Customization transport from OVF to VMware + doc: home page links added + net: skip duplicate mac check for netvsc nic and its VF This update for python-responses fixes the following issues: - update to 0.21.0: * Add `threading.Lock()` to allow `responses` working with `threading` module. * Add `urllib3` `Retry` mechanism. See #135 * Removed internal `_cookies_from_headers` function * Now `add`, `upsert`, `replace` methods return registered response. `remove` method returns list of removed responses. * Added null value support in `urlencoded_params_matcher` via `allow_blank` keyword argument * Added strict version of decorator. Now you can apply `@responses.activate(assert_all_requests_are_fired=True)` to your function to validate that all requests were executed in the wrapped function. See #183 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2640-1 Released: Mon Jun 26 15:09:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1210996,1211256,1211257,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2658-1 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Type: recommended Severity: moderate References: 1207004,1208074,1210298,1211578 This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2761-1 Released: Mon Jul 3 15:16:44 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1201817 This update for libjansson fixes the following issues: - Update to 2.14 (bsc#1201817): * New Features: + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. + Add jansson_version_str() and jansson_version_cmp() for runtime version checking + Add json_object_update_new(), json_object_update_existing_new() and json_object_update_missing_new() functions + Add json_object_update_recursive() + Add `json_pack()` format specifiers s*, o* and O* for values that can be omitted if null + Add `json_error_code()` to retrieve numeric error codes + Enable thread safety for `json_dump()` on all systems. Enable thread safe `json_decref()` and `json_incref()` for modern compilers + Add `json_sprintf()` and `json_vsprintf()` * Fixes: + Handle `sprintf` corner cases. + Add infinite loop check in json_deep_copy() + Enhance JANSSON_ATTRS macro to support earlier C standard(C89) + Update version detection for sphinx-build + Fix error message in `json_pack()` for NULL object + Avoid invalid memory read in `json_pack()` + Call va_end after va_copy in `json_vsprintf()` + Improve handling of formats with '?' and '*' in `json_pack()` + Remove inappropriate `jsonp_free()` which caused segmentation fault in error handling + Fix incorrect report of success from `json_dump_file()` when an error is returned by `fclose()` + Make json_equal() const-correct + Fix incomplete stealing of references by `json_pack()` - Use GitHub as source URLs: Release hasn't been uploaded to digip.org. - Add check section. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2859-1 Released: Mon Jul 17 16:43:57 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1160435,1172073,1187829,1191731,1199046,1200217,1205758,1208600,1209039,1209342,1210533,1210791,1211089,1211519,1211796,1212128,1212129,1212154,1212158,1212494,1212501,1212502,1212504,1212513,1212606,1212842,CVE-2023-1077,CVE-2023-1249,CVE-2023-2002,CVE-2023-3090,CVE-2023-3141,CVE-2023-3159,CVE-2023-3161,CVE-2023-3268,CVE-2023-3358,CVE-2023-35788,CVE-2023-35823,CVE-2023-35824,CVE-2023-35828 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). The following non-security bugs were fixed: - Also include kernel-docs build requirements for ALP - Avoid unsuported tar parameter on SLE12 - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796) - Generalize kernel-doc build requirements. - Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. - Move setting %%build_html to config.sh - Move setting %%split_optional to config.sh - Move setting %%supported_modules_check to config.sh - Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. - Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore - Remove usrmerge compatibility symlink in buildroot (boo#1211796). - Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. - cifs: do not include page data when checking signature (bsc#1200217). - cifs: fix open leaks in open_cached_dir() (bsc#1209342). - google/gve:fix repeated words in comments (bsc#1211519). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (bsc#1211519). - gve: Fix GFP flags when allocing pages (bsc#1211519). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (bsc#1211519). - gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). - gve: enhance no queue page list detection (bsc#1211519). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides - rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE. - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - usrmerge: Compatibility with earlier rpm (boo#1211796) - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2866-1 Released: Tue Jul 18 11:09:03 2023 Summary: Security update for python-requests Type: security Severity: moderate References: 1211674,CVE-2023-32681 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2879-1 Released: Wed Jul 19 09:45:34 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2894-1 Released: Thu Jul 20 06:45:06 2023 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1194557,1203300,1206447,1206674,1206798,1211026 This update for wicked fixes the following issues: - Update to version 0.6.73 - Fix arp notify loop and burst sending (boo#1212806) - Allow verify/notify counter and interval configuration - Handle ENOBUFS sending errors (bsc#1203300) - Improve environment variable handling - Refactor firmware extension definition - Enable, disable and revert cli commands - Fix memory leaks, add array/list utils - Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - Cleanup /var/run leftovers in extension scripts (bsc#1194557) - Output formatting improvements and Unicode support - bond: workaround 6.1 kernel enslave regression (bsc#1206674) - Add `wicked firmware` command to improve `ibft`,`nbft`,`redfish` firmware extension and interface handling. - Improve error handling in netif firmware discovery extension execution and extension definition overrides in the wicked-config. - Fix use-after-free in debug mode (bsc#1206447) - Replace transitional `%usrmerged` macro with regular version check (bsc#1206798) - Improve to show `no-carrier` in ifstatus output - Cleanup inclusions and update uapi header to 6.0 - Link mode nwords cleanup and new advertise mode names - Enable raw-ip support for wwan-qmi interfaces (jsc#PED-90) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2898-1 Released: Thu Jul 20 09:15:33 2023 Summary: Recommended update for python-instance-billing-flavor-check Type: feature Severity: critical References: This update for python-instance-billing-flavor-check fixes the following issues: - Include PAYG checker package in SLE (jsc#PED-4791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2905-1 Released: Thu Jul 20 10:17:54 2023 Summary: Recommended update for fstrm Type: recommended Severity: moderate References: This update for fstrm fixes the following issues: - Update to 0.6.1: - fstrm_capture: ignore SIGPIPE, which will cause the interrupted connections to generate an EPIPE instead. - Fix truncation in snprintf calls in argument processing. - fstrm_capture: Fix output printf format. - Update to 0.6.0 It adds a new feature for fstrm_capture. It can perform output file rotation when a SIGUSR1 signal is received by fstrm_capture. (See the --gmtime or --localtime options.) This allows fstrm_capture's output file to be rotated by logrotate or a similar external utility. (Output rotation is suppressed if fstrm_capture is writing to stdout.) Update to 0.5.0 - Change license to modern MIT license for compatibility with GPLv2 software. Contact software at farsightsecurity.com for alternate licensing. - src/fstrm_replay.c: For OpenBSD and Posix portability include netinet/in.h and sys/socket.h to get struct sockaddr_in and the AF_* defines respectively. - Fix various compiler warnings. Update to 0.4.0 The C implementation of the Frame Streams data transport protocol, fstrm version 0.4.0, was released. It adds TCP support, a new tool, new documentation, and several improvements. - Added manual pages for fstrm_capture and fstrm_dump. - Added new tool, fstrm_replay, for replaying saved Frame Streams data to a socket connection. - Adds TCP support. Add tcp_writer to the core library which implements a bi-directional Frame Streams writer as a TCP socket client. Introduces new developer API: fstrm_tcp_writer_init, fstrm_tcp_writer_options_init, fstrm_tcp_writer_options_destroy, fstrm_tcp_writer_options_set_socket_address, and fstrm_tcp_writer_options_set_socket_port. - fstrm_capture: new options for reading from TCP socket. - fstrm_capture: add '-c' / '--connections' option to limit the number of concurrent connections it will accept. - fstrm_capture: add '-b / --buffer-size' option to set the read buffer size (effectively the maximum frame size) to a value other than the default 256 KiB. - fstrm_capture: skip oversize messages to fix stalled connections caused by messages larger than the read highwater mark of the input buffer. Discarded messages are logged for the purposes of tuning the input buffer size. - fstrm_capture: complete sending of FINISH frame before closing connection. - Various test additions and improvements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2909-1 Released: Thu Jul 20 10:59:11 2023 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1204563 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2954-1 Released: Mon Jul 24 13:01:46 2023 Summary: Security update for bind Type: security Severity: important References: 1212544,CVE-2023-2828 This update for bind fixes the following issues: - CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2994-1 Released: Thu Jul 27 06:45:29 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1157881,1200710,1209859 This update for nfs-utils fixes the following issues: - SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) - Avoid unhelpful warnings (bsc#1157881) - Fix rpc.nfsd man pages (bsc#1209859) - Allow scope to be set in sysconfig: NFSD_SCOPE ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3060-1 Released: Mon Jul 31 13:27:42 2023 Summary: Security update for samba Type: security Severity: important References: 1213171,1213172,1213173,1213174,1213384,CVE-2022-2127,CVE-2023-34966,CVE-2023-34967,CVE-2023-34968 This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). Bugfixes: - Fixed trust relationship failure (bsc#1213384). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3173-1 Released: Thu Aug 3 08:56:10 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1201399,1208003,1210799 This update for perl-Bootloader fixes the following issues: - Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - Add basic support for systemd-boot ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3179-1 Released: Thu Aug 3 13:59:38 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,1213487,CVE-2022-4304,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). - Update further expiring certificates that affect tests [bsc#1201627] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3196-1 Released: Fri Aug 4 10:02:04 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1213443 This update for protobuf-c fixes the following issues: - Include executables required to generate Protocol Buffers glue code in the devel subpackage (bsc#1213443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3210-1 Released: Mon Aug 7 15:20:04 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3218-1 Released: Mon Aug 7 16:52:13 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3270-1 Released: Thu Aug 10 19:34:35 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211461 This update for vim fixes the following issues: - Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3282-1 Released: Fri Aug 11 10:26:23 2023 Summary: Recommended update for blog Type: recommended Severity: moderate References: This update for blog fixes the following issues: - Fix big endian cast problems to be able to read commands and ansers as well as passphrases ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:3283-1 Released: Fri Aug 11 10:28:34 2023 Summary: Feature update for cloud-init Type: feature Severity: moderate References: 1184758,1210273,1212879,CVE-2021-3429,CVE-2023-1786 This update for cloud-init fixes the following issues: - Default route is not configured (bsc#1212879) - cloud-final service failing in powerVS (bsc#1210273) - Randomly generated passwords logged in clear-text to world-readable file (bsc#1184758, CVE-2021-3429) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3284-1 Released: Fri Aug 11 10:29:50 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3288-1 Released: Fri Aug 11 12:30:14 2023 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1213582 This update for python-apipkg provides python3-apipkg to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3291-1 Released: Fri Aug 11 12:51:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3294-1 Released: Fri Aug 11 13:51:51 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1200975,1204294,1212756 This update for hwinfo fixes the following issues: - Avoid linking problems with libsamba (bsc#1212756) - Update to version 21.85 - Create xen usb controller device if necessary (bsc#1204294) - Improve treatment of NVME devices (bsc#1200975) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3301-1 Released: Mon Aug 14 07:24:59 2023 Summary: Security update for libyajl Type: security Severity: moderate References: 1212928,CVE-2023-33460 This update for libyajl fixes the following issues: - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3330-1 Released: Wed Aug 16 08:59:33 2023 Summary: Recommended update for python-pyasn1 Type: recommended Severity: important References: 1207805 This update for python-pyasn1 fixes the following issues: - To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3365-1 Released: Fri Aug 18 20:35:01 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3369-1 Released: Tue Aug 22 11:12:02 2023 Summary: Security update for python-configobj Type: security Severity: low References: 1210070,CVE-2023-26112 This update for python-configobj fixes the following issues: - CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3371-1 Released: Tue Aug 22 13:30:18 2023 Summary: Recommended update for liblognorm Type: recommended Severity: moderate References: This update for liblognorm fixes the following issues: - Update to liblognorm v2.0.6 (jsc#PED-4883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3373-1 Released: Tue Aug 22 13:48:25 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1211757,1213212 This update for rsyslog fixes the following issues: - Fix removal of imfile state files (bsc#1213212) - Fix segfaults in modExit() of imklog.c (bsc#1211757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3391-1 Released: Wed Aug 23 17:29:26 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1199304,1206418,1207270,1210584,1211131,1211738,1211867,1212301,1212741,1212835,1212846,1213059,1213061,1213167,1213245,1213286,1213287,1213354,1213543,1213585,1213586,1213588,1213653,1213868,CVE-2022-40982,CVE-2023-0459,CVE-2023-20569,CVE-2023-20593,CVE-2023-2156,CVE-2023-2985,CVE-2023-3117,CVE-2023-31248,CVE-2023-3390,CVE-2023-35001,CVE-2023-3567,CVE-2023-3609,CVE-2023-3611,CVE-2023-3776,CVE-2023-3812 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ???Inception??? or ???RAS Poisoning??? (bsc#1213287). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). The following non-security bugs were fixed: - arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - block, bfq: fix division by zero error on zero wsum (bsc#1213653). - get module prefix from kmod (bsc#1212835). - init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418). - init: invoke arch_cpu_finalize_init() earlier (bsc#1206418). - init: provide arch_cpu_finalize_init() (bsc#1206418). - init: remove check_bugs() leftovers (bsc#1206418). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304). - kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps') - kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. - kernel-docs: use python3 together with python3-sphinx (bsc#1212741). - keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354). - lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567). - locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567). - locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567). - locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567). - locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567). - locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567). - locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567). - locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567). - locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567). - locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567). - locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567). - locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567). - locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net: mana: add support for vlan tagging (bsc#1212301). - ocfs2: fix a deadlock when commit trans (bsc#1199304). - ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304). - ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304). - remove more packaging cruft for sle < 12 sp3 - rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. - rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*. - rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567). - rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567). - ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584). - ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - usrmerge: adjust module path in the kernel sources (bsc#1212835). - x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - x86/fpu: remove cpuinfo argument from init functions (bsc#1206418). - x86/microcode/AMD: Make stub function static inline (bsc#1213868). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3446-1 Released: Mon Aug 28 10:56:49 2023 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1204489,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593 This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3452-1 Released: Mon Aug 28 12:41:11 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1213951 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update from version 1.0.7 to 1.0.8 (bsc#1213951) - Capture CSP billing adapter config and log - Accept upper case Amazon string in DMI table ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3467-1 Released: Tue Aug 29 07:39:36 2023 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1213940 This update for samba fixes the following issues: - Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3470-1 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Type: recommended Severity: low References: 1182142,1193412 This update for parted fixes the following issues: - fix null pointer dereference (bsc#1193412) - update mkpart options in manpage (bsc#1182142) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3487-1 Released: Tue Aug 29 14:28:35 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3515-1 Released: Fri Sep 1 15:54:25 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate References: 1213582 This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3536-1 Released: Tue Sep 5 15:00:27 2023 Summary: Security update for docker Type: security Severity: moderate References: 1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842 This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at bsc#1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at . bsc#1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at . bsc#1213120 - Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. - Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) - Update to Docker 24.0.2-ce. See upstream changelog online at . bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 - Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. - was rebuilt against current GO compiler. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3540-1 Released: Tue Sep 5 16:44:44 2023 Summary: Recommended update for dracut Type: recommended Severity: important References: 1214081 This update for dracut fixes the following issues: - Exit if resolving executable dependencies fails (bsc#1214081) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3543-1 Released: Wed Sep 6 08:27:22 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1214006 This update for protobuf-c fixes the following issues: - Add missing Provides/Obsoletes after package merge (bsc#1214006) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3546-1 Released: Wed Sep 6 14:07:17 2023 Summary: Recommended update for open-iscsi Type: recommended Severity: low References: 1207157 This update for open-iscsi fixes the following issues: -Set 'safe_logout' and 'startup' in iscsid.conf (bsc#1207157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3639-1 Released: Mon Sep 18 13:33:16 2023 Summary: Security update for libeconf Type: security Severity: moderate References: 1198165,1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following non-security bug was fixed: - Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3684-1 Released: Tue Sep 19 17:12:12 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1023051,1203517,1210448,1213272,1213546,1213601,1213666,1213916,1213927,1213968,1213969,1213970,1213971,1214019,1214120,1214149,1214275,1214297,1214348,1214350,1214451,CVE-2022-36402,CVE-2023-2007,CVE-2023-20588,CVE-2023-21400,CVE-2023-34319,CVE-2023-3772,CVE-2023-3863,CVE-2023-4128,CVE-2023-4132,CVE-2023-4133,CVE-2023-4134,CVE-2023-4147,CVE-2023-4194,CVE-2023-4273,CVE-2023-4385,CVE-2023-4387,CVE-2023-4459 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). The following non-security bugs were fixed: - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - Do not add and remove genksyms ifdefs - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - e1000: Fix fall-through warnings for Clang (jsc#PED-5738). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove checker warning (jsc#PED-5738). - kabi/severities: Ignore newly added SRSO mitigation functions - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738). - net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas: move syscall filter setup into separate function (bsc#1023051). - powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051). - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214275). - xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275). - xfs: update superblock counters correctly for !lazysbcount (bsc#1214275). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3698-1 Released: Wed Sep 20 11:01:15 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3707-1 Released: Wed Sep 20 17:12:03 2023 Summary: Security update for cups Type: security Severity: important References: 1214254,1215204,CVE-2023-32360,CVE-2023-4504 This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3817-1 Released: Wed Sep 27 18:31:14 2023 Summary: Security update for containerd Type: security Severity: important References: 1212475 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3822-1 Released: Wed Sep 27 18:40:14 2023 Summary: Security update for supportutils Type: security Severity: moderate References: 1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3828-1 Released: Wed Sep 27 19:07:38 2023 Summary: Security update for python3 Type: security Severity: important References: 1214692,CVE-2023-40217 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3903-1 Released: Fri Sep 29 15:14:18 2023 Summary: Security update for xen Type: security Severity: important References: 1213616,1215145,1215474,CVE-2023-20588,CVE-2023-20593,CVE-2023-34322 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3934-1 Released: Mon Oct 2 12:04:33 2023 Summary: Security update for bind Type: security Severity: important References: 1213748,1215472,CVE-2023-3341 This update for bind fixes the following issues: Security fixes: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). Other fixes: - Add `dnstap` support (jsc#PED-4853, jsc#PED-4852, bsc#1213748) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3951-1 Released: Tue Oct 3 19:37:46 2023 Summary: Recommended update for python3-jmespath, python3-ply Type: recommended Severity: moderate References: 1209233 This update for python3-jmespath and python3-ply fixes the following issue: - the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functional changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3952-1 Released: Tue Oct 3 20:06:23 2023 Summary: Security update for runc Type: security Severity: important References: 1212475 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from . - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3955-1 Released: Tue Oct 3 21:27:58 2023 Summary: Security update for vim Type: security Severity: important References: 1214922,1214924,1214925,1215004,1215006,1215033,CVE-2023-4733,CVE-2023-4734,CVE-2023-4735,CVE-2023-4738,CVE-2023-4752,CVE-2023-4781 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4006-1 Released: Mon Oct 9 08:35:50 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4027-1 Released: Tue Oct 10 13:59:02 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4045-1 Released: Wed Oct 11 09:10:43 2023 Summary: Security update for curl Type: security Severity: moderate References: 1215889,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4095-1 Released: Tue Oct 17 15:03:04 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1176588,1202845,1207036,1207270,1208995,1210169,1210643,1210658,1212703,1213812,1214233,1214351,1214380,1214386,1215115,1215117,1215150,1215221,1215275,1215299,1215322,1215356,CVE-2020-36766,CVE-2023-1192,CVE-2023-1206,CVE-2023-1859,CVE-2023-2177,CVE-2023-23454,CVE-2023-4004,CVE-2023-40283,CVE-2023-42753,CVE-2023-4389,CVE-2023-4622,CVE-2023-4623,CVE-2023-4881,CVE-2023-4921 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges on the system. (bsc#1215150) - CVE-2023-4389: Fixed a a double decrement of the reference count flaw in the btrfs filesystem a double decrement of the reference count, which may have allowed a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. (bsc#1214351) - CVE-2023-4921: Fixed a use-after-free vulnerability in the sch_qfq component which could be exploited to achieve local privilege escalation. (bsc#1215275) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). - CVE-2023-4622: Fixed a use-after-free vulnerability in the af_unix component which could be exploited to achieve local privilege escalation. (bsc#1215117) - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2020-36766: Fixed an issue in drivers/media/cec/core/cec-api.c which could leaks one byte of kernel memory on specific hardware to unprivileged users. (bsc#1215299) - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. (bsc#1210169) - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system or potentially cause a denial of service. (bsc#1210643) - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - locking/rwsem: Disable reader optimistic spinning (bnc#1176588). - mkspec: Allow unsupported KMPs (bsc#1214386) - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4096-1 Released: Tue Oct 17 15:04:04 2023 Summary: Security update for samba Type: security Severity: important References: 1215904,1215905,1215908,CVE-2023-4091,CVE-2023-4154,CVE-2023-42669 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4106-1 Released: Wed Oct 18 09:10:14 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1170267,1212799,1214781 This update for suseconnect-ng fixes the following issues: This update ships suseconnect-ng, the SUSEConnect replacement, to SUSE Linux Enterprise 15 SP1, SP2, and SP3. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4130-1 Released: Thu Oct 19 09:53:13 2023 Summary: Security update for grub2 Type: security Severity: important References: 1215935,1215936,CVE-2023-4692,CVE-2023-4693 This update for grub2 fixes the following issues: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4139-1 Released: Fri Oct 20 10:06:58 2023 Summary: Recommended update for containerd, runc Type: recommended Severity: moderate References: 1215323 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4158-1 Released: Mon Oct 23 09:52:06 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1207853,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Updated to version 15.3.17: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). - Updated to version 15.3.16: - Fixed a build issue for s390x (bsc#1207853). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4174-1 Released: Tue Oct 24 12:36:41 2023 Summary: Security update for xen Type: security Severity: important References: 1215744,1215746,1215747,1215748,CVE-2023-34323,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328 This update for xen fixes the following issues: - CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion (XSA-440) (bsc#1215744). - CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled (XSA-442) (bsc#1215746). - CVE-2023-34325: Fixed multiple parsing issues in libfsimage (XSA-443) (bsc#1215747). - CVE-2023-34327, CVE-2023-34328: Fixed multiple issues with AMD x86 debugging functionality for guests (XSA-444) (bsc#1215748). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4226-1 Released: Fri Oct 27 11:14:10 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4237-1 Released: Mon Oct 30 03:42:23 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1215064 This update for perl-Bootloader fixes the following issues: - `bootloader_entry` script can have an optional 'force-default' argument (bsc#1215064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4348-1 Released: Thu Nov 2 15:38:52 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1210778,1210853,1212051,1214842,1215095,1215467,1215518,1215745,1215858,1215860,1215861,1216046,1216051,1216134,CVE-2023-2163,CVE-2023-31085,CVE-2023-3111,CVE-2023-34324,CVE-2023-3777,CVE-2023-39189,CVE-2023-39192,CVE-2023-39193,CVE-2023-39194,CVE-2023-42754,CVE-2023-45862 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4453-1 Released: Wed Nov 15 14:24:58 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1216541 This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4461-1 Released: Thu Nov 16 15:03:33 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4466-1 Released: Thu Nov 16 17:57:03 2023 Summary: Security update for xen Type: security Severity: important References: 1216654,1216807,CVE-2023-46835,CVE-2023-46836 This update for xen fixes the following issues: - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4519-1 Released: Tue Nov 21 17:39:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4535-1 Released: Thu Nov 23 08:17:40 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4704-1 Released: Mon Dec 11 07:20:53 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192986 This update for dracut fixes the following issues: - Update to version 049.1+suse.257.gf94c3fd1 - Fix network device naming in udev-rules (bsc#1192986) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,CVE-2023-46218 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4811-1 Released: Wed Dec 13 19:01:09 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1084909,1210780,1214037,1214344,1214764,1215371,1216058,1216259,1216584,1216965,1216976,1217140,1217332,1217408,1217780,CVE-2023-31083,CVE-2023-39197,CVE-2023-39198,CVE-2023-45863,CVE-2023-45871,CVE-2023-5717,CVE-2023-6176 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). The following non-security bugs were fixed: - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - Call flush_delayed_fput() from nfsd main-loop (bsc#1217408). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4902-1 Released: Tue Dec 19 13:09:42 2023 Summary: Security update for openssh Type: security Severity: important References: 1214788,1217950,CVE-2023-48795 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4910-1 Released: Tue Dec 19 16:02:41 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). - CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4921-1 Released: Wed Dec 20 09:51:31 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4936-1 Released: Wed Dec 20 17:18:21 2023 Summary: Security update for docker, rootlesskit Type: security Severity: important References: 1170415,1170446,1178760,1210141,1213229,1213500,1215323,1217513,CVE-2020-12912,CVE-2020-8694,CVE-2020-8695 This update for docker, rootlesskit fixes the following issues: docker: - Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513 * Deny containers access to /sys/devices/virtual/powercap by default. - CVE-2020-8694 bsc#1170415 - CVE-2020-8695 bsc#1170446 - CVE-2020-12912 bsc#1178760 - Update to Docker 24.0.6-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323 - Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141 - Update to Docker 24.0.5-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229 This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180) rootlesskit: - new package, for docker rootless support. (jsc#PED-6180) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4986-1 Released: Thu Dec 28 16:05:33 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:9-1 Released: Tue Jan 2 13:20:01 2024 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1214076 This update for samba fixes the following issues: - Add 'net offlinejoin composeodj' command (bsc#1214076) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-?? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:43-1 Released: Fri Jan 5 14:49:13 2024 Summary: Recommended update for libsolv, zypper, libzypp Type: recommended Severity: moderate References: 1212160,1215294,1216412,1217593,1217873,1218291 This update for libsolv, zypper, libzypp fixes the following issues: - Expand RepoVars in URLs downloading a .repo file (bsc#1212160) - Fix search/info commands ignoring --ignore-unknown (bsc#1217593) - CheckAccessDeleted: fix 'running in container' filter (bsc#1218291) - Open rpmdb just once during execution of %posttrans scripts (bsc#1216412) - Make sure reboot-needed is remembered until next boot (bsc#1217873) - Stop using boost version 1 timer library (bsc#1215294) - Updated to version 0.7.27 - Add zstd support for the installcheck tool - Add putinowndirpool cache to make file list handling in repo_write much faster - Do not use deprecated headerUnload with newer rpm versions - Support complex deps in SOLVABLE_PREREQ_IGNOREINST - Fix minimization not prefering installed packages in some cases - Reduce memory usage in repo_updateinfoxml - Fix lock-step interfering with architecture selection - Fix choice rule handing for package downgrades - Fix complex dependencies with an 'else' part sometimes leading to unsolved dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:50-1 Released: Mon Jan 8 03:18:56 2024 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1217695,1217696 This update for python-instance-billing-flavor-check fixes the following issues: - Run the command as sudo only (bsc#1217696, bsc#1217695) - Handle exception for Python 3.4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate References: 1215496 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:70-1 Released: Tue Jan 9 18:29:39 2024 Summary: Security update for tar Type: security Severity: low References: 1217969,CVE-2023-39804 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:126-1 Released: Tue Jan 16 13:48:02 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1218364 This update for suseconnect-ng fixes the following issues: - Update to version 1.5.0 - Configure docker credentials for registry authentication - Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364) - Add --json output option ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:128-1 Released: Tue Jan 16 13:50:37 2024 Summary: Security update for cloud-init Type: security Severity: moderate References: 1198269,1201010,1214169,1215740,1215794,1216007,1216011,CVE-2023-1786 This update for cloud-init contains the following fixes: - Move fdupes call back to %install.(bsc#1214169) - Update to version 23.3. (bsc#1216011) * (bsc#1215794) * (bsc#1215740) * (bsc#1216007) + Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support (#4390) + Fix cc_keyboard in mantic (LP: #2030788) + ec2: initialize get_instance_userdata return value to bytes (#4387) [Noah Meyerhans] + cc_users_groups: Add doas/opendoas support (#4363) [dermotbradley] + Fix pip-managed ansible + status: treat SubState=running and MainPID=0 as service exited + azure/imds: increase read-timeout to 30s (#4372) [Chris Patterson] + collect-logs fix memory usage (SC-1590) (#4289) [Alec Warren] (LP: #1980150) + cc_mounts: Use fallocate to create swapfile on btrfs (#4369) + Undocument nocloud-net (#4318) + feat(akamai): add akamai to settings.py and apport.py (#4370) + read-version: fallback to get_version when git describe fails (#4366) + apt: fix cloud-init status --wait blocking on systemd v 253 (#4364) + integration tests: Pass username to pycloudlib (#4324) + Bump pycloudlib to 1!5.1.0 (#4353) + cloud.cfg.tmpl: reorganise, minimise/reduce duplication (#4272) [dermotbradley] + analyze: fix (unexpected) timestamp parsing (#4347) [Mina Gali??] + cc_growpart: fix tests to run on FreeBSD (#4351) [Mina Gali??] + subp: Fix spurious test failure on FreeBSD (#4355) [Mina Gali??] + cmd/clean: fix tests on non-Linux platforms (#4352) [Mina Gali??] + util: Fix get_proc_ppid() on non-Linux systems (#4348) [Mina Gali??] + cc_wireguard: make tests pass on FreeBSD (#4346) [Mina Gali??] + unittests: fix breakage in test_read_cfg_paths_fetches_cached_datasource (#4328) [Ani Sinha] + Fix test_tools.py collection (#4315) + cc_keyboard: add Alpine support (#4278) [dermotbradley] + Flake8 fixes (#4340) [Robert Schweikert] + cc_mounts: Fix swapfile not working on btrfs (#4319) [?????????] (LP: #1884127) + ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen (#4281) [Wei Zhou] + ec2: Support double encoded userdata (#4275) [Noah Meyerhans] + cc_mounts: xfs is a Linux only FS (#4334) [Mina Gali??] + tests/net: fix TestGetInterfaces' mock coverage for get_master (#4336) [Chris Patterson] + change openEuler to openeuler and fix some bugs in openEuler (#4317) [sxt1001] + Replace flake8 with ruff (#4314) + NM renderer: set default IPv6 addr-gen-mode for all interfaces to eui64 (#4291) [Ani Sinha] + cc_ssh_import_id: add Alpine support and add doas support (#4277) [dermotbradley] + sudoers not idempotent (SC-1589) (#4296) [Alec Warren] (LP: #1998539) + Added support for Akamai Connected Cloud (formerly Linode) (#4167) [Will Smith] + Fix reference before assignment (#4292) + Overhaul module reference page (#4237) [Sally] + replaced spaces with commas for setting passenv (#4269) [Alec Warren] + DS VMware: modify a few log level (#4284) [PengpengSun] + tools/read-version refactors and unit tests (#4268) + Ensure get_features() grabs all features (#4285) + Don't always require passlib dependency (#4274) + tests: avoid leaks into host system checking of ovs-vsctl cmd (#4275) + Fix NoCloud kernel commandline key parsing (#4273) + testing: Clear all LRU caches after each test (#4249) + Remove the crypt dependency (#2139) [Gon??ri Le Bouder] + logging: keep current file mode of log file if its stricter than the new mode (#4250) [Ani Sinha] + Remove default membership in redundant groups (#4258) [Dave Jones] (LP: #1923363) + doc: improve datasource_creation.rst (#4262) + Remove duplicate Integration testing button (#4261) [Rishita Shaw] + tools/read-version: fix the tool so that it can handle version parsing errors (#4234) [Ani Sinha] + net/dhcp: add udhcpc support (#4190) [Jean-Fran??ois Roche] + DS VMware: add i386 arch dir to deployPkg plugin search path [PengpengSun] + LXD moved from linuxcontainers.org to Canonical [Simon Deziel] + cc_mounts.py: Add note about issue with creating mounts inside mounts (#4232) [dermotbradley] + lxd: install lxd from snap, not deb if absent in image + landscape: use landscape-config to write configuration + Add deprecation log during init of DataSourceDigitalOcean (#4194) [tyb-truth] + doc: fix typo on apt.primary.arches (#4238) [Dan Bungert] + Inspect systemd state for cloud-init status (#4230) + instance-data: add system-info and features to combined-cloud-config (#4224) + systemd: Block login until config stage completes (#2111) (LP: #2013403) + tests: proposed should invoke apt-get install -t=-proposed (#4235) + cloud.cfg.tmpl: reinstate ca_certs entry (#4236) [dermotbradley] + Remove feature flag override ability (#4228) + tests: drop stray unrelated file presence test (#4227) + Update LXD URL (#4223) [Sally] + schema: add network v1 schema definition and validation functions + tests: daily PPA for devel series is version 99.daily update tests to match (#4225) + instance-data: write /run/cloud-init/combined-cloud-config.json + mount parse: Fix matching non-existent directories (#4222) [Mina Gali??] + Specify build-system for pep517 (#4218) + Fix network v2 metric rendering (#4220) + Migrate content out of FAQ page (SD-1187) (#4205) [Sally] + setup: fix generation of init templates (#4209) [Mina Gali??] + docs: Correct some bootcmd example wording + fix changelog + tests: reboot client to assert x-shellscript-per-boot is triggered + nocloud: parse_cmdline no longer detects nocloud-net datasource (#4204) (LP: 4203, #2025180) + Add docstring and typing to mergemanydict (#4200) + BSD: add dsidentify to early startup scripts (#4182) [Mina Gali??] + handler: report errors on skipped merged cloud-config.txt parts (LP: #1999952) + Add cloud-init summit writeups (#4179) [Sally] + tests: Update test_clean_log for oci (#4187) + gce: improve ephemeral fallback NIC selection (CPC-2578) (#4163) + tests: pin pytest 7.3.1 to avoid adverse testpaths behavior (#4184) + Ephemeral Networking for FreeBSD (#2165) [Mina Gali??] + Clarify directory syntax for nocloud local filesystem. (#4178) + Set default renderer as sysconfig for centos/rhel (#4165) [Ani Sinha] + Test static routes and netplan 0.106 + FreeBSD fix parsing of mount and mount options (#2146) [Mina Gali??] + test: add tracking bug id (#4164) + tests: can't match MAC for LXD container veth due to netplan 0.106 (#4162) + Add kaiwalyakoparkar as a contributor (#4156) [Kaiwalya Koparkar] + BSD: remove datasource_list from cloud.cfg template (#4159) [Mina Gali??] + launching salt-minion in masterless mode (#4110) [Denis Halturin] + tools: fix run-container builds for rockylinux/8 git hash mismatch (#4161) + fix doc lint: spellchecker tripped up (#4160) [Mina Gali??] + Support Ephemeral Networking for BSD (#2127) + Added / fixed support for static routes on OpenBSD and FreeBSD (#2157) [Kadir Mueller] + cc_rsyslog: Refactor for better multi-platform support (#4119) [Mina Gali??] (LP: #1798055) + tests: fix test_lp1835584 (#4154) + cloud.cfg mod names: docs and rename salt_minion and set_password (#4153) + vultr: remove check_route check (#2151) [Jonas Chevalier] + Update SECURITY.md (#4150) [Indrranil Pawar] + Update CONTRIBUTING.rst (#4149) [Indrranil Pawar] + Update .github-cla-signers (#4151) [Indrranil Pawar] + Standardise module names in cloud.cfg.tmpl to only use underscore (#4128) [dermotbradley] + Modify PR template so autoclose works >From 23.2.2 + Fix NoCloud kernel commandline key parsing (#4273) (Fixes: #4271) (LP: #2028562) + Fix reference before assignment (#4292) (Fixes: #4288) (LP: #2028784) >From 23.2.1 + nocloud: Fix parse_cmdline detection of nocloud-net datasource (#4204) (Fixes: 4203) (LP: #2025180) >From 23.2 + BSD: simplify finding MBR partitions by removing duplicate code [Mina Gali??] + tests: bump pycloudlib version for mantic builds + network-manager: Set higher autoconnect priority for nm keyfiles (#3671) [Ani Sinha] + alpine.py: change the locale file used (#4139) [dermotbradley] + cc_ntp: Sync up with current FreeBSD ntp.conf (#4122) [Mina Gali??] + config: drop refresh_rmc_and_interface as RHEL 7 no longer supported [Robert Schweikert] + docs: Add feedback button to docs + net/sysconfig: enable sysconfig renderer if network manager has ifcfg-rh plugin (#4132) [Ani Sinha] + For Alpine use os-release PRETTY_NAME (#4138) [dermotbradley] + network_manager: add a method for ipv6 static IP configuration (#4127) [Ani Sinha] + correct misnamed template file host.mariner.tmpl (#4124) [dermotbradley] + nm: generate ipv6 stateful dhcp config at par with sysconfig (#4115) [Ani Sinha] + Add templates for GitHub Issues + Add 'peers' and 'allow' directives in cc_ntp (#3124) [Jacob Salmela] + FreeBSD: Fix user account locking (#4114) [Mina Gali??] (GH: #1854594) + FreeBSD: add ResizeGrowFS class to cc_growpart (#2334) [Mina Gali??] + Update tests in Azure TestCanDevBeReformatted class (#2771) [Ksenija Stanojevic] + Replace Launchpad references with GitHub Issues + Fix KeyError in iproute pformat (#3287) [Dmitry Zykov] + schema: read_cfg_paths call init.fetch to lookup /v/l/c/instance + azure/errors: introduce reportable errors for imds (#3647) [Chris Patterson] + FreeBSD (and friends): better identify MBR slices (#2168) [Mina Gali??] (LP: #2016350) + azure/errors: add host reporting for dhcp errors (#2167) [Chris Patterson] + net: purge blacklist_drivers across net and azure (#2160) [Chris Patterson] + net: refactor hyper-v VF filtering and apply to get_interfaces() (#2153) [Chris Patterson] + tests: avoid leaks to underlying filesystem for /etc/cloud/clean.d (#2251) + net: refactor find_candidate_nics_on_linux() to use get_interfaces() (#2159) [Chris Patterson] + resolv_conf: Allow > 3 nameservers (#2152) [Major Hayden] + Remove mount NTFS error message (#2134) [Ksenija Stanojevic] + integration tests: fix image specification parsing (#2166) + ci: add hypothesis scheduled GH check (#2149) + Move supported distros list to docs (#2162) + Fix logger, use instance rather than module function (#2163) + README: Point to Github Actions build status (#2158) + Revert 'fix linux-specific code on bsd (#2143)' (#2161) + Do not generate dsa and ed25519 key types when crypto FIPS mode is enabled (#2142) [Ani Sinha] (LP: 2017761) + Add documentation label automatically (#2156) + sources/azure: report success to host and introduce kvp module (#2141) [Chris Patterson] + setup.py: use pkg-config for udev/rules path (#2137) [dankm] + openstack/static: honor the DNS servers associated with a network (#2138) [Gon??ri Le Bouder] + fix linux-specific code on bsd (#2143) + cli: schema validation of jinja template user-data (SC-1385) (#2132) (LP: #1881925) + gce: activate network discovery on every boot (#2128) + tests: update integration test to assert 640 across reboots (#2145) + Make user/vendor data sensitive and remove log permissions (#2144) (LP: #2013967) + Update kernel command line docs (SC-1457) (#2133) + docs: update network configuration path links (#2140) [d1r3ct0r] + sources/azure: report failures to host via kvp (#2136) [Chris Patterson] + net: Document use of `ip route append` to add routes (#2130) + dhcp: Add missing mocks (#2135) + azure/imds: retry fetching metadata up to 300 seconds (#2121) [Chris Patterson] + [1/2] DHCP: Refactor dhcp client code (#2122) + azure/errors: treat traceback_base64 as string (#2131) [Chris Patterson] + azure/errors: introduce reportable errors (#2129) [Chris Patterson] + users: schema permit empty list to indicate create no users + azure: introduce identity module (#2116) [Chris Patterson] + Standardize disabling cloud-init on non-systemd (#2112) + Update .github-cla-signers (#2126) [Rob Tongue] + NoCloud: Use seedfrom protocol to determine mode (#2107) + rhel: Remove sysvinit files. (#2114) + tox.ini: set -vvvv --showlocals for pytest (#2104) [Chris Patterson] + Fix NoCloud kernel commandline semi-colon args + run-container: make the container/VM timeout configurable (#2118) [Paride Legovini] + suse: Remove sysvinit files. (#2115) + test: Backport assert_call_count for old requests (#2119) + Add 'licebmi' as contributor (#2113) [Mark Martinez] + Adapt DataSourceScaleway to upcoming IPv6 support (#2033) [Louis Bouchard] + rhel: make sure previous-hostname file ends with a new line (#2108) [Ani Sinha] + Adding contributors for DataSourceAkamai (#2110) [acourdavAkamai] + Cleanup ephemeral IP routes on exception (#2100) [sxt1001] + commit 09a64badfb3f51b1b391fa29be19962381a4bbeb [sxt1001] (LP: #2011291) + Standardize kernel commandline user interface (#2093) + config/cc_resizefs: fix do_resize arguments (#2106) [Chris Patterson] + Fix test_dhclient_exits_with_error (#2105) + net/dhcp: catch dhclient failures and raise NoDHCPLeaseError (#2083) [Chris Patterson] + sources/azure: move pps handling out of _poll_imds() (#2075) [Chris Patterson] + tests: bump pycloudlib version (#2102) + schema: do not manipulate draft4 metaschema for jsonschema 2.6.0 (#2098) + sources/azure/imds: don't count timeout errors as connection errors (#2074) [Chris Patterson] + Fix Python 3.12 unit test failures (#2099) + integration tests: Refactor instance checking (#1989) + ci: migrate remaining jobs from travis to gh (#2085) + missing ending quote in instancedata docs(#2094) [Hong L] + refactor: stop passing log instances to cc_* handlers (#2016) [d1r3ct0r] + tests/vmware: fix test_no_data_access_method failure (#2092) [Chris Patterson] + Don't change permissions of netrules target (#2076) (LP: #2011783) + tests/sources: patch util.get_cmdline() for datasource tests (#2091) [Chris Patterson] + macs: ignore duplicate MAC for devs with driver driver qmi_wwan (#2090) (LP: #2008888) + Fedora: Enable CA handling (#2086) [Franti??ek Zatloukal] + Send dhcp-client-identifier for InfiniBand ports (#2043) [Waleed Mousa] + cc_ansible: complete the examples and doc (#2082) [Yves] + bddeb: for dev package, derive debhelper-compat from host system + apport: only prompt for cloud_name when instance-data.json is absent + datasource: Optimize datasource detection, fix bugs (#2060) + Handle non existent ca-cert-config situation (#2073) [Shreenidhi Shedi] + sources/azure: add networking check for all source PPS (#2061) [Chris Patterson] + do not attempt dns resolution on ip addresses (#2040) + chore: fix style tip (#2071) + Fix metadata IP in instancedata.rst (#2063) [Brian Haley] + util: Pass deprecation schedule in deprecate_call() (#2064) + config: Update grub-dpkg docs (#2058) + docs: Cosmetic improvements and styling (#2057) [s-makin] + cc_grub_dpkg: Added UEFI support (#2029) [Alexander Birkner] + tests: Write to /var/spool/rsyslog to adhere to apparmor profile (#2059) + oracle-ds: prefer system_cfg over ds network config source (#1998) (LP: #1956788) + Remove dead code (#2038) + source: Force OpenStack when it is only option (#2045) (LP: #2008727) + cc_ubuntu_advantage: improve UA logs discovery + sources/azure: fix regressions in IMDS behavior (#2041) [Chris Patterson] + tests: fix test_schema (#2042) + dhcp: Cleanup unused kwarg (#2037) + sources/vmware/imc: fix-missing-catch-few-negtive-scenarios (#2027) [PengpengSun] + dhclient_hook: remove vestigal dhclient_hook command (#2015) + log: Add standardized deprecation tooling (SC-1312) (#2026) + Enable SUSE based distros for ca handling (#2036) [Robert Schweikert] >From 23.1.2 + Make user/vendor data sensitive and remove log permissions (LP: #2013967) (CVE-2023-1786) - Remove six dependency (bsc#1198269) - Update to version 22.4 (bsc#1201010) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:153-1 Released: Thu Jan 18 15:04:35 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1179610,1215237,1215375,1217250,1217709,1217946,1217947,1218105,1218253,1218258,1218559,CVE-2020-26555,CVE-2023-51779,CVE-2023-6121,CVE-2023-6606,CVE-2023-6610,CVE-2023-6931,CVE-2023-6932 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). - CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253). The following non-security bugs were fixed: - clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105). - clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105). - doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021) - doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021) - doc/README.SUSE: Simplify the list of references (jsc#PED-5021). - efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375). - io_uring: fix 32-bit compatability with sendmsg/recvmsg (bsc#1217709). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:161-1 Released: Thu Jan 18 18:40:46 2024 Summary: Recommended update for dpdk22 Type: recommended Severity: moderate References: This update of dpdk22 fixes the following issue: - DPDK 22.11.1 is shipped to SLE Micro 5.5. (jsc#PED-7147) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:164-1 Released: Fri Jan 19 05:47:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1207987 This update for util-linux fixes the following issues: - Instead of explicitly truncating clocks.txt file, pad with whitespaces in the end of file. This is done to improve performance of libuuid on xfs. (bsc#1207987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:187-1 Released: Tue Jan 23 13:38:00 2024 Summary: Recommended update for python-chardet Type: recommended Severity: moderate References: 1218765 This update for python-chardet fixes the following issues: - Fix update-alternative in %postun (bsc#1218765) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:189-1 Released: Tue Jan 23 13:54:18 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: critical References: 1217961,1218649 This update for suseconnect-ng contains the following fix: - Update to version 1.6.0: * Disable EULA display for addons. (bsc#1218649 and bsc#1217961) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:232-1 Released: Thu Jan 25 11:58:05 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1217775 This update for suse-module-tools fixes the following issues: - Update to version 15.3.18 - Add symlink /boot/.vmlinuz.hmac (bsc#1217775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:254-1 Released: Fri Jan 26 17:19:30 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: 1217952 This update for containerd fixes the following issues: - Fix permissions of address file (bsc#1217952) - Update to version 1.7.10 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:264-1 Released: Tue Jan 30 14:19:02 2024 Summary: Security update for xen Type: security Severity: moderate References: 1218851,CVE-2023-46839 This update for xen fixes the following issues: - CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:295-1 Released: Thu Feb 1 08:23:17 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. (bsc#1218894) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:306-1 Released: Thu Feb 1 17:58:09 2024 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1218561,1218739 This update for python-instance-billing-flavor-check fixes the following issues: - Support proxy setup on the client to access the update infrastructure API (bsc#1218561) - Add IPv6 support (bsc#1218739) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:427-1 Released: Thu Feb 8 12:56:57 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1196293,1211547,1216049,1216388,1216390,1216522,1216827,1217287,1218201,1218282 This update for supportutils fixes the following issues: - Update to version 3.1.28 - Correctly detects Xen Dom0 (bsc#1218201) - Fixed smart disk error (bsc#1218282) - Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173) - Added missing klp information to kernel-livepatch.txt (bsc#1216390) - Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388) - Provides long listing for /etc/sssd/sssd.conf (bsc#1211547) - Optimize lsof usage (bsc#1183663) - Collects chrony or ntp as needed (bsc#1196293) - Fixed podman display issue (bsc#1217287) - Added nvme-stas configuration to nvme.txt (bsc#1216049) - Added timed command to fs-files.txt (bsc#1216827) - Collects zypp history file issue#166 (bsc#1216522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:444-1 Released: Fri Feb 9 16:39:32 2024 Summary: Security update for suse-build-key Type: security Severity: important References: 1219123,1219189 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:459-1 Released: Tue Feb 13 15:28:56 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:474-1 Released: Wed Feb 14 18:00:29 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1108281,1193285,1215275,1216702,1217987,1217988,1217989,1218713,1218730,1218752,1218757,1218768,1218804,1218832,1218836,1219053,1219120,1219412,1219434,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-4921,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0565,CVE-2024-0775,CVE-2024-1086 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). The following non-security bugs were fixed: - Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:475-1 Released: Wed Feb 14 19:08:44 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:525-1 Released: Mon Feb 19 08:03:59 2024 Summary: Security update for libssh Type: security Severity: important References: 1158095,1168699,1174713,1189608,1211188,1211190,1218126,1218186,1218209,CVE-2019-14889,CVE-2020-16135,CVE-2020-1730,CVE-2021-3634,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918 This update for libssh fixes the following issues: Update to version 0.9.8 (jsc#PED-7719): * Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209) * Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126) * Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186) * Allow @ in usernames when parsing from URI composes Update to version 0.9.7: * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing (bsc#1211188) * Fix CVE-2023-2283: a possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) * Fix several memory leaks in GSSAPI handling code Update to version 0.9.6 (bsc#1189608, CVE-2021-3634): * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6 Update to 0.9.5 (bsc#1174713, CVE-2020-16135): * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232) * Improve handling of library initialization (T222) * Fix parsing of subsecond times in SFTP (T219) * Make the documentation reproducible * Remove deprecated API usage in OpenSSL * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN * Define version in one place (T226) * Prevent invalid free when using different C runtimes than OpenSSL (T229) * Compatibility improvements to testsuite Update to version 0.9.4 * https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ * Fix possible Denial of Service attack when using AES-CTR-ciphers CVE-2020-1730 (bsc#1168699) Update to version 0.9.3 * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095) * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state * SSH-01-006 General: Various unchecked Null-derefs cause DOS * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys * SSH-01-010 SSH: Deprecated hash function in fingerprinting * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access * SSH-01-001 State Machine: Initial machine states should be set explicitly * SSH-01-002 Kex: Differently bound macros used to iterate same array * SSH-01-005 Code-Quality: Integer sign confusion during assignments * SSH-01-008 SCP: Protocol Injection via unescaped File Names * SSH-01-009 SSH: Update documentation which RFCs are implemented * SSH-01-012 PKI: Information leak via uninitialized stack buffer Update to version 0.9.2 * Fixed libssh-config.cmake * Fixed issues with rsa algorithm negotiation (T191) * Fixed detection of OpenSSL ed25519 support (T197) Update to version 0.9.1 * Added support for Ed25519 via OpenSSL * Added support for X25519 via OpenSSL * Added support for localuser in Match keyword * Fixed Match keyword to be case sensitive * Fixed compilation with LibreSSL * Fixed error report of channel open (T75) * Fixed sftp documentation (T137) * Fixed known_hosts parsing (T156) * Fixed build issue with MinGW (T157) * Fixed build with gcc 9 (T164) * Fixed deprecation issues (T165) * Fixed known_hosts directory creation (T166) - Split out configuration to separate package to not mess up the library packaging and coinstallation Update to verion 0.9.0 * Added support for AES-GCM * Added improved rekeying support * Added performance improvements * Disabled blowfish support by default * Fixed several ssh config parsing issues * Added support for DH Group Exchange KEX * Added support for Encrypt-then-MAC mode * Added support for parsing server side configuration file * Added support for ECDSA/Ed25519 certificates * Added FIPS 140-2 compatibility * Improved known_hosts parsing * Improved documentation * Improved OpenSSL API usage for KEX, DH, and signatures - Add libssh client and server config files ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:534-1 Released: Tue Feb 20 08:48:52 2024 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1218762,1218763 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.9 (bsc#1218762, bsc#1218763) - Remove duplicate data collection for the plugin itself - Collect archive metering data when available - Query billing flavor status ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:569-1 Released: Wed Feb 21 07:19:46 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219425 This update for suseconnect-ng fixes the following issues: - Allow SUSEConnect on read write transactional systems (bsc#1219425) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:581-1 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Type: security Severity: moderate References: 1210638,CVE-2023-27043 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:586-1 Released: Thu Feb 22 09:54:21 2024 Summary: Security update for docker Type: security Severity: important References: 1219267,1219268,1219438,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438). * CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268). * CVE-2024-23651: Fixed race condition in mount (bsc#1219267). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:596-1 Released: Thu Feb 22 20:05:29 2024 Summary: Security update for openssh Type: security Severity: important References: 1218215,CVE-2023-51385 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:824-1 Released: Fri Mar 8 17:34:36 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:832-1 Released: Mon Mar 11 10:30:30 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:834-1 Released: Mon Mar 11 14:22:12 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). Fixed issues introduced by first patches for CVE-2023-42465 (bsc#1220389). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:04 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:853-1 Released: Tue Mar 12 17:20:28 2024 Summary: Recommended update for qrencode Type: recommended Severity: moderate References: This update for qrencode fixes the following issues: - update to 4.1.1 (jsc#PED-7296): * Some minor bugs in Micro QR Code generation have been fixed. * The data capacity calculations are now correct. These bugs probably did not affect the Micro QR Code generation. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:857-1 Released: Wed Mar 13 01:07:44 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1200599,1207653,1212514,1213456,1216223,1218195,1218689,1218915,1219127,1219128,1219146,1219295,1219653,1219827,1219835,1219915,1220009,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220253,1220255,1220328,1220330,1220344,1220398,1220409,1220416,1220418,1220421,1220436,1220444,1220459,1220469,1220482,1220526,1220538,1220570,1220572,1220599,1220627,1220641,1220649,1220660,1220689,1220700,1220735,1220736,1220737,1220742,1220745,1220767,1220796,1220825,1220826,1220831,1220845,1220860,1220863,1220870,1220917,1220918,1220930,1220931,1220932,1221039,1221040,CVE-2019-25162,CVE-2020-36777,CVE-2020-36784,CVE-2021-46904,CVE-2021-46905,CVE-2021-46906,CVE-2021-46915,CVE-2021-46924,CVE-2021-46929,CVE-2021-46932,CVE-2021-46934,CVE-2021-46953,CVE-2021-46964,CVE-2021-46966,CVE-2021-46968,CVE-2021-46974,CVE-2021-46989,CVE-2021-47005,CVE-2021-47012,CVE-2021-47013,CVE-2021-47054,CVE-2021-47060,CVE-2021-47061,CVE-2021-47069,CVE-2021-47076,CVE-2021-47078,CVE-2021-47083,CVE-2022-201 54,CVE-2022-48627,CVE-2023-28746,CVE-2023-35827,CVE-2023-46343,CVE-2023-51042,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52463,CVE-2023-52475,CVE-2023-52478,CVE-2023-52482,CVE-2023-52502,CVE-2023-52530,CVE-2023-52531,CVE-2023-52532,CVE-2023-52569,CVE-2023-52574,CVE-2023-52597,CVE-2023-52605,CVE-2023-6817,CVE-2024-0340,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23851,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-26593,CVE-2024-26595,CVE-2024-26602,CVE-2024-26607,CVE-2024-26622 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2023-52340: Fixed ICMPv6 ???Packet Too Big??? packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863) - CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860) - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52482: Fixex a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660). - CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742). - CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627). - CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737). - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745). The following non-security bugs were fixed: - EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330) - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915). - ibmvfc: make 'max_sectors' a module option (bsc#1216223). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes). - KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes). - KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). - KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915). - scsi: Update max_hw_sectors on rescan (bsc#1216223). - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: Add asm helpers for executing VERW (git-fixes). - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add the removed mds_user_clear symbol to kABI severities as it is exposed just for KVM module and is generally a core kernel component so removing it is low risk. - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes). - x86/entry_32: Add VERW just before userspace transition (git-fixes). - x86/entry_64: Add VERW just before userspace transition (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:860-1 Released: Wed Mar 13 08:45:21 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1218865,CVE-2023-5981,CVE-2024-0553 This update for gnutls fixes the following issues: - CVE-2024-0553: Fixed insufficient mitigation for side channel attack in RSA-PSK, aka CVE-2023-5981 (bsc#1218865). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:871-1 Released: Wed Mar 13 13:07:46 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: - CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321). - CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326). - CVE-2023-48236: Fixed overflow in get_number (bsc#1217329). - CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330). - CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005). Updated to version 9.1 with patch level 0111: https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:896-1 Released: Thu Mar 14 15:54:44 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1215692,1218926,1218927,1219265 This update for wicked fixes the following issues: - ifreload: VLAN changes require device deletion (bsc#1218927) - ifcheck: fix config changed check (bsc#1218926) - client: fix exit code for no-carrier status (bsc#1219265) - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) - duid: fix comment for v6time - rtnl: fix peer address parsing for non ptp-interfaces - system-updater: parse updater format from XML configuration to ensure install calls can run ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:904-1 Released: Fri Mar 15 08:42:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1214713,1218632,1218812,1218814,1219241,1219639 This update for supportutils fixes the following issues: - Update toversion 3.1.29 - Extended scaling for performance (bsc#1214713) - Fixed kdumptool output error (bsc#1218632) - Corrected podman ID errors (bsc#1218812) - Duplicate non root podman entries removed (bsc#1218814) - Corrected get_sles_ver for SLE Micro (bsc#1219241) - Check nvidida-persistenced state (bsc#1219639) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:935-1 Released: Tue Mar 19 13:03:44 2024 Summary: Security update for xen Type: security Severity: moderate References: 1219885,CVE-2023-46841 This update for xen fixes the following issues: - CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:944-1 Released: Wed Mar 20 09:15:53 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1220679 This update for suseconnect-ng fixes the following issues: - Allow '--rollback' flag to run on readonly filesystem (bsc#1220679) - Update to version 1.7.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:984-1 Released: Mon Mar 25 16:04:44 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1192051,1221050 This update for runc fixes the following issues: - Add upstream patch to properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050 This allows running 15 SP6 containers on older distributions. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1001-1 Released: Wed Mar 27 01:48:30 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1104-1 Released: Wed Apr 3 14:29:59 2024 Summary: Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs Type: recommended Severity: important References: This update for docker fixes the following issues: - Overlay files are world-writable (bsc#1220339) - Allow disabling apparmor support (some products only support SELinux) The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs) are no-change rebuilds required because the corresponding binary packages were missing in a number of repositories, thus making docker not installable on some products. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1118-1 Released: Fri Apr 5 06:33:40 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216594,1216598,CVE-2023-38469,CVE-2023-38471 This update for avahi fixes the following issues: - CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594). - CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1120-1 Released: Fri Apr 5 14:03:46 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1126-1 Released: Mon Apr 8 07:06:47 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1220996,1221194,1221358 This update for wicked fixes the following issues: - Fix fallback-lease drop in addrconf (bsc#1220996) - Use upstream `nvme nbft show` (bsc#1221358) - Hide secrets in debug log (bsc#1221194) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1136-1 Released: Mon Apr 8 11:30:15 2024 Summary: Security update for c-ares Type: security Severity: moderate References: 1220279,CVE-2024-25629 This update for c-ares fixes the following issues: - CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1152-1 Released: Mon Apr 8 11:36:50 2024 Summary: Security update for xen Type: security Severity: moderate References: 1221332,1221334,CVE-2023-28746,CVE-2024-2193 This update for xen fixes the following issues: - CVE-2023-28746: Register File Data Sampling (bsc#1221332) - CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1170-1 Released: Tue Apr 9 09:51:25 2024 Summary: Security update for util-linux Type: security Severity: important References: 1194038,1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1190-1 Released: Wed Apr 10 03:28:33 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1202-1 Released: Thu Apr 11 10:49:35 2024 Summary: Recommended update for libzypp, zypper, PackageKit Type: recommended Severity: moderate References: 1175678,1218171,1218544,1221525,CVE-2024-0217 This update for libzypp, zypper, PackageKit fixes the following issues: - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1335-1 Released: Thu Apr 18 14:44:22 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1222105 This update for wicked fixes the following issues: - Do not convert sec to msec twice (bsc#1222105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1352-1 Released: Fri Apr 19 15:28:38 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1220132,1221132,1221726,1222113 This update for cloud-init contains the following fixes: - Add cloud-init-no-nmcfg-needed.patch (bsc#1221726) + Do not require a NetworkManager config file in order to detect NetworkManager as the renderer - Add cloud-init-no-openstack-guess.patch (bsc#1222113) + Do not guess if we are running on OpenStack or not. Only recognize the known markers and enable cloud-init if we know for sure. - Do not guess a data source when checking for a CloudStack environment. (bsc#1221132) - Hardcode distribution to suse for proper cloud.cfg generation (bsc#1220132). - Prepare for RPM 4.20 switch patch syntax ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1366-1 Released: Mon Apr 22 11:04:32 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1216474,1218871,1221123,1222831 This update for openssh fixes the following issues: - Fix hostbased ssh login failing occasionally with 'signature unverified: incorrect signature' by fixing a typo in patch (bsc#1221123) - Avoid closing IBM Z crypto devices nodes. (bsc#1218871) - Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474) - Change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled). This makes ssh update the known_hosts stored keys with all published versions by the server (after it's authenticated with an existing key), which will allow to identify the server with a different key if the existing key is considered insecure at some point in the future (bsc#1222831). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1368-1 Released: Mon Apr 22 11:06:29 2024 Summary: Security update for shim Type: security Severity: important References: 1198101,1205588,1205855,1210382,1213945,1215098,1215099,1215100,1215101,1215102,1215103,1219460,CVE-2022-28737,CVE-2023-40546,CVE-2023-40547,CVE-2023-40548,CVE-2023-40549,CVE-2023-40550,CVE-2023-40551 This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Generate dbx during build so we don't include binary files in sources - Don't require grub so shim can still be used with systemd-boot - Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) - Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade - Update shim-install to amend full disk encryption support - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector - Use the long name to specify the grub2 key protector - cryptodisk: support TPM authorized policies - Do not use tpm_record_pcrs unless the command is in command.lst - Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1433-1 Released: Wed Apr 24 21:41:41 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1221525,1221963,1222086,1222398,1223094 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Do not try to refresh repo metadata as non-root user (bsc#1222086) - man: Explain how to protect orphaned packages by collecting them in a plaindir repo - packages: Add --autoinstalled and --userinstalled options to list them - Don't print 'reboot required' message if download-only or dry-run - Resepect zypper.conf option `showAlias` search commands (bsc#1221963) - dup: New option --remove-orphaned to remove all orphaned packages in dup (bsc#1221525) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1434-1 Released: Thu Apr 25 09:11:03 2024 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1200731 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84) Support both the old and new service to avoid complex version interdependency. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1439-1 Released: Thu Apr 25 23:41:12 2024 Summary: Security update for python-idna Type: security Severity: moderate References: 1222842,CVE-2024-3651 This update for python-idna fixes the following issues: - CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1459-1 Released: Mon Apr 29 07:48:02 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1474-1 Released: Tue Apr 30 06:21:02 2024 Summary: Recommended update for cups Type: recommended Severity: important References: 1217119 This update for cups fixes the following issues: - Fix occasional stuck on poll() loop (bsc#1217119) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1488-1 Released: Thu May 2 15:29:32 2024 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1213551 This update for chrony fixes the following issues: - Use shorter NTS-KE retry interval when network is down (bsc#1213551) - Use make quickcheck instead of make check to avoid more than 1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1489-1 Released: Fri May 3 09:36:22 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1184942,1186060,1192145,1194516,1208995,1209635,1209657,1212514,1213456,1217987,1217988,1217989,1218336,1218447,1218479,1218562,1219170,1219264,1220320,1220340,1220366,1220400,1220411,1220413,1220414,1220425,1220426,1220429,1220432,1220442,1220445,1220465,1220468,1220475,1220484,1220486,1220487,1220516,1220521,1220528,1220529,1220532,1220554,1220556,1220557,1220560,1220561,1220566,1220575,1220580,1220583,1220611,1220615,1220621,1220625,1220630,1220631,1220638,1220639,1220640,1220641,1220662,1220663,1220669,1220670,1220677,1220678,1220685,1220687,1220688,1220692,1220697,1220703,1220706,1220733,1220734,1220739,1220743,1220745,1220749,1220751,1220753,1220758,1220759,1220764,1220768,1220769,1220777,1220779,1220785,1220790,1220794,1220824,1220826,1220829,1220836,1220846,1220850,1220861,1220871,1220883,1220946,1220954,1220969,1220979,1220982,1220985,1220987,1221015,1221044,1221058,1221061,1221077,1221088,1221276,1221293,1221532,1221534,1221541,1221548,1221552,1221575,1221605,1 221606,1221608,1221830,1221931,1221932,1221934,1221935,1221949,1221952,1221965,1221966,1221969,1221973,1221974,1221978,1221989,1221990,1221991,1221992,1221993,1221994,1221996,1221997,1221998,1221999,1222000,1222001,1222002,1222003,1222004,1222117,1222422,1222585,1222619,1222660,1222664,1222669,1222706,CVE-2020-36780,CVE-2020-36781,CVE-2020-36782,CVE-2020-36783,CVE-2021-23134,CVE-2021-29155,CVE-2021-46908,CVE-2021-46909,CVE-2021-46911,CVE-2021-46914,CVE-2021-46917,CVE-2021-46918,CVE-2021-46919,CVE-2021-46920,CVE-2021-46921,CVE-2021-46922,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46938,CVE-2021-46939,CVE-2021-46943,CVE-2021-46944,CVE-2021-46950,CVE-2021-46951,CVE-2021-46956,CVE-2021-46958,CVE-2021-46959,CVE-2021-46960,CVE-2021-46961,CVE-2021-46962,CVE-2021-46963,CVE-2021-46971,CVE-2021-46976,CVE-2021-46980,CVE-2021-46981,CVE-2021-46983,CVE-2021-46984,CVE-2021-46988,CVE-2021-46990,CVE-2021-46991,CVE-2021-46992,CVE-2021-46998,CVE-2021-47000,CVE-2021-47001,CVE-2021-47003,CVE- 2021-47006,CVE-2021-47009,CVE-2021-47013,CVE-2021-47014,CVE-2021-47015,CVE-2021-47017,CVE-2021-47020,CVE-2021-47026,CVE-2021-47034,CVE-2021-47035,CVE-2021-47038,CVE-2021-47044,CVE-2021-47045,CVE-2021-47046,CVE-2021-47049,CVE-2021-47051,CVE-2021-47055,CVE-2021-47056,CVE-2021-47058,CVE-2021-47061,CVE-2021-47063,CVE-2021-47065,CVE-2021-47068,CVE-2021-47069,CVE-2021-47070,CVE-2021-47071,CVE-2021-47073,CVE-2021-47077,CVE-2021-47082,CVE-2021-47087,CVE-2021-47095,CVE-2021-47097,CVE-2021-47100,CVE-2021-47101,CVE-2021-47109,CVE-2021-47110,CVE-2021-47112,CVE-2021-47114,CVE-2021-47117,CVE-2021-47118,CVE-2021-47119,CVE-2021-47120,CVE-2021-47130,CVE-2021-47136,CVE-2021-47137,CVE-2021-47138,CVE-2021-47139,CVE-2021-47141,CVE-2021-47142,CVE-2021-47144,CVE-2021-47150,CVE-2021-47153,CVE-2021-47160,CVE-2021-47161,CVE-2021-47164,CVE-2021-47165,CVE-2021-47166,CVE-2021-47167,CVE-2021-47168,CVE-2021-47169,CVE-2021-47170,CVE-2021-47171,CVE-2021-47172,CVE-2021-47173,CVE-2021-47174,CVE-2021-47175,CVE-2021-47 176,CVE-2021-47177,CVE-2021-47179,CVE-2021-47180,CVE-2021-47181,CVE-2021-47183,CVE-2021-47185,CVE-2021-47189,CVE-2022-0487,CVE-2022-4744,CVE-2022-48626,CVE-2023-0160,CVE-2023-1192,CVE-2023-28746,CVE-2023-35827,CVE-2023-52454,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52476,CVE-2023-52477,CVE-2023-52492,CVE-2023-52500,CVE-2023-52508,CVE-2023-52509,CVE-2023-52572,CVE-2023-52575,CVE-2023-52583,CVE-2023-52590,CVE-2023-52591,CVE-2023-52607,CVE-2023-52628,CVE-2023-6270,CVE-2023-6356,CVE-2023-6531,CVE-2023-6535,CVE-2023-6536,CVE-2023-7042,CVE-2023-7192,CVE-2024-22099,CVE-2024-26600,CVE-2024-26614,CVE-2024-26642,CVE-2024-26704,CVE-2024-26733 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557). - CVE-2021-46911: Fixed kernel panic (bsc#1220400). - CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465). - CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432). - CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429). - CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414). - CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426). - CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516). - CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734). - CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529). - CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697). - CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621). - CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663). - CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639). - CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706). - CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670). - CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677). - CVE-2021-47009: Fixed memory leak on object td (bsc#1220733). - CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630). - CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678). - CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685). - CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688). - CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753). - CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759). - CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534). - CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552). - CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932). - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973). - CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974). - CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978). - CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990). - CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). The following non-security bugs were fixed: - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - group-source-files.pl: Quote filenames (boo#1221077). - kernel-binary: certs: Avoid trailing space - mm: fix gup_pud_range (bsc#1220824). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1534-1 Released: Mon May 6 14:55:19 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1540-1 Released: Tue May 7 09:24:25 2024 Summary: Security update for xen Type: security Severity: moderate References: 1221984,1222302,1222453,CVE-2023-46842,CVE-2024-2201,CVE-2024-31142 This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453) - CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984) - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1567-1 Released: Thu May 9 12:33:42 2024 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: - Update to catatonit v0.2.0 - Change license to GPL-2.0-or-later ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1569-1 Released: Thu May 9 13:17:26 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216853,CVE-2023-38472 This update for avahi fixes the following issues: - CVE-2023-38472: Fix reachable assertion in avahi_rdata_parse() (bsc#1216853). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1633-1 Released: Tue May 14 11:35:56 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1642-1 Released: Tue May 14 15:38:24 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1190576,1192145,1200313,1201489,1203906,1203935,1204614,1211592,1218562,1218917,1219169,1219170,1219264,1220513,1220755,1220854,1221113,1221299,1221543,1221545,1222449,1222482,1222503,1222559,1222585,1222624,1222666,1222669,1222709,1222790,1222792,1222829,1222876,1222878,1222881,1222883,1222894,1222976,1223016,1223057,1223111,1223187,1223202,1223475,1223482,1223509,1223513,1223522,1223824,1223921,1223923,1223931,1223941,1223948,1223952,1223963,CVE-2021-46955,CVE-2021-47041,CVE-2021-47074,CVE-2021-47113,CVE-2021-47131,CVE-2021-47184,CVE-2021-47185,CVE-2021-47194,CVE-2021-47198,CVE-2021-47201,CVE-2021-47202,CVE-2021-47203,CVE-2021-47206,CVE-2021-47207,CVE-2021-47212,CVE-2021-47216,CVE-2022-48631,CVE-2022-48638,CVE-2022-48650,CVE-2022-48651,CVE-2022-48654,CVE-2022-48672,CVE-2022-48686,CVE-2022-48687,CVE-2022-48693,CVE-2022-48695,CVE-2022-48701,CVE-2022-48702,CVE-2023-2860,CVE-2023-6270,CVE-2024-0639,CVE-2024-0841,CVE-2024-22099,CVE-2024-23307,CVE-2024-26610,CVE-2024-26688,C VE-2024-26689,CVE-2024-26733,CVE-2024-26739,CVE-2024-26744,CVE-2024-26816,CVE-2024-26840,CVE-2024-26852,CVE-2024-26862,CVE-2024-26898,CVE-2024-26903,CVE-2024-26906,CVE-2024-27043 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543). - CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755). - CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). The following non-security bugs were fixed: - dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113). - dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113). - net/tls: Remove the context from the list in tls_device_down (bsc#1221545). - tls: Fix context leak on tls_device_down (bsc#1221545). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1666-1 Released: Thu May 16 08:00:53 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1775-1 Released: Fri May 24 15:20:59 2024 Summary: Security update for libfastjson Type: security Severity: important References: 1171479,CVE-2020-12762 This update for libfastjson fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write via a large JSON file (bsc#1171479). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1778-1 Released: Fri May 24 17:40:50 2024 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysctl-logger (jsc#PED-5024) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1792-1 Released: Mon May 27 18:05:34 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1220679,1223107 This update for suseconnect-ng fixes the following issues: - Version update * Fix certificate import for Yast when using a registration proxy with self-signed SSL certificate (bsc#1223107) * Allow '--rollback' flag to run on readonly filesystem (bsc#1220679) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:461-1 Released: Wed May 29 09:34:10 2024 Summary: Security update for libxml2 Type: security Severity: important References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1826-1 Released: Wed May 29 10:43:45 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1205604,1218926,1219108,1224100 This update for wicked fixes the following issues: - client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100) - Update to version 0.6.75: - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings - cleanup: fix overflow warnings in a socket testcase on i586 - ifcheck: report new and deleted configs as changed (bsc#1218926) - man: improve ARP configuration options in the wicked-config.5 - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108) - cleanup: fix interface dependencies and shutdown order (bsc#1205604) - Remove port arrays from bond,team,bridge,ovs-bridge (redundant) and consistently use config and state info attached to the port interface as in rtnetlink(7). - Cleanup ifcfg parsing, schema configuration and service properties - Migrate ports in xml config and policies already applied in nanny - Remove 'missed config' generation from finite state machine, which is completed while parsing the config or while xml config migration. - Issue a warning when 'lower' interface (e.g. eth0) config is missed while parsing config depending on it (e.g. eth0.42 vlan). - Resolve ovs master to the effective bridge in config and wickedd - Implement netif-check-state require checks using system relations from wickedd/kernel instead of config relations for ifdown and add linkDown and deleteDevice checks to all master and lower references. - Add a `wicked --dry-run ???` option to show the system/config interface hierarchies as notice with +/- marked interfaces to setup and/or shutdown. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1848-1 Released: Thu May 30 06:52:35 2024 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1220082,1222021 This update for supportutils fixes the following issues: - Suppress file descriptor leak warnings from lvm commands (bsc#1220082) - Add -V key:value pair option (bsc#1222021, PED-8211) - Avoid getting duplicate kernel verifications in boot.text - Include container log timestamps ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1863-1 Released: Thu May 30 14:18:27 2024 Summary: Security update for python-Jinja2 Type: security Severity: moderate References: 1218722,1223980,CVE-2024-22195,CVE-2024-34064 This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1880-1 Released: Fri May 31 08:45:12 2024 Summary: Security update for python-requests Type: security Severity: moderate References: 1224788,CVE-2024-35195 This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1982-1 Released: Tue Jun 11 12:12:44 2024 Summary: Security update for bind Type: security Severity: important References: 1219823,1219826,1219851,1219852,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-6516 This update for bind fixes the following issues: - CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) - CVE-2023-50387: Fixed denial of service during DNS messages validation with DNSSEC signatures (bsc#1219823) - CVE-2023-50868: Fixed denial of service during NSEC3 closest encloser proof preparation (bsc#1219826) - CVE-2023-5517: Fixed denial of service caused by specific queries with nxdomain-redirect enabled (bsc#1219852) - CVE-2023-6516: Fixed denial of service caused by specific queries that continuously triggered cache database maintenance (bsc#1219854) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2003-1 Released: Wed Jun 12 07:30:30 2024 Summary: Security update for cups Type: security Severity: important References: 1223179,1225365,CVE-2024-35235 This update for cups fixes the following issues: - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365) - Handle local 'Negotiate' authentication response for cli clients (bsc#1223179) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2009-1 Released: Wed Jun 12 13:47:43 2024 Summary: Security update for curl Type: security Severity: moderate References: 1219273,CVE-2023-27534 This update for curl fixes the following issues: - CVE-2023-27534: Properly resolve ~ when used in a SFTP path. (bsc#1219273) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2033-1 Released: Sun Jun 16 12:19:55 2024 Summary: Security update for bind Type: security Severity: important References: 1219823,1219826,1219851,1219852,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-6516 This update for bind fixes the following issues: - CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) - CVE-2023-50387: Fixed denial of service during DNS messages validation with DNSSEC signatures (bsc#1219823) - CVE-2023-50868: Fixed denial of service during NSEC3 closest encloser proof preparation (bsc#1219826) - CVE-2023-5517: Fixed denial of service caused by specific queries with nxdomain-redirect enabled (bsc#1219852) - CVE-2023-6516: Fixed denial of service caused by specific queries that continuously triggered cache database maintenance (bsc#1219854) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2035-1 Released: Mon Jun 17 09:29:26 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: 33666 Released: Wed Jun 19 08:36:53 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222086,1223430,1223766 This update for libsolv, libzypp, zypper fixes the following issues: - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2085-1 Released: Wed Jun 19 11:36:00 2024 Summary: recommended update for python-requests Type: recommended Severity: moderate References: 1225912 This update for python-requests fixes the following issue: - Allow the usage of 'verify' parameter as a directory. (bsc#1225912) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2108-1 Released: Thu Jun 20 19:35:51 2024 Summary: Security update for containerd Type: security Severity: important References: 1221400,1224323,CVE-2023-45288 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2174-1 Released: Mon Jun 24 07:20:48 2024 Summary: Security update for wget Type: security Severity: moderate References: 1226419,CVE-2024-38428 This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2185-1 Released: Mon Jun 24 21:04:36 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1151927,1152472,1154353,1156395,1174585,1176447,1176774,1176869,1178134,1181147,1184631,1185570,1185589,1185902,1186885,1187357,1188616,1188772,1189883,1190795,1191452,1192107,1194288,1194591,1196956,1197760,1198029,1199304,1200619,1203389,1206646,1209657,1210335,1210629,1213476,1215420,1216702,1217169,1220137,1220144,1220754,1220877,1220960,1221044,1221113,1221829,1222251,1222619,1222838,1222867,1223084,1223138,1223384,1223390,1223512,1223932,1223934,1224099,1224174,1224438,1224482,1224511,1224592,1224816,1224826,1224830,1224831,1224832,1224834,1224841,1224842,1224843,1224844,1224846,1224849,1224852,1224853,1224854,1224859,1224882,1224886,1224888,1224889,1224891,1224892,1224893,1224899,1224904,1224907,1224909,1224916,1224917,1224922,1224923,1224924,1224926,1224928,1224953,1224954,1224955,1224957,1224961,1224963,1224965,1224966,1224968,1224981,1224982,1224983,1224984,1224987,1224990,1224993,1224996,1224997,1225026,1225030,1225058,1225060,1225083,1225084,1225091,1 225112,1225113,1225128,1225140,1225143,1225148,1225155,1225164,1225177,1225178,1225181,1225192,1225193,1225198,1225201,1225206,1225207,1225208,1225214,1225223,1225224,1225230,1225232,1225233,1225237,1225238,1225243,1225244,1225247,1225251,1225252,1225256,1225261,1225262,1225263,1225301,1225303,1225316,1225318,1225320,1225321,1225322,1225326,1225327,1225328,1225330,1225333,1225336,1225341,1225346,1225351,1225354,1225355,1225357,1225358,1225360,1225361,1225366,1225367,1225369,1225370,1225372,1225374,1225384,1225386,1225387,1225390,1225393,1225400,1225404,1225405,1225409,1225411,1225424,1225427,1225435,1225437,1225438,1225439,1225446,1225447,1225448,1225450,1225453,1225455,1225468,1225499,1225500,1225508,1225534,CVE-2020-36788,CVE-2021-3743,CVE-2021-39698,CVE-2021-43056,CVE-2021-43527,CVE-2021-47104,CVE-2021-47192,CVE-2021-47200,CVE-2021-47220,CVE-2021-47227,CVE-2021-47228,CVE-2021-47229,CVE-2021-47230,CVE-2021-47231,CVE-2021-47235,CVE-2021-47236,CVE-2021-47237,CVE-2021-47239,CVE-2021- 47240,CVE-2021-47241,CVE-2021-47246,CVE-2021-47252,CVE-2021-47253,CVE-2021-47254,CVE-2021-47255,CVE-2021-47258,CVE-2021-47259,CVE-2021-47260,CVE-2021-47261,CVE-2021-47263,CVE-2021-47265,CVE-2021-47267,CVE-2021-47269,CVE-2021-47270,CVE-2021-47274,CVE-2021-47275,CVE-2021-47276,CVE-2021-47280,CVE-2021-47281,CVE-2021-47284,CVE-2021-47285,CVE-2021-47288,CVE-2021-47289,CVE-2021-47296,CVE-2021-47301,CVE-2021-47302,CVE-2021-47305,CVE-2021-47307,CVE-2021-47308,CVE-2021-47314,CVE-2021-47315,CVE-2021-47320,CVE-2021-47321,CVE-2021-47323,CVE-2021-47324,CVE-2021-47329,CVE-2021-47330,CVE-2021-47332,CVE-2021-47333,CVE-2021-47334,CVE-2021-47337,CVE-2021-47338,CVE-2021-47340,CVE-2021-47341,CVE-2021-47343,CVE-2021-47344,CVE-2021-47347,CVE-2021-47348,CVE-2021-47350,CVE-2021-47353,CVE-2021-47354,CVE-2021-47356,CVE-2021-47369,CVE-2021-47375,CVE-2021-47378,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47387,CVE-2021-47388,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47395,CVE-2021-47396,C VE-2021-47399,CVE-2021-47402,CVE-2021-47404,CVE-2021-47405,CVE-2021-47409,CVE-2021-47413,CVE-2021-47416,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47428,CVE-2021-47431,CVE-2021-47434,CVE-2021-47435,CVE-2021-47436,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47451,CVE-2021-47456,CVE-2021-47458,CVE-2021-47460,CVE-2021-47464,CVE-2021-47465,CVE-2021-47468,CVE-2021-47473,CVE-2021-47478,CVE-2021-47480,CVE-2021-47482,CVE-2021-47483,CVE-2021-47485,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-2021-47509,CVE-2021-47511,CVE-2021-47512,CVE-2021-47516,CVE-2021-47518,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47535,CVE-2021-47536,CVE-2021-47538,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47549,CVE-2021-47557,CVE-2021-47562,CVE-2021 -47563,CVE-2021-47565,CVE-2022-1195,CVE-2022-20132,CVE-2022-48636,CVE-2022-48673,CVE-2022-48704,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-2176,CVE-2023-4244,CVE-2023-47233,CVE-2023-52433,CVE-2023-52581,CVE-2023-52591,CVE-2023-52654,CVE-2023-52655,CVE-2023-52686,CVE-2023-52840,CVE-2023-52871,CVE-2023-52880,CVE-2023-6531,CVE-2024-26581,CVE-2024-26643,CVE-2024-26828,CVE-2024-26921,CVE-2024-26925,CVE-2024-26929,CVE-2024-26930,CVE-2024-27398,CVE-2024-27413,CVE-2024-35811,CVE-2024-35895,CVE-2024-35914 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201). - CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354) - CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) - CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355). - CVE-2021-47500: Fixed trigger reference couting (bsc#1225360). - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438). - CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208). - CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954) - CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). The following non-security bugs were fixed: - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - cifs: add missing spinlock around tcon refcount (bsc#1213476). - cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476). - cifs: avoid race conditions with parallel reconnects (bsc#1213476). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476). - cifs: avoid use of global locks for high contention data (bsc#1213476). - cifs: check only tcon status on tcon related functions (bsc#1213476). - cifs: do all necessary checks for credits within or before locking (bsc#1213476). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476). - cifs: do not refresh cached referrals from unactive mounts (bsc#1213476). - cifs: do not take exclusive lock for updating target hints (bsc#1213476). - cifs: fix confusing debug message (bsc#1213476). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476). - cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476). - cifs: fix refresh of cached referrals (bsc#1213476). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476). - cifs: fix source pathname comparison of dfs supers (bsc#1213476). - cifs: fix status checks in cifs_tree_connect (bsc#1213476). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476). - cifs: get rid of dns resolve worker (bsc#1213476). - cifs: get rid of mount options string parsing (bsc#1213476). - cifs: handle cache lookup errors different than -ENOENT (bsc#1213476). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476). - cifs: match even the scope id for ipv6 addresses (bsc#1213476). - cifs: optimize reconnect of nested links (bsc#1213476). - cifs: prevent data race in smb2_reconnect() (bsc#1213476). - cifs: refresh root referrals (bsc#1213476). - cifs: remove duplicate code in __refresh_tcon() (bsc#1213476). - cifs: remove unused function (bsc#1213476). - cifs: remove unused smb3_fs_context::mount_options (bsc#1213476). - cifs: return DFS root session id in DebugData (bsc#1213476). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476). - cifs: set correct ipc status after initial tree connect (bsc#1213476). - cifs: set correct status of tcon ipc when reconnecting (bsc#1213476). - cifs: set correct tcon status after initial tree connect (bsc#1213476). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476). - cifs: set resolved ip in sockaddr (bsc#1213476). - cifs: share dfs connections and supers (bsc#1213476). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476). - cifs: use fs_context for automounts (bsc#1213476). - cifs: use origin fullpath for automounts (bsc#1213476). - cifs: use tcon allocation functions even for dummy tcon (bsc#1213476). - netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes). - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes). - netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes). - netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes). - netfilter: nf_tables: GC transaction race with abort path (git-fixes). - netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes). - netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes). - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes). - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes). - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes). - netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes). - netfilter: nf_tables: use correct lock to protect gc_list (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_rbtree: Add missing expired checks (git-fixes). - netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes). - netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes). - netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes). - netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes). - netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes). - netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes). - netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes). - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes). - netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes). - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes). - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - NFC: nxp: add NXP1002 (bsc#1185589). - PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243). - smb: client: fix dfs link mount against w2k8 (git-fixes). - smb: client: fix null auth (bsc#1213476). - smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes). - x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2222-1 Released: Tue Jun 25 18:10:29 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1219680,1223469 This update for cloud-init fixes the following issues: - Brute force approach to skip renames if the device is already present (bsc#1219680) - Handle the existence of /usr/etc/sudoers to search for the expected include location (bsc#1223469) - Do not enable cloud-init on systems where there is no DMI just because no data source has been found. No data source means cloud-init will not run. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2233-1 Released: Wed Jun 26 10:02:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1215918 This update for util-linux fixes the following issue: - fix Xen virtualization type misidentification (bsc#1215918) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2240-1 Released: Wed Jun 26 15:20:30 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1218668 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2247-1 Released: Sun Jun 30 15:21:38 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2252-1 Released: Mon Jul 1 14:58:17 2024 Summary: Recommended update for sle-module-containers-release Type: recommended Severity: low References: This update for sle-module-containers-release contains the following fix: - Remove EOL Date from release package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2267-1 Released: Tue Jul 2 10:33:36 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:27 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2303-1 Released: Thu Jul 4 16:25:35 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2310-1 Released: Mon Jul 8 09:15:35 2024 Summary: Recommended update for libssh Type: recommended Severity: moderate References: 1227396 This update for libssh fixes the following issue: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1227396) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2362-1 Released: Tue Jul 9 16:02:10 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1156395,1171988,1176447,1176774,1181147,1191958,1195065,1195254,1195798,1202623,1218148,1219224,1219633,1222015,1223011,1223384,1224671,1224703,1224749,1224764,1224765,1224766,1224865,1225010,1225047,1225109,1225161,1225184,1225203,1225487,1225518,1225611,1225732,1225749,1225840,1225866,1226226,1226537,1226552,1226554,1226557,1226558,1226562,1226563,1226575,1226583,1226585,1226587,1226595,1226614,1226619,1226621,1226624,1226643,1226644,1226645,1226647,1226650,1226669,1226670,1226672,1226674,1226679,1226686,1226691,1226692,1226698,1226703,1226708,1226709,1226711,1226712,1226713,1226715,1226716,1226720,1226721,1226732,1226758,1226762,1226786,1226962,CVE-2021-3896,CVE-2021-43389,CVE-2021-4439,CVE-2021-47247,CVE-2021-47311,CVE-2021-47328,CVE-2021-47368,CVE-2021-47372,CVE-2021-47379,CVE-2021-47571,CVE-2021-47576,CVE-2021-47583,CVE-2021-47589,CVE-2021-47595,CVE-2021-47596,CVE-2021-47600,CVE-2021-47602,CVE-2021-47609,CVE-2021-47611,CVE-2021-47612,CVE-2021-47617,CVE-2021-47618,C VE-2021-47619,CVE-2021-47620,CVE-2022-0435,CVE-2022-22942,CVE-2022-2938,CVE-2022-48711,CVE-2022-48715,CVE-2022-48717,CVE-2022-48722,CVE-2022-48724,CVE-2022-48726,CVE-2022-48728,CVE-2022-48730,CVE-2022-48732,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48746,CVE-2022-48747,CVE-2022-48748,CVE-2022-48749,CVE-2022-48752,CVE-2022-48754,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48767,CVE-2022-48768,CVE-2022-48771,CVE-2023-24023,CVE-2023-52707,CVE-2023-52752,CVE-2023-52881,CVE-2024-26822,CVE-2024-26923,CVE-2024-35789,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35878,CVE-2024-35950,CVE-2024-36894,CVE-2024-36904,CVE-2024-36940,CVE-2024-36964,CVE-2024-38541,CVE-2024-38545,CVE-2024-38559,CVE-2024-38560 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865). - CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010). - CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161). - CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184). - CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712). - CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). The following non-security bugs were fixed: - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - psi: Fix uaf issue when psi trigger is destroyed while being - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2533-1 Released: Tue Jul 16 14:12:31 2024 Summary: Security update for xen Type: security Severity: important References: 1222453,1227355,CVE-2024-2201,CVE-2024-31143 This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453) - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2648-1 Released: Tue Jul 30 12:03:47 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2671-1 Released: Tue Jul 30 21:10:57 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226192 This update for cups fixes the following issues: - Require the exact matching version-release of all libcups* sub-packages (bsc#1226192) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2674-1 Released: Wed Jul 31 06:57:02 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 06:59:58 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2745-1 Released: Mon Aug 5 17:58:41 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update: * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:10 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2806-1 Released: Wed Aug 7 09:49:03 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2810-1 Released: Wed Aug 7 09:50:10 2024 Summary: Security update for bind Type: security Severity: important References: 1228256,1228257,CVE-2024-1737,CVE-2024-1975 This update for bind fixes the following issues: - CVE-2024-1737: It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (bsc#1228256) - CVE-2024-1975: Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (bsc#1228257) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - bind-utils-9.16.6-150300.22.47.1 updated - blog-2.26-150300.4.6.1 updated - ca-certificates-mozilla-2.62-150200.30.1 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - catatonit-0.2.0-150300.10.8.1 updated - chrony-pool-suse-4.1-150300.16.14.3 updated - chrony-4.1-150300.16.14.3 updated - cloud-init-config-suse-23.3-150100.8.82.3 updated - cloud-init-23.3-150100.8.82.3 updated - containerd-ctr-1.7.17-150000.114.1 updated - containerd-1.7.17-150000.114.1 updated - coreutils-8.32-150300.3.8.1 updated - cpio-2.12-150000.3.12.1 updated - cups-config-2.2.7-150000.3.62.1 updated - curl-7.66.0-150200.4.72.1 updated - dbus-1-1.12.2-150100.8.17.1 updated - dhcp-client-4.3.6.P1-150000.6.19.1 updated - dhcp-4.3.6.P1-150000.6.19.1 updated - docker-25.0.6_ce-150000.203.1 updated - dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 updated - gawk-4.2.1-150000.3.3.1 updated - glibc-locale-base-2.31-150300.83.1 updated - glibc-locale-2.31-150300.83.1 updated - glibc-2.31-150300.83.1 updated - gpg2-2.2.27-150300.3.8.1 updated - grub2-i386-pc-2.04-150300.22.43.1 updated - grub2-x86_64-efi-2.04-150300.22.43.1 updated - grub2-x86_64-xen-2.04-150300.22.43.1 updated - grub2-2.04-150300.22.43.1 updated - hwdata-0.380-150000.3.68.1 updated - hwinfo-21.85-150300.3.6.1 updated - kernel-default-5.3.18-150300.59.167.1 updated - krb5-1.19.2-150300.19.1 updated - less-530-150000.3.9.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libavahi-client3-0.7-150100.3.35.1 updated - libavahi-common3-0.7-150100.3.35.1 updated - libbind9-1600-9.16.6-150300.22.47.1 updated - libblkid1-2.36.2-150300.4.44.12 updated - libblogger2-2.26-150300.4.6.1 updated - libcap2-2.26-150000.4.9.1 updated - libcares2-1.19.1-150000.3.26.1 updated - libcrypt1-4.4.15-150300.4.7.1 updated - libcryptsetup12-2.3.7-150300.3.8.1 updated - libcups2-2.2.7-150000.3.62.1 updated - libcurl4-7.66.0-150200.4.72.1 updated - libdbus-1-3-1.12.2-150100.8.17.1 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 updated - libdns1605-9.16.6-150300.22.47.1 updated - libeconf0-0.5.2-150300.3.11.1 updated - libfastjson4-0.99.8-150000.3.3.1 updated - libfdisk1-2.36.2-150300.4.44.12 updated - libfreetype6-2.10.4-150000.4.15.1 updated - libfstrm0-0.6.1-150300.9.5.1 added - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libglib-2_0-0-2.62.6-150200.3.18.1 updated - libgnutls30-3.6.7-150200.14.31.1 updated - libirs1601-9.16.6-150300.22.47.1 updated - libisc1606-9.16.6-150300.22.47.1 updated - libisccc1600-9.16.6-150300.22.47.1 updated - libisccfg1600-9.16.6-150300.22.47.1 updated - libjansson4-2.14-150000.3.5.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - liblognorm5-2.0.6-150000.3.3.1 updated - libmetalink3-0.1.3-150000.3.2.1 updated - libmount1-2.36.2-150300.4.44.12 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libns1604-9.16.6-150300.22.47.1 updated - libonig4-6.7.0-150000.3.6.1 updated - libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 updated - libopenssl1_1-1.1.1d-150200.11.91.1 updated - libparted0-3.2-150300.21.3.1 updated - libpci3-3.5.6-150300.13.6.1 updated - libpcre2-8-0-10.31-150000.3.15.1 updated - libprocps8-3.3.17-150000.7.39.1 added - libprotobuf-c1-1.3.2-150200.3.9.1 added - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libqrencode4-4.1.1-150000.3.3.1 updated - libsmartcols1-2.36.2-150300.4.44.12 updated - libsolv-tools-base-0.7.29-150200.34.1 added - libsolv-tools-0.7.29-150200.34.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libssh-config-0.9.8-150200.13.6.2 added - libssh4-0.9.8-150200.13.6.2 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libuuid1-2.36.2-150300.4.44.12 updated - libuv1-1.18.0-150000.3.2.1 updated - libxml2-2-2.9.7-150000.3.70.1 updated - libxslt1-1.1.32-150000.3.14.1 added - libyajl2-2.1.0-150000.4.6.1 updated - libz1-1.2.11-150000.3.48.1 updated - libzypp-17.34.1-150200.106.2 updated - login_defs-4.8.1-150300.4.18.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - netcfg-11.6-150000.3.6.1 updated - nfs-client-2.1.1-150100.10.37.1 updated - open-iscsi-2.1.7-150300.32.24.1 updated - openssh-clients-8.4p1-150300.3.37.1 updated - openssh-common-8.4p1-150300.3.37.1 updated - openssh-server-8.4p1-150300.3.37.1 updated - openssh-8.4p1-150300.3.37.1 updated - openssl-1_1-1.1.1d-150200.11.91.1 updated - pam-config-1.1-150200.3.6.1 updated - pam-1.3.0-150000.6.66.1 updated - parted-3.2-150300.21.3.1 updated - pciutils-3.5.6-150300.13.6.1 updated - perl-Bootloader-0.945-150300.3.12.1 updated - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated - procps-3.3.17-150000.7.39.1 updated - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 added - python3-Jinja2-2.10.1-150000.3.13.1 updated - python3-PyJWT-2.4.0-150200.3.8.1 updated - python3-apipkg-1.4-150000.3.6.1 updated - python3-attrs-19.3.0-150200.3.6.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-bind-9.16.6-150300.22.47.1 updated - python3-blinker-1.4-150000.3.6.1 updated - python3-chardet-3.0.4-150000.5.3.1 updated - python3-configobj-5.0.6-150000.3.3.1 updated - python3-cryptography-3.3.2-150200.22.1 updated - python3-cssselect-1.0.3-150400.3.7.4 added - python3-idna-2.6-150000.3.3.1 updated - python3-importlib-metadata-1.5.0-150100.3.5.1 updated - python3-iniconfig-1.1.1-150000.1.11.1 updated - python3-jsonpatch-1.23-150100.3.5.1 updated - python3-jsonpointer-1.14-150000.3.2.1 updated - python3-jsonschema-3.2.0-150200.9.5.1 updated - python3-lxml-4.7.1-150200.3.12.1 added - python3-netifaces-0.10.6-150000.3.2.1 updated - python3-oauthlib-2.0.6-150000.3.6.1 updated - python3-passlib-1.7.4-150300.3.2.1 added - python3-ply-3.10-150000.3.5.1 updated - python3-pyasn1-0.4.2-150000.3.5.1 updated - python3-pyrsistent-0.14.4-150100.3.4.1 updated - python3-pyserial-3.4-150000.3.4.1 updated - python3-requests-2.25.1-150300.3.12.2 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - python3-zipp-0.6.0-150100.3.5.1 updated - python3-3.6.15-150300.10.65.2 updated - rsyslog-module-relp-8.2106.0-150200.4.43.2 updated - rsyslog-8.2106.0-150200.4.43.2 updated - runc-1.1.13-150000.67.1 updated - samba-client-libs-4.15.13+git.710.7032820fcd-150300.3.66.2 updated - sed-4.4-150300.13.3.1 updated - shadow-4.8.1-150300.4.18.1 updated - shim-15.8-150300.4.20.2 updated - sle-module-containers-release-15.3-150300.58.3.2 updated - sudo-1.9.5p2-150300.3.33.1 updated - supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 updated - supportutils-3.1.30-150300.7.35.30.1 updated - suse-build-key-12.0-150000.8.49.2 updated - suse-module-tools-15.3.18-150300.3.25.1 updated - suseconnect-ng-1.11.0-150100.3.33.2 added - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - systemd-presets-branding-SLE-15.1-150100.20.14.1 updated - systemd-presets-common-SUSE-15-150100.8.23.1 updated - tar-1.34-150000.3.34.1 updated - terminfo-base-6.1-150000.5.24.1 updated - terminfo-6.1-150000.5.24.1 updated - timezone-2024a-150000.75.28.1 updated - util-linux-systemd-2.36.2-150300.4.44.11 updated - util-linux-2.36.2-150300.4.44.12 updated - vim-data-common-9.1.0330-150000.5.63.1 updated - vim-9.1.0330-150000.5.63.1 updated - wget-1.20.3-150000.3.20.1 updated - wicked-service-0.6.76-150300.4.35.1 updated - wicked-0.6.76-150300.4.35.1 updated - xen-libs-4.14.6_16-150300.3.75.1 updated - xen-tools-domU-4.14.6_16-150300.3.75.1 updated - zypper-1.14.73-150200.81.6 updated - SUSEConnect-0.3.36-150300.20.6.1 removed - fdupes-1.61-1.452 removed - libprocps7-3.3.15-150000.7.31.1 removed - libruby2_5-2_5-2.5.9-150000.4.26.1 removed - libyaml-0-2-0.1.7-1.17 removed - ruby-common-2.1-3.15 removed - ruby2.5-2.5.9-150000.4.26.1 removed - ruby2.5-rubygem-gem2rpm-0.10.1-3.45 removed - ruby2.5-stdlib-2.5.9-150000.4.26.1 removed - samba-libs-4.15.13+git.636.53d93c5b9d6-150300.3.52.1 removed - sysfsutils-2.1.0-3.3.1 removed - xxd-9.0.1443-150000.5.43.1 removed - zypper-migration-plugin-0.12.1618498507.b68ecea-1.1 removed From sle-container-updates at lists.suse.com Tue Sep 17 11:36:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Sep 2024 13:36:55 +0200 (CEST) Subject: SUSE-CU-2024:4378-1: Security update of suse/manager/5.0/x86_64/server Message-ID: <20240917113655.24397FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4378-1 Container Tags : suse/manager/5.0/x86_64/server:5.0.1 , suse/manager/5.0/x86_64/server:5.0.1.7.5.1 , suse/manager/5.0/x86_64/server:latest Container Release : 7.5.1 Severity : important Type : security References : 1081596 1159034 1167721 1181625 1190273 1194818 1194818 1205628 1206627 1208913 1209377 1211583 1211753 1214980 1215341 1216063 1216908 1218609 1218640 1219004 1219559 1219660 1220356 1220523 1220664 1220690 1220693 1220696 1221365 1221563 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1221854 1222021 1222075 1222075 1222285 1222693 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1222899 1222985 1223094 1223107 1223336 1223535 1223571 1223724 1224014 1224016 1224038 1224051 1224113 1224113 1224115 1224116 1224118 1224771 1224797 1225267 1225907 1225976 1226014 1226030 1226100 1226125 1226128 1226157 1226447 1226448 1226463 1226463 1226469 1226493 1226664 1227067 1227106 1227127 1227138 1227138 1227205 1227268 1227269 1227270 1227271 1227272 1227276 1227278 1227298 1227298 1227308 1227353 1227399 1227456 1227525 1227574 1227625 1227711 1227793 1227888 1227918 1228042 1228046 1228046 1228047 1228047 1228048 1228048 1228050 1228051 1228051 1228052 1228052 1228105 1228124 1228138 1228149 1228206 1228208 1228255 1228256 1228257 1228258 1228265 1228322 1228322 1228420 1228535 1228548 1228732 1228770 1228787 1228968 1229013 1229329 1229465 1229975 1230093 222971 916845 CVE-2013-4235 CVE-2013-4235 CVE-2019-20633 CVE-2022-4065 CVE-2023-29483 CVE-2023-52425 CVE-2023-5388 CVE-2024-0397 CVE-2024-0450 CVE-2024-0760 CVE-2024-1737 CVE-2024-1975 CVE-2024-21131 CVE-2024-21131 CVE-2024-21138 CVE-2024-21138 CVE-2024-21140 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21145 CVE-2024-21147 CVE-2024-21147 CVE-2024-24577 CVE-2024-34750 CVE-2024-36387 CVE-2024-37891 CVE-2024-38473 CVE-2024-38474 CVE-2024-38475 CVE-2024-38476 CVE-2024-38477 CVE-2024-39573 CVE-2024-39884 CVE-2024-4032 CVE-2024-4076 CVE-2024-4317 CVE-2024-5535 CVE-2024-5535 CVE-2024-6119 CVE-2024-6197 CVE-2024-6345 CVE-2024-7264 CVE-2024-7348 CVE-2024-8096 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2405-1 Released: Thu Jul 11 10:21:19 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227270,1227271,CVE-2024-38477,CVE-2024-39573 This update for apache2 fixes the following issues: - CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270) - CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2485-1 Released: Mon Jul 15 14:37:17 2024 Summary: Security update for tomcat Type: security Severity: important References: 1227399,CVE-2024-34750 This update for tomcat fixes the following issues: Updated to version 9.0.91: - CVE-2024-34750: Fixed an improper handling of exceptional conditions (bsc#1227399). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2519-1 Released: Tue Jul 16 13:46:38 2024 Summary: Recommended update for salt Type: recommended Severity: moderate References: 1216063 This update for salt fixes the following issues: - Speed up salt.matcher.confirm_top by using __context__ - Do not call the async wrapper calls with the separate thread - Prevent OOM with high amount of batch async calls (bsc#1216063) - Add missing contextvars dependency in salt.version - Skip tests for unsupported algorithm on old OpenSSL version - Remove redundant `_file_find` call to the master - Prevent possible exception in tornado.concurrent.Future._set_done - Make reactor engine less blocking the EventPublisher - Make salt-master self recoverable on killing EventPublisher - Improve broken events catching and reporting - Make logging calls lighter - Remove unused import causing delays on starting salt-master - Mark python3-CherryPy as recommended package for the testsuite ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2568-1 Released: Mon Jul 22 05:19:24 2024 Summary: Security update for mockito, snakeyaml, testng Type: security Severity: important References: 1205628,CVE-2022-4065 This update for mockito, snakeyaml, testng fixes the following issues: mockito was updated to version 5.11.0: - Added bundle manifest to the mockito-core artifact - Mockito 5 is making core changes to ensure compatibility with future JDK versions. - Switch the Default MockMaker to mockito-inline (not applicable to mockito-android) * Mockito 2.7.6 introduced the mockito-inline mockmaker based on the 'inline bytecode' principle, offering compatibility advantages over the subclass mockmaker * This change avoids JDK restrictions, such as violating module boundaries and leaking subclass creation - Legitimate use cases for the subclass mockmaker: * Scenarios where the inline mockmaker does not function, such as on Graal VM's native image * If avoiding mocking final classes, the subclass mockmaker remains a viable option, although issues may arise on JDK 17+ * Mockito aims to support both mockmakers, allowing users to choose based on their requirements. - Update the Minimum Supported Java Version to 11 * Mockito 5 raised the minimum supported Java version to 11 * Community member @reta contributed to this change. * Users still on JDK 8 can continue using Mockito 4, with minimal API differences between versions - New type() Method on ArgumentMatcher * The ArgumentMatcher interface now includes a new type() method to support varargs methods, addressing previous limitations * Users can now differentiate between matching calls with any exact number of arguments or match any number of arguments * Mockito 5 provides a default implementation of the new method, ensuring backward compatibility. * No obligation for users to implement the new method; Mockito 5 considers Void.type by default for varargs handling * ArgumentCaptor is now fully type-aware, enabling capturing specific subclasses on a generic method. - byte-buddy does not bundle asm, but uses objectweb-asm as external library snake-yaml was updated to version 2.2: - Changes of version 2.2: * Define default scalar style as PLAIN (for polyglot Maven) * Add missing 'exports org.yaml.snakeyaml.inspector' to module-info.java - Changes of version 2.1: * Heavy Allocation in Emitter.analyzeScalar(String) due to Regex Overhead * Use identity in toString() for sequences to avoid OutOfMemoryError * NumberFormatException from SnakeYAML due to int overflow for corrupt YAML version * Document size limit should be applied to single document notthe whole input stream * Detect invalid Unicode code point (thanks to Tatu Saloranta) * Remove Trusted*Inspector classes from main sources tree - Changes of version 2.0: * Rollback to Java 7 target * Add module-info.java * Migrate to Java 8 * Remove many deprecated constructors * Remove long deprecated methods in FlowStyle * Do not allow global tags by default * Yaml.LoadAs() signature to support Class type instead of Class * CustomClassLoaderConstructor takes LoaderOptions * Check input parameters for non-null values testng was updated to version 7.10.1: - Security issues fixed: * CVE-2022-4065: Fixed Zip Slip Vulnerability (bsc#1205628) - Changes of version 7.10.1: * Fixed maven build with junit5 - Changes of version 7.10.0: * Minor discrepancy fixes * Deleting TestNG eclipse plugin specific classes * Remove deprecated JUnit related support in TestNG * Handle exceptions in emailable Reporter * Added wrapperbot and update workflow order * Support ITestNGFactory customisation * Streamlined data provider listener invocation * Streamlined Guice Module creation in concurrency. * Copy test result attributes when unexpected failures * chore: use explicit dependency versions instead of refreshVersions * Removed Ant * Support ordering of listeners * Added errorprone * Allow custom thread pool executors to be wired in. * Allow data providers to be non cacheable * Use Locks instead of synchronised keyword * Document pgp artifact signing keys * Added Unique Id for all test class instances * Added issue management workflows * Map object to configurations * Allow listeners to be disabled at runtime * Streamlined Data Provider execution * Honour inheritance when parsing listener factories * Tweaks around accessing SuiteResult * Streamlined random generation * Streamlined dependencies for configurations - Changes of version 7.9.0: * Fixed maps containing nulls can be incorrectly considered equal * Test Results as artifacts for failed runs * Fixed data races * Dont honour params specified in suite-file tag * Decouple SuiteRunner and TestRunner * Disable Native DI for BeforeSuite methods * Streamlined running Parallel Dataproviders+retries * Removed extra whitespace in log for Configuration.createMethods() * Added the link for TestNG Documentation's GitHub Repo in README.md * FirstTimeOnlyConfig methods + Listener invocations * Added overrideGroupsFromCliInParentChildXml test * Ensure thread safety for attribute access * Added @inherited to the Listeners annotation * Restrict Group inheritance to Before|AfterGroups * Ensure ITestResult injected to @AfterMethod is apt * Support suite level thread pools for data provider * Favour CompletableFuture instead of PoolService * Favour FutureTask for concurrency support * Shared Threadpool for normal/datadriven tests. * Abort for invalid combinations - Changes of version 7.8.0: * [Feature] Not exception but warning if some (not all) of the given test names are not found in suite files. * [Feature] Generate testng-results.xml per test suite * [Feature] Allow test classes to define 'configfailurepolicy' at a per class level * XmlTest index is not set for test suites invoked with YAML * Listener's onAfterClass is called before @afterclass configuration methods are executed. * After upgrading to TestNG 7.5.0, setting ITestResult.status to FAILURE doesn't fail the test anymore * JUnitReportReporter should capture the test case output at the test case level * TestNG.xml doesn't honour Parallel value of a clone * before configuration and before invocation should be 'SKIP' when beforeMethod is 'skip' * Test listeners specified in parent testng.xml file are not included in testng-failed.xml file * Discrepancies with DataProvider and Retry of failed tests * Skipped Tests with DataProvider appear as failed * testng-results xml reports config skips from base classes as ignored * Feature: Check that specific object present in List * Upgraded snakeyaml to 2.0 - Changes of version 7.7.1: * Streamline overloaded assertion methods for Groovy - Changes of version 7.7.0: * Replace FindBugs by SpotBugs * Gradle: Drop forUseAtConfigurationTime() * Added ability to provide custom message to assertThrows\expectThrows methods * Only resolve hostname once * Prevent overlogging of debug msgs in Graph impl * Streamlined dataprovider invoking in abstract classes * Streamlined TestResult due to expectedExceptions * Unexpected test runs count with retry analyzer * Make PackageUtils compliant with JPMS * Ability to retry a data provider during failures * Fixing bug with DataProvider retry * Added config key for callback discrepancy behavior * Fixed FileAlreadyExistsException error on copy * JarFileUtils.delete(File f) throw actual exception (instead of FileNotFound) when file cannot be deleted #2825 * Changing assertion message of the osgitest * Enhancing the Matrix * Avoid Compilation errors on Semeru JDK flavour. * Add addition yml extension * Support getting dependencies info for a test * Honour regex in dependsOnMethods * Ensure All tests run all the time * Deprecate support for running Spock Tests * Streamline dependsOnMethods for configurations * Ensure ITestContext available for JUnit4 tests * Deprecate support for running JUnit tests * Changes of 7.6.1 * Fix Files.copy() such that parent dirs are created * Remove deprecated utility methods - Changes of version 7.6.0: * Remove redundant Parameter implementation * Upgraded to JDK11 * Move SimpleBaseTest to be Kotlin based * Restore testnames when using suites in suite. * Moving ClassHelperTests into Kotlin * IHookable and IConfigurable callback discrepancy * Minor refactoring * Add additional condition for assertEqualsNoOrder * beforeConfiguration() listener method should be invoked for skipped configurations as well * Keep the initial order of listeners * SuiteRunner could not be initial by default Configuration * Enable Dataprovider failures to be considered. * BeforeGroups should run before any matched test * Fixed possible StringIndexOutOfBoundsException exception in XmlReporter * DataProvider: possibility to unload dataprovider class, when done with it * Fixed possibilty that AfterGroups method is invoked before all tests * Fixed equals implementation for WrappedTestNGMethod * Wire-In listeners consistently * Streamline AfterClass invocation * Show FQMN for tests in console * Honour custom attribute values in TestNG default reports ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2581-1 Released: Mon Jul 22 12:48:13 2024 Summary: Recommended update for sssd Type: recommended Severity: moderate References: 1226157 This update for sssd fixes the following issue: - Revert the change dropping the default configuration file. If /usr/etc exists will be installed there, otherwise in /etc (bsc#1226157) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2587-1 Released: Mon Jul 22 13:44:54 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1227456 This update for openssh fixes the following issues: - Remove empty line at the end of sshd-sle.pamd (bsc#1227456) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2597-1 Released: Tue Jul 23 09:03:59 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227268,1227269,1227272,CVE-2024-36387,CVE-2024-38475,CVE-2024-38476 This update for apache2 fixes the following issues: - CVE-2024-36387: Fixed DoS by null pointer in websocket over HTTP/2 (bsc#1227272) - CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268) - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2610-1 Released: Sat Jul 27 16:42:39 2024 Summary: Security update for libgit2 Type: security Severity: important References: 1219660,CVE-2024-24577 This update for libgit2 fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2628-1 Released: Tue Jul 30 09:09:07 2024 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1227298,1228046,1228047,1228048,1228051,1228052,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21145,CVE-2024-21147 This update for java-17-openjdk fixes the following issues: Updated to version 17.0.12+7 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2629-1 Released: Tue Jul 30 09:11:33 2024 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1227298,1228046,1228047,1228048,1228050,1228051,1228052,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21144,CVE-2024-21145,CVE-2024-21147 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.24+8 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). - CVE-2024-21144: Fixed an excessive loading time in Pack200 due to improper header validation (bsc#1228050). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2636-1 Released: Tue Jul 30 09:14:22 2024 Summary: Security update for bind Type: security Severity: important References: 1228255,1228256,1228257,1228258,CVE-2024-0760,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076 This update for bind fixes the following issues: Update to release 9.18.28 Security fixes: - CVE-2024-0760: Fixed a flood of DNS messages over TCP may make the server unstable (bsc#1228255) - CVE-2024-1737: Fixed BIND's database will be slow if a very large number of RRs exist at the same name (bsc#1228256) - CVE-2024-1975: Fixed SIG(0) can be used to exhaust CPU resources (bsc#1228257) - CVE-2024-4076: Fixed assertion failure when serving both stale cache data and authoritative zone content (bsc#1228258) Changelog: * Command-line options for IPv4-only (named -4) and IPv6-only (named -6) modes are now respected for zone primaries, also-notify, and parental-agents. * An RPZ response???s SOA record TTL was set to 1 instead of the SOA TTL, if add-soa was used. This has been fixed. * When a query related to zone maintenance (NOTIFY, SOA) timed out close to a view shutdown (triggered e.g. by rndc reload), named could crash with an assertion failure. This has been fixed. * The statistics channel counters that indicated the number of currently connected TCP IPv4/IPv6 clients were not properly adjusted in certain failure scenarios. This has been fixed. * Some servers that could not be reached due to EHOSTDOWN or ENETDOWN conditions were incorrectly prioritized during server selection. These are now properly handled as unreachable. * On some systems the libuv call may return an error code when sending a TCP reset for a connection, which triggers an assertion failure in named. This error condition is now dealt with in a more graceful manner, by logging the incident and shutting down the connection. * Changes to listen-on statements were ignored on reconfiguration unless the port or interface address was changed, making it impossible to change a related listener transport type. That issue has been fixed. * A bug in the keymgr code unintentionally slowed down some DNSSEC key rollovers. This has been fixed. * Some ISO 8601 durations were accepted erroneously, leading to shorter durations than expected. This has been fixed * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * A new option signatures-jitter has been added to dnssec-policy to allow signature expirations to be spread out over a period of time. * The statistics channel now includes counters that indicate the number of currently connected TCP IPv4/IPv6 clients. * Added RESOLVER.ARPA to the built in empty zones. Feature Changes: * DNSSEC signatures that are not valid because the current time falls outside the signature inception and expiration dates are skipped instead of causing an immediate validation failure. Security Fixes: * A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients. This has been fixed. (CVE-2024-0760) * It is possible to craft excessively large resource records sets, which have the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-records-per-type option. * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975) * Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure. This has been fixed. * Potential data races were found in our DoH implementation, related to HTTP/2 session object management and endpoints set object management after reconfiguration. These issues have been fixed. * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2655-1 Released: Tue Jul 30 15:34:16 2024 Summary: Security update for python-dnspython Type: security Severity: moderate References: 1222693,CVE-2023-29483 This update for python-dnspython fixes the following issues: - CVE-2023-29483: Fixed an issue that allowed remote attackers to interfere with DNS name resolution (bsc#1222693). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2667-1 Released: Tue Jul 30 16:14:01 2024 Summary: Recommended update for libxkbcommon Type: recommended Severity: moderate References: 1218640,1228322 This update of libxkbcommon fixes the following issue: - ship libxkbregistry0-32bit and libxbkregistry-devel-32bit for use by Wine. (bsc#1218640 bsc#1228322) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2677-1 Released: Wed Jul 31 06:58:52 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 07:00:59 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2691-1 Released: Thu Aug 1 12:12:47 2024 Summary: Recommended update for fence-agents Type: recommended Severity: moderate References: 1224797 This update for fence-agents fixes the following issues: - Fix Azure native fencing does not start due to Python version. (bsc#1224797) (jsc#PED-8887) - The updated fence-agents does not include anymore the Azure fence-agents. - If you are on Azure, you need to install in addition the package fence-agents-azure-arm. This package (fence-agents-azure-arm) is only installable with Public Cloud Module enabled which provides the required Python3.11 dependencies. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2747-1 Released: Mon Aug 5 18:14:40 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2780-1 Released: Tue Aug 6 14:36:01 2024 Summary: Security update for patch Type: security Severity: low References: 1167721,CVE-2019-20633 This update for patch fixes the following issues: - CVE-2019-20633: Fixed double-free/OOB read in pch.c (bsc#1167721) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2788-1 Released: Tue Aug 6 15:50:29 2024 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1227574 This update for sudo fixes the following issue: - Fix Wrong permissions on /usr/share/polkit-1/rules.d (bsc#1227574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2886-1 Released: Tue Aug 13 09:46:48 2024 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2918-1 Released: Thu Aug 15 06:59:39 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1223535,1226100,1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2932-1 Released: Thu Aug 15 12:05:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2957-1 Released: Mon Aug 19 10:48:01 2024 Summary: Recommended update for ldb, samba Type: recommended Severity: moderate References: 1228732 This update for ldb, samba fixes the following issues: - Many qsort() comparisons are non-transitive, which can lead to out-of-bounds access in some circumstances. - Fix a crash when joining offline and 'kerberos method' includes keytab (bsc#1228732). - Fix reading the password from STDIN or environment vars if it was already given in the command line (bsc#1228732). - netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0. - Anonymous smb3 signing/encryption should be allowed (similar to Windows Server 2022). - Panic in dreplsrv_op_pull_source_apply_changes_trigger. - winbindd, net ads join and other things don't work on an ipv6 only host. - Smbcacls incorrectly propagates inheritance with Inherit-Only flag. - http library doesn't support 'chunked transfer encoding'. - fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close() - samba-gpupdate: Correctly implement site support. - libgpo: Segfault in python bindings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2971-1 Released: Tue Aug 20 08:13:06 2024 Summary: Recommended update for perl-DBD-Pg, perl-DBD-SQLite, perl-DBI, perl-YAML-LibYAML Type: recommended Severity: moderate References: This update for perl-DBD-Pg, perl-DBD-SQLite, perl-DBI, perl-YAML-LibYAML fixes the following issues: perl-DBI was updated from version 1.642 to 1.643: - Updated Devel::PPPort and removed redundant compatibility macros - Correct minor typo in documentation - Correct documentation introducing $dbh->selectall_array() - Introduced select and do wrappers earlier in the documentation - Mark as deprecated old API functions which overflow or are affected by Unicode issues - Add new attribute RaiseWarn, similar to RaiseError perl-DBD-SQLite was updated from version 1.66 to 1.74: - Fixed disabling of __perllib_provides - Upgraded SQLite to 3.42.0 - Added missing possible table_type values to POD - Set UTF8CACHE to avoid slowdown with -DDEBUGGING - Lowercase datatype in table column metadata for back-compatibility - Fixed test failure on perl built with -DDEBUGGING - Improve sqlite_load_extension documentation - Add a feature to unregister a created function - Fixed accented characters in POD - Link embedded sqlite devel files to system files - Use the system sqlite rather than the built-in one - Fixed documentation to use the correct attribute with sqlite_ - Modify the fix to silence the sqlite_unicode warning not to check the attribute twice - Fix an encoding issue of naive - Made DBD_SQLITE_STRING_MODE constants exportable - Stop setting THREADSAFE=0 if perl has pthread (ie. 5.20+) - Fixed a memory leak in ::VirtualTable - Introduced 'string_mode' handle attribute to fix long-standing issues of sqlite_unicode - Added a dependency from dbdimp.o to the *.inc files included into dbdimp.c - Fixed an offset issue of VirtualTable - Fixed quadmath issues - Added sqlite_txn_state method to see internal state of the backend - Switched to XSLoader - Use quadmath_snprintf if USE_QUADMATH is defined - Use av_fetch instead of av_shift perl-DBD-Pg was update from version 3.10.4 to 3.18.0: - Support new PQclosePrepared function, added in Postgres 17 - Improved documentation about ping always returning a value - New database handle attribute pg_skip_deallocate Prevents any deallocation of automatically prepared statements to support new pgBouncer feature - Fix to handle escaped quotes in connection string - Return number of affected rows from a MERGE command - Added support for Github CI actions - Removed undocumented internal-only pg_pid_number attribute - Small warning in docs about PG_CHAR - Added new attribute 'pg_int8_as_string', for backwards compatibility. - Added a META.json file; rename META.yml to META.yaml - Fix 03smethod.t $sth->last_insert_id skip count for DBI < 1.642 - Documentation improvements for service files - Automatically use 64-bit versions of large object functions when available - Set UTF8 flag as needed for error messages - In tests, do not assume what the default transaction isolation level will be - Make tests smarter about detecting pg_ctl results in different locales - Adjust tests for the fact that reltuples can be -1 in Postgres version 13 and later. This is mostly reflected in the CARDINALITY column for $dbh->statistics_info. - Correctly pull back pg_async status from statement handle. Previously, $dbh->{pg_async} would return undef. - Remove the experimental 'fulltest' Makefile target. - The $dbh->primary_key_info and $dbh->foreign_key_info methods will now always return a statement handle, even with no matches. Previously, they returned undef directly. Callers can check if the returned handle contains any rows. - The $dbh->tables method will always return a list, even if it is empty. - Add pg_lo_tell64, pg_lo_seek64, and pg_lo_truncate64, for anyone dealing with really, really, really large 'large objects'. Requires Postgres 9.3 or better. - Allow test to run again when using a non-superuser to connect - Adjust tests to force loading proper version of DBD::Pg every time. - Removed the long-deprecated _pg_use_catalog method. - Many improvements and changes to the test suite. - Redo the 'last_result' internals in dbdimp.c, which fixes a memory leak. - Fixed regression in Perl length() for returned query results - Make $sth->finish() do a little less. Notably, even after calling finish(), pg_error_field will still work on the last action performed. - Tweak tests so Windows boxes pass - Run tests in verbose mode - Prevent DBI from flipping AutoCommit to 'on' after a failed commit - Revert overly aggressive testing shortcut as it can cause installs to fail - Return the table info row last in statistics_info. This fixes statistics_info on pre-8.3 servers. - Fixed ASC_OR_DESC field in statistics_info - Indicate NULL ordering in statistics_info - Adjust Makefile to fix failing 'fulltest' target on BSD systems - Indicate non-key index columns (INCLUDE) in statistics_info - Return an empty result set instead of undef from statistics_info when the requested table doesn't exist and $unique_only is false. - Fixed segfault during st destroy - Improved testing for table_info() - Improved UTF-8 wording in documentaion perl-YAML-LibYAML was updated to version 0.89: - Breaking Change: Set $YAML::XS::LoadBlessed default to false to make it more secure - Fixed disabling of __perllib_provides - Recognise core booleans on Perl 5.36+ at dump time - Fixed YAML::XS pod in cpanminus - Convert doc from Swim to Markdown - Added option ForbidDuplicateKeys - Recognize tied variables - Updated libyaml sources to 0.2.4. Changes affecting YAML::XS are - Output '...' at the stream end after a block scalar with trailing empty lines - Accept '%YAML 1.2' directives (they are ignored and do not change behaviour though) - Fix memory leak when loading invalid YAML - Support aliasing scalars resolved as null or booleans - Add YAML::XS::LibYAML::libyaml_version() - Support standard !!int/!!float tags instead of dying - Fixed double free/core dump when Dump()ing binary data - Update config.h from libyaml - Update libyaml to version 0.2.2. Most important change for users is that plain urls in flow style can be parsed now. Example: `[ http://yaml.org]`. - Added $Indent - number of spaces when dumping - Implemented $LoadCode - Update to libyaml 0.2.1. It's forbidden now to escape single quotes inside double quotes - When disabling $LoadBlessed, return scalars not refs - Save anchors also for blessed scalars - Fixed format specifier/argument mismatch - Fixed a C90-compatibility issue - Prevent warning about unused variables ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3121-1 Released: Tue Sep 3 17:15:32 2024 Summary: Recommended update for yast2-users Type: recommended Severity: moderate References: 1206627,1208913,1209377,1211583,1211753,1228149 This update for yast2-users fixes the following issues: - Relax check in GECOS field, allow any data except colons (bsc#1228149). - Backport changes to avoid namespace collisions. - Branch package for SP6 (bsc#1208913). - YaST can no longer modify NIS users and groups (bnc#1206627). - YaST2: Adding several users via yast fails sometimes (bnc#1209377). - Importing user during installation can lead to password malformation (bnc#1211583). - YaST2 ayast_setup setup broken on SLES15-SP4 (bnc#1211753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3124-1 Released: Tue Sep 3 17:38:34 2024 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1229975 This update for cryptsetup fixes the following issues: - FIPS: Extend the password for PBKDF2 benchmarking to be more than 20 chars to meet FIPS 140-3 requirements (bsc#1229975) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3129-1 Released: Tue Sep 3 17:40:36 2024 Summary: Recommended update for unzip Type: recommended Severity: moderate References: 1190273 This update for unzip fixes the following issues: - Add patch to fix issue with some files being incorrectly detected as symlinks (boo#1190273) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3131-1 Released: Tue Sep 3 17:42:24 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1224113 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3135-1 Released: Wed Sep 4 08:36:23 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: This update for rsyslog fixes the following issues: - Version upgrade - patches replaced by upgrade (details in upgrade logs) * Revert 'Update omlibdbi.c' * imkmsg: add params 'readMode' and 'expectedBootCompleteSeconds' * testbench: fix 'typo' in test case * omazureeventhubs: Corrected handling of transport closed failures * imkmsg: add module param parseKernelTimestamp * imfile: remove state file on file delete fix * imklog bugfix: keepKernelTimestamp=off config param did not work * Netstreamdriver: deallocate certificate related resources * TLS subsystem: add remote hostname to error reporting * Fix forking issue do to close_range call * replace debian sample systemd service file by readme * testbench: bump zookeeper version to match current offering * Update rsyslog.service sample unit to the latest version used in Debian Trixie * Only keep a single rsyslog.service for Debian * Remove no longer used --with-systemdsystemunitdir configure switch * use logind instead of utmp for wall messages with systemd * Typo fixes * Drop CAP_IPC_LOCK capability * Add CAP_NET_RAW capability due to the omudpspoof module * Add new global config option 'libcapng.enable' * tcp net subsystem: handle data race gracefully * Avoid crash on restart in imrelp SIGTTIN handler - patches replaced by upgrade * fix startup issue on modern systemd systems * Fix misspeling in message. * tcpflood bugfix: plain tcp send error not properly reported * omprog bugfix: Add CAP_DAC_OVERRIDE to the bounding set * testbench: cleanup and improve some more imfile tests * lookup tables: fix static analyzer issue * lookup tables bugfix: reload on HUP did not work when backgrounded * CI: fix and cleaup github workflow * imjournal: Support input module * testbench: make test more reliable * tcpflood: add -A option to NOT abort when sending fails * tcpflood: fix today's programming error * openssl: Replaced depreceated method SSLv23_method with TLS_method * testbench improvement: define state file directories for imfile tests * testbench: cleanup a test and some nitfixes to it * tcpflood bugfix: TCP sending was not implemented properly * testbench: make waiting for HUP processing more reliable * build system: make rsyslogd execute when --disable-inet is configured * CI: update zookeper download to newer version * ossl driver: Using newer INIT API for OpenSSL 1.1+ Versions * ossl: Fix CRL File Expire from 1 day to 100 years. * PR5175: Add TLS CRL Support for GnuTLS driver and OpenSSL 1.0.2+ * omazureeventhubs: Initial implementation of new output module * TLS CRL Support Issue 5081 * action.resumeintervalmax: the parameter was not respected * IMHIREDIS::FIXED:: Restore compatiblity with hiredis < v1.0.0 * Add the 'batchsize' parameter to imhiredis * Clear undefined behavior in libgcry.c (GH #5167) * Do not try to drop capabilities when we don't have any * testbench: use newer zookeeper version in tests * build system: more precise error message on too-old lib * Fix quoting for omprog, improg, mmexternal ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3159-1 Released: Fri Sep 6 12:15:52 2024 Summary: Security update for postgresql16 Type: security Severity: important References: 1224038,1224051,1229013,CVE-2024-4317,CVE-2024-7348 This update for postgresql16 fixes the following issues: - Upgrade to 16.4 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) - CVE-2024-4317: Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner. See the release notes for the steps that have to be taken to fix existing PostgreSQL instances. (bsc#1224038) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3172-1 Released: Mon Sep 9 12:55:40 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227276,1227278,1227353,CVE-2024-38473,CVE-2024-38474,CVE-2024-39884 This update for apache2 fixes the following issues: - CVE-2024-38474: Fixed substitution encoding issue in mod_rewrite (bsc#1227278) - CVE-2024-38473: Fixed encoding problem in mod_proxy (bsc#1227276) - CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3180-1 Released: Mon Sep 9 14:50:18 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1215341,1216908 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in 'objdump -M insndesc' to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3199-1 Released: Wed Sep 11 08:46:57 2024 Summary: Recommended update for yast2-installation Type: recommended Severity: moderate References: 1181625 This update for yast2-installation fixes the following issue: - Don't block in AutoYaST upgrade (bsc#1181625). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libassuan0-2.5.5-150000.4.7.1 updated - libmount1-2.39.3-150600.4.9.4 updated - libudev1-254.15-150600.4.8.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - libcurl4-8.6.0-150600.4.6.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240826-150600.10.9.1 updated - libgpgme11-1.23.0-150600.3.2.1 updated - libsolv-tools-base-0.7.30-150400.3.27.2 updated - pam-1.3.0-150000.6.71.2 updated - libzypp-17.35.8-150600.3.19.1 updated - shadow-4.8.1-150600.17.6.1 updated - zypper-1.14.76-150600.10.6.13 updated - util-linux-2.39.3-150600.4.9.4 updated - curl-8.6.0-150600.4.6.1 updated - concurrent-1.3.4-277.150600.277.5 updated - openssl-3-3.1.4-150600.5.15.1 updated - ca-certificates-mozilla-2.68-150200.33.1 updated - libsystemd0-254.15-150600.4.8.1 updated - systemd-254.15-150600.4.8.1 updated - dmidecode-3.6-150400.16.11.2 updated - glibc-locale-base-2.38-150600.14.8.2 updated - jose4j-0.9.5-150600.1.3 updated - libctf-nobfd0-2.43-150100.7.49.1 updated - libfreebl3-3.101.2-150400.3.51.1 updated - libipa_hbac0-2.9.3-150600.3.9.2 updated - libopenssl1_1-1.1.1w-150600.5.6.1 updated - libpcsclite1-1.9.4-150400.3.2.1 updated - libpq5-16.4-150600.16.5.1 updated - libsolv-tools-0.7.30-150400.3.27.2 updated - libsss_idmap0-2.9.3-150600.3.9.2 updated - libsss_nss_idmap0-2.9.3-150600.3.9.2 updated - libyaml-0-2-0.1.7-150000.3.2.1 updated - openssh-common-9.6p1-150600.6.9.1 updated - patch-2.7.6-150000.5.6.1 updated - release-notes-susemanager-5.0.0-150600.19.2 updated - ruby-solv-0.7.30-150400.3.27.2 updated - simple-xml-2.6.2-0.150600.10.5 updated - sitemesh-2.1-0.150600.8.73 updated - snmp-mibs-5.9.4-150600.24.2.1 updated - stringtree-json-2.0.9-0.150600.12.5 updated - sudo-1.9.15p5-150600.3.6.2 updated - susemanager-schema-utility-5.0.10-150600.1.3 updated - unzip-6.00-150000.4.14.1 updated - util-linux-systemd-2.39.3-150600.4.9.4 updated - woodstox-4.4.2-150600.1.107 updated - suseconnect-ng-1.11.0-150600.3.5.3 updated - libyui16-4.5.3-150500.3.10.1 updated - libyui-ncurses16-4.5.3-150500.3.10.1 updated - glibc-locale-2.38-150600.14.8.2 updated - libxcb1-1.13-150000.3.11.1 updated - libctf0-2.43-150100.7.49.1 updated - binutils-2.43-150100.7.49.1 updated - libcryptsetup12-2.7.0-150600.3.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-3.6.15-150300.10.65.2 updated - python3-curses-3.6.15-150300.10.65.2 updated - postgresql16-16.4-150600.16.5.1 updated - libgit2-28-0.28.4-150200.3.9.1 updated - libsss_certmap0-2.9.3-150600.3.9.2 updated - bind-utils-9.18.28-150600.3.3.1 updated - glibc-devel-2.38-150600.14.8.2 updated - mozilla-nss-certs-3.101.2-150400.3.51.1 updated - openssh-fips-9.6p1-150600.6.9.1 updated - redstone-xmlrpc-1.1_20071120-0.150600.9.5 updated - spacewalk-java-lib-5.0.11-150600.1.10 updated - uyuni-reportdb-schema-5.0.6-150600.1.6 updated - libsuseconnect-1.11.0-150600.3.5.3 updated - libyui-ncurses-pkg16-4.5.3-150500.3.10.1 updated - perl-DBI-1.643-150600.12.3.2 updated - libsnmp40-5.9.4-150600.24.2.1 updated - apache2-prefork-2.4.58-150600.5.23.1 updated - openssh-server-9.6p1-150600.6.9.1 updated - openssh-clients-9.6p1-150600.6.9.1 updated - wicked-0.6.76-150600.11.9.1 updated - wicked-service-0.6.76-150600.11.9.1 updated - python3-zypp-plugin-0.6.4-150400.13.4.1 updated - python3-solv-0.7.30-150400.3.27.2 updated - python3-cssselect-1.0.3-150400.3.7.4 updated - python3-PyYAML-5.4.1-150300.3.3.1 updated - postgresql16-server-16.4-150600.16.5.1 updated - libldb2-2.8.1-150600.3.3.4 updated - supportutils-3.2.8-150600.3.3.1 updated - mozilla-nss-3.101.2-150400.3.51.1 updated - libsoftokn3-3.101.2-150400.3.51.1 updated - susemanager-schema-5.0.10-150600.1.3 updated - udev-254.15-150600.4.8.1 updated - suseconnect-ruby-bindings-1.11.0-150600.3.5.3 updated - yast2-pkg-bindings-4.6.5-150600.3.6.1 updated - perl-DBD-Pg-3.18.0-150600.14.3.2 updated - perl-SNMP-5.9.4-150600.24.2.1 updated - net-snmp-5.9.4-150600.24.2.1 updated - apache2-2.4.58-150600.5.23.1 updated - openssh-9.6p1-150600.6.9.1 updated - grub2-2.12-150600.8.3.1 updated - grub2-i386-pc-2.12-150600.8.3.1 updated - rsyslog-8.2406.0-150600.12.3.2 updated - python3-dnspython-1.15.0-150000.3.7.1 updated - python3-lxml-4.9.1-150500.3.4.3 updated - postgresql16-contrib-16.4-150600.16.5.1 updated - sssd-ldap-2.9.3-150600.3.9.2 updated - sssd-2.9.3-150600.3.9.2 updated - sssd-krb5-common-2.9.3-150600.3.9.2 updated - samba-client-libs-4.19.7+git.357.1d7950ebd62-150600.3.3.2 updated - java-17-openjdk-headless-17.0.12.0-150400.3.45.1 updated - java-11-openjdk-headless-11.0.24.0-150000.3.116.1 updated - grub2-x86_64-efi-2.12-150600.8.3.1 updated - python3-setuptools-44.1.1-150400.9.9.1 updated - spacewalk-backend-sql-postgresql-5.0.8-150600.3.44.11 updated - sssd-krb5-2.9.3-150600.3.9.2 updated - sssd-dbus-2.9.3-150600.3.9.2 updated - python3-sssd-config-2.9.3-150600.3.9.2 updated - sssd-ad-2.9.3-150600.3.9.2 updated - tomcat-servlet-4_0-api-9.0.91-150200.68.1 updated - tomcat-el-3_0-api-9.0.91-150200.68.1 updated - java-17-openjdk-17.0.12.0-150400.3.45.1 updated - java-11-openjdk-11.0.24.0-150000.3.116.1 updated - spacewalk-base-minimal-5.0.9-150600.1.13 updated - sssd-tools-2.9.3-150600.3.9.2 updated - sssd-ipa-2.9.3-150600.3.9.2 updated - tomcat-jsp-2_3-api-9.0.91-150200.68.1 updated - xmlpull-api-1.1.3.1-150600.1.4 updated - tomcat-taglibs-standard-1_2_5-1.2.5-150600.1.104 updated - quartz-2.3.0-150600.1.107 updated - prometheus-jmx_exporter-0.3.1-150600.1.5 updated - prometheus-client-java-0.3.0-150600.1.103 updated - picocontainer-1.3.7-150600.1.5 updated - mvel2-2.2.6.Final-150600.1.105 updated - lucene-2.4.1-150600.1.107 updated - kie-soup-7.17.0.Final-150600.1.98 updated - kie-api-7.17.0-150600.1.97 updated - jpa-api-2.2.2-150600.1.10 updated - java-saml-2.4.0-150600.1.4 updated - ical4j-3.0.18-150600.1.92 updated - hibernate-commons-annotations-5.0.4-150600.1.106 updated - ehcache-2.10.1-150600.1.108 updated - dwr-3.0.2-0.150600.10.5 updated - drools-7.17.0-150600.1.94 updated - spacewalk-base-minimal-config-5.0.9-150600.1.13 updated - tomcat-lib-9.0.91-150200.68.1 updated - reflections-0.9.10-150600.1.4 updated - pgjdbc-ng-0.8.7-150600.1.102 updated - prometheus-jmx_exporter-tomcat-0.3.1-150600.1.5 updated - byte-buddy-dep-1.11.12-150600.1.11 updated - optaplanner-7.17.0-150600.1.95 updated - snakeyaml-2.2-150200.3.15.1 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - hibernate-types-2.16.2-150600.1.6 updated - simple-core-3.1.3-0.150600.8.5 updated - byte-buddy-1.11.12-150600.1.11 updated - xmlsec-2.0.7-150600.1.99 updated - statistics-1.0.2-150600.1.102 updated - spark-core-2.9.3-150600.1.139 updated - spacewalk-backend-5.0.8-150600.3.44.11 updated - python3-spacewalk-client-tools-5.0.6-150600.3.90.10 updated - spacewalk-client-tools-5.0.6-150600.3.90.10 updated - spacewalk-base-5.0.9-150600.1.13 updated - spacewalk-search-5.0.2-150600.1.4 updated - jade4j-1.2.7-150600.2.3 updated - subscription-matcher-0.38-150600.1.2 updated - jakarta-commons-validator-1.1.4-21.150600.19.118 updated - salt-netapi-client-0.21.0-150600.1.5 updated - python3-salt-3006.0-150500.4.38.2 updated - salt-3006.0-150500.4.38.2 updated - fence-agents-4.13.1+git.1704296072.32469f29-150600.3.9.1 updated - spacewalk-backend-sql-5.0.8-150600.3.44.11 updated - hibernate5-core-5.3.25-150600.1.90 updated - spark-template-jade-2.7.1-150600.1.5 updated - tomcat-9.0.91-150200.68.1 updated - struts-1.2.9-162.150600.33.6 updated - yast2-users-4.6.6-150600.3.3.5 updated - salt-master-3006.0-150500.4.38.2 updated - cobbler-3.3.3-150600.3.7 updated - spacewalk-backend-server-5.0.8-150600.3.44.11 updated - hibernate5-ehcache-5.3.25-150600.1.90 updated - hibernate5-c3p0-5.3.25-150600.1.90 updated - spacewalk-java-postgresql-5.0.11-150600.1.10 updated - spacewalk-branding-5.0.2-150600.1.3 updated - yast2-installation-4.6.13-150600.3.3.3 updated - spacewalk-java-config-5.0.11-150600.1.10 updated - salt-api-3006.0-150500.4.38.2 updated - spacewalk-backend-xmlrpc-5.0.8-150600.3.44.11 updated - spacewalk-backend-xml-export-libs-5.0.8-150600.3.44.11 updated - spacewalk-backend-package-push-server-5.0.8-150600.3.44.11 updated - spacewalk-backend-iss-5.0.8-150600.3.44.11 updated - spacewalk-backend-app-5.0.8-150600.3.44.11 updated - spacewalk-html-5.0.9-150600.1.13 updated - spacewalk-taskomatic-5.0.11-150600.1.10 updated - spacewalk-java-5.0.11-150600.1.10 updated - spacewalk-backend-iss-export-5.0.8-150600.3.44.11 updated - spacewalk-backend-tools-5.0.8-150600.3.44.11 updated - container:suse-manager-5.0-init-5.0.1-5.0.1-7.3.17 added - container:suse-manager-5.0-init-5.0.0-5.0.0-5.19 removed - libabsl2401_0_0-20240116.1-150600.17.7 removed - libprotobuf-lite25_1_0-25.1-150600.16.4.2 removed From sle-container-updates at lists.suse.com Tue Sep 24 07:14:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 09:14:32 +0200 (CEST) Subject: SUSE-CU-2024:4479-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240924071432.1BB54F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4479-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.37 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.37 Severity : important Type : security References : 1012628 1193454 1194869 1205462 1208783 1213123 1214285 1215199 1220066 1220252 1220877 1221326 1221630 1221645 1221652 1221857 1222254 1222335 1222350 1222364 1222372 1222387 1222433 1222434 1222463 1222625 1222633 1222634 1222808 1222967 1222973 1223053 1223074 1223191 1223395 1223635 1223720 1223731 1223742 1223763 1223767 1223777 1223803 1224105 1224415 1224485 1224496 1224510 1224535 1224631 1224636 1224690 1224694 1224700 1224711 1225475 1225582 1225607 1225717 1225718 1225744 1225745 1225751 1225814 1225832 1225838 1225903 1225973 1225974 1226031 1226127 1226502 1226530 1226588 1226604 1226743 1226751 1226765 1226798 1226801 1226834 1226874 1226885 1226920 1227149 1227182 1227314 1227383 1227437 1227492 1227493 1227494 1227618 1227620 1227623 1227627 1227634 1227706 1227722 1227724 1227725 1227728 1227729 1227732 1227733 1227734 1227747 1227750 1227754 1227758 1227760 1227761 1227764 1227766 1227770 1227771 1227772 1227774 1227781 1227784 1227785 1227787 1227790 1227791 1227792 1227796 1227798 1227799 1227802 1227808 1227810 1227811 1227812 1227815 1227816 1227818 1227820 1227823 1227824 1227826 1227828 1227829 1227830 1227832 1227833 1227834 1227839 1227840 1227846 1227849 1227851 1227853 1227863 1227864 1227865 1227867 1227869 1227870 1227883 1227884 1227891 1227893 1227929 1227950 1227957 1227981 1228020 1228021 1228114 1228192 1228195 1228202 1228235 1228236 1228237 1228247 1228321 1228409 1228410 1228426 1228427 1228429 1228446 1228447 1228449 1228450 1228452 1228456 1228457 1228458 1228459 1228460 1228462 1228463 1228466 1228467 1228468 1228469 1228470 1228472 1228479 1228480 1228481 1228482 1228483 1228484 1228485 1228486 1228487 1228489 1228491 1228492 1228493 1228494 1228495 1228496 1228499 1228500 1228501 1228502 1228503 1228505 1228508 1228509 1228510 1228511 1228513 1228515 1228516 1228518 1228520 1228525 1228527 1228530 1228531 1228539 1228561 1228563 1228564 1228565 1228567 1228568 1228572 1228576 1228579 1228580 1228581 1228582 1228584 1228586 1228588 1228590 1228591 1228599 1228615 1228616 1228617 1228625 1228626 1228633 1228635 1228636 1228640 1228643 1228644 1228646 1228649 1228650 1228654 1228655 1228656 1228658 1228660 1228662 1228665 1228666 1228667 1228672 1228673 1228674 1228677 1228680 1228687 1228705 1228706 1228707 1228708 1228709 1228710 1228718 1228720 1228721 1228722 1228723 1228724 1228726 1228727 1228733 1228737 1228743 1228748 1228754 1228756 1228757 1228758 1228764 1228766 1228779 1228801 1228849 1228850 1228857 1228959 1228964 1228966 1228967 1228973 1228977 1228978 1228979 1228986 1228988 1228989 1228991 1228992 1229005 1229024 1229042 1229045 1229046 1229054 1229056 1229086 1229134 1229136 1229154 1229156 1229160 1229167 1229168 1229169 1229170 1229171 1229172 1229173 1229174 1229239 1229240 1229241 1229243 1229244 1229245 1229246 1229247 1229248 1229249 1229250 1229251 1229252 1229253 1229254 1229255 1229256 1229287 1229290 1229291 1229292 1229294 1229296 1229297 1229298 1229299 1229301 1229303 1229304 1229305 1229307 1229309 1229312 1229313 1229314 1229315 1229316 1229317 1229318 1229319 1229320 1229327 1229341 1229342 1229344 1229345 1229346 1229347 1229349 1229350 1229351 1229353 1229354 1229355 1229356 1229357 1229358 1229359 1229360 1229365 1229366 1229369 1229370 1229373 1229374 1229379 1229381 1229382 1229383 1229386 1229388 1229390 1229391 1229392 1229395 1229398 1229399 1229400 1229402 1229403 1229404 1229407 1229409 1229410 1229411 1229413 1229414 1229417 1229444 1229451 1229452 1229455 1229456 1229480 1229481 1229482 1229484 1229485 1229486 1229487 1229488 1229489 1229490 1229493 1229495 1229496 1229497 1229500 1229503 1229707 1229739 1229743 1229746 1229747 1229752 1229754 1229755 1229756 1229759 1229761 1229767 1229781 1229784 1229785 1229787 1229788 1229789 1229792 1229820 1229827 1229830 1229837 1229940 1230056 1230350 1230413 CVE-2023-52489 CVE-2023-52581 CVE-2023-52668 CVE-2023-52688 CVE-2023-52735 CVE-2023-52859 CVE-2023-52885 CVE-2023-52886 CVE-2023-52887 CVE-2023-52889 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 CVE-2024-26590 CVE-2024-26631 CVE-2024-26637 CVE-2024-26668 CVE-2024-26669 CVE-2024-26677 CVE-2024-26682 CVE-2024-26683 CVE-2024-26691 CVE-2024-26735 CVE-2024-26808 CVE-2024-26809 CVE-2024-26812 CVE-2024-26835 CVE-2024-26837 CVE-2024-26849 CVE-2024-26851 CVE-2024-26889 CVE-2024-26920 CVE-2024-26944 CVE-2024-26976 CVE-2024-27010 CVE-2024-27011 CVE-2024-27024 CVE-2024-27049 CVE-2024-27050 CVE-2024-27079 CVE-2024-27403 CVE-2024-27433 CVE-2024-27437 CVE-2024-31076 CVE-2024-35854 CVE-2024-35855 CVE-2024-35897 CVE-2024-35902 CVE-2024-35913 CVE-2024-35939 CVE-2024-35949 CVE-2024-36270 CVE-2024-36286 CVE-2024-36288 CVE-2024-36489 CVE-2024-36881 CVE-2024-36907 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36929 CVE-2024-36933 CVE-2024-36939 CVE-2024-36970 CVE-2024-36979 CVE-2024-38548 CVE-2024-38563 CVE-2024-38609 CVE-2024-38662 CVE-2024-39476 CVE-2024-39483 CVE-2024-39484 CVE-2024-39486 CVE-2024-39488 CVE-2024-39489 CVE-2024-39491 CVE-2024-39493 CVE-2024-39497 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39505 CVE-2024-39506 CVE-2024-39508 CVE-2024-39509 CVE-2024-39510 CVE-2024-40899 CVE-2024-40900 CVE-2024-40902 CVE-2024-40903 CVE-2024-40904 CVE-2024-40905 CVE-2024-40909 CVE-2024-40910 CVE-2024-40911 CVE-2024-40912 CVE-2024-40913 CVE-2024-40916 CVE-2024-40920 CVE-2024-40921 CVE-2024-40922 CVE-2024-40924 CVE-2024-40926 CVE-2024-40927 CVE-2024-40929 CVE-2024-40930 CVE-2024-40932 CVE-2024-40934 CVE-2024-40936 CVE-2024-40938 CVE-2024-40939 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40944 CVE-2024-40945 CVE-2024-40954 CVE-2024-40956 CVE-2024-40957 CVE-2024-40958 CVE-2024-40959 CVE-2024-40962 CVE-2024-40964 CVE-2024-40967 CVE-2024-40976 CVE-2024-40977 CVE-2024-40978 CVE-2024-40981 CVE-2024-40982 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40989 CVE-2024-40990 CVE-2024-40992 CVE-2024-40994 CVE-2024-40995 CVE-2024-40997 CVE-2024-41000 CVE-2024-41001 CVE-2024-41002 CVE-2024-41004 CVE-2024-41007 CVE-2024-41009 CVE-2024-41010 CVE-2024-41011 CVE-2024-41012 CVE-2024-41015 CVE-2024-41016 CVE-2024-41020 CVE-2024-41022 CVE-2024-41024 CVE-2024-41025 CVE-2024-41028 CVE-2024-41032 CVE-2024-41035 CVE-2024-41036 CVE-2024-41037 CVE-2024-41038 CVE-2024-41039 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41045 CVE-2024-41048 CVE-2024-41049 CVE-2024-41050 CVE-2024-41051 CVE-2024-41056 CVE-2024-41057 CVE-2024-41058 CVE-2024-41059 CVE-2024-41060 CVE-2024-41061 CVE-2024-41062 CVE-2024-41063 CVE-2024-41064 CVE-2024-41065 CVE-2024-41066 CVE-2024-41068 CVE-2024-41069 CVE-2024-41070 CVE-2024-41071 CVE-2024-41072 CVE-2024-41073 CVE-2024-41074 CVE-2024-41075 CVE-2024-41076 CVE-2024-41078 CVE-2024-41079 CVE-2024-41080 CVE-2024-41081 CVE-2024-41084 CVE-2024-41087 CVE-2024-41088 CVE-2024-41089 CVE-2024-41092 CVE-2024-41093 CVE-2024-41094 CVE-2024-41095 CVE-2024-41096 CVE-2024-41097 CVE-2024-41098 CVE-2024-42064 CVE-2024-42069 CVE-2024-42070 CVE-2024-42073 CVE-2024-42074 CVE-2024-42076 CVE-2024-42077 CVE-2024-42079 CVE-2024-42080 CVE-2024-42082 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087 CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42093 CVE-2024-42095 CVE-2024-42096 CVE-2024-42097 CVE-2024-42098 CVE-2024-42101 CVE-2024-42104 CVE-2024-42105 CVE-2024-42106 CVE-2024-42107 CVE-2024-42109 CVE-2024-42110 CVE-2024-42113 CVE-2024-42114 CVE-2024-42115 CVE-2024-42117 CVE-2024-42119 CVE-2024-42120 CVE-2024-42121 CVE-2024-42122 CVE-2024-42124 CVE-2024-42125 CVE-2024-42126 CVE-2024-42127 CVE-2024-42130 CVE-2024-42131 CVE-2024-42132 CVE-2024-42133 CVE-2024-42136 CVE-2024-42137 CVE-2024-42138 CVE-2024-42139 CVE-2024-42141 CVE-2024-42142 CVE-2024-42143 CVE-2024-42144 CVE-2024-42145 CVE-2024-42147 CVE-2024-42148 CVE-2024-42152 CVE-2024-42153 CVE-2024-42155 CVE-2024-42156 CVE-2024-42157 CVE-2024-42158 CVE-2024-42159 CVE-2024-42161 CVE-2024-42162 CVE-2024-42223 CVE-2024-42224 CVE-2024-42225 CVE-2024-42226 CVE-2024-42227 CVE-2024-42228 CVE-2024-42229 CVE-2024-42230 CVE-2024-42232 CVE-2024-42236 CVE-2024-42237 CVE-2024-42238 CVE-2024-42239 CVE-2024-42240 CVE-2024-42241 CVE-2024-42244 CVE-2024-42245 CVE-2024-42246 CVE-2024-42247 CVE-2024-42250 CVE-2024-42253 CVE-2024-42259 CVE-2024-42268 CVE-2024-42269 CVE-2024-42270 CVE-2024-42271 CVE-2024-42274 CVE-2024-42276 CVE-2024-42277 CVE-2024-42278 CVE-2024-42279 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42290 CVE-2024-42291 CVE-2024-42292 CVE-2024-42295 CVE-2024-42298 CVE-2024-42301 CVE-2024-42302 CVE-2024-42303 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-42314 CVE-2024-42315 CVE-2024-42316 CVE-2024-42318 CVE-2024-42319 CVE-2024-42320 CVE-2024-42322 CVE-2024-43816 CVE-2024-43817 CVE-2024-43818 CVE-2024-43819 CVE-2024-43821 CVE-2024-43823 CVE-2024-43824 CVE-2024-43825 CVE-2024-43826 CVE-2024-43829 CVE-2024-43830 CVE-2024-43831 CVE-2024-43833 CVE-2024-43834 CVE-2024-43837 CVE-2024-43839 CVE-2024-43840 CVE-2024-43841 CVE-2024-43842 CVE-2024-43846 CVE-2024-43847 CVE-2024-43849 CVE-2024-43850 CVE-2024-43851 CVE-2024-43853 CVE-2024-43854 CVE-2024-43855 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43863 CVE-2024-43864 CVE-2024-43866 CVE-2024-43867 CVE-2024-43871 CVE-2024-43872 CVE-2024-43873 CVE-2024-43874 CVE-2024-43875 CVE-2024-43876 CVE-2024-43877 CVE-2024-43879 CVE-2024-43880 CVE-2024-43881 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43885 CVE-2024-43889 CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43895 CVE-2024-43897 CVE-2024-43899 CVE-2024-43900 CVE-2024-43902 CVE-2024-43903 CVE-2024-43905 CVE-2024-43906 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909 CVE-2024-43911 CVE-2024-43912 CVE-2024-44931 CVE-2024-44938 CVE-2024-44939 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3360-1 Released: Sun Sep 22 23:45:55 2024 Summary: Security update for container-suseconnect Type: security Severity: important References: 1225973,1225974,1227314,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3383-1 Released: Mon Sep 23 10:29:54 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1193454,1194869,1205462,1208783,1213123,1214285,1215199,1220066,1220252,1220877,1221326,1221630,1221645,1221652,1221857,1222254,1222335,1222350,1222364,1222372,1222387,1222433,1222434,1222463,1222625,1222633,1222634,1222808,1222967,1222973,1223053,1223074,1223191,1223395,1223635,1223720,1223731,1223742,1223763,1223767,1223777,1223803,1224105,1224415,1224485,1224496,1224510,1224535,1224631,1224636,1224690,1224694,1224700,1224711,1225475,1225582,1225607,1225717,1225718,1225744,1225745,1225751,1225814,1225832,1225838,1225903,1226031,1226127,1226502,1226530,1226588,1226604,1226743,1226751,1226765,1226798,1226801,1226834,1226874,1226885,1226920,1227149,1227182,1227383,1227437,1227492,1227493,1227494,1227618,1227620,1227623,1227627,1227634,1227706,1227722,1227724,1227725,1227728,1227729,1227732,1227733,1227734,1227747,1227750,1227754,1227758,1227760,1227761,1227764,1227766,1227770,1227771,1227772,1227774,1227781,1227784,1227785,1227787,1227790,1227791,1227792,1227796,1 227798,1227799,1227802,1227808,1227810,1227811,1227812,1227815,1227816,1227818,1227820,1227823,1227824,1227826,1227828,1227829,1227830,1227832,1227833,1227834,1227839,1227840,1227846,1227849,1227851,1227853,1227863,1227864,1227865,1227867,1227869,1227870,1227883,1227884,1227891,1227893,1227929,1227950,1227957,1227981,1228020,1228021,1228114,1228192,1228195,1228202,1228235,1228236,1228237,1228247,1228321,1228409,1228410,1228426,1228427,1228429,1228446,1228447,1228449,1228450,1228452,1228456,1228457,1228458,1228459,1228460,1228462,1228463,1228466,1228467,1228468,1228469,1228470,1228472,1228479,1228480,1228481,1228482,1228483,1228484,1228485,1228486,1228487,1228489,1228491,1228492,1228493,1228494,1228495,1228496,1228499,1228500,1228501,1228502,1228503,1228505,1228508,1228509,1228510,1228511,1228513,1228515,1228516,1228518,1228520,1228525,1228527,1228530,1228531,1228539,1228561,1228563,1228564,1228565,1228567,1228568,1228572,1228576,1228579,1228580,1228581,1228582,1228584,1228586,122858 8,1228590,1228591,1228599,1228615,1228616,1228617,1228625,1228626,1228633,1228635,1228636,1228640,1228643,1228644,1228646,1228649,1228650,1228654,1228655,1228656,1228658,1228660,1228662,1228665,1228666,1228667,1228672,1228673,1228674,1228677,1228680,1228687,1228705,1228706,1228707,1228708,1228709,1228710,1228718,1228720,1228721,1228722,1228723,1228724,1228726,1228727,1228733,1228737,1228743,1228748,1228754,1228756,1228757,1228758,1228764,1228766,1228779,1228801,1228849,1228850,1228857,1228959,1228964,1228966,1228967,1228973,1228977,1228978,1228979,1228986,1228988,1228989,1228991,1228992,1229005,1229024,1229042,1229045,1229046,1229054,1229056,1229086,1229134,1229136,1229154,1229156,1229160,1229167,1229168,1229169,1229170,1229171,1229172,1229173,1229174,1229239,1229240,1229241,1229243,1229244,1229245,1229246,1229247,1229248,1229249,1229250,1229251,1229252,1229253,1229254,1229255,1229256,1229287,1229290,1229291,1229292,1229294,1229296,1229297,1229298,1229299,1229301,1229303,1229304,122 9305,1229307,1229309,1229312,1229313,1229314,1229315,1229316,1229317,1229318,1229319,1229320,1229327,1229341,1229342,1229344,1229345,1229346,1229347,1229349,1229350,1229351,1229353,1229354,1229355,1229356,1229357,1229358,1229359,1229360,1229365,1229366,1229369,1229370,1229373,1229374,1229379,1229381,1229382,1229383,1229386,1229388,1229390,1229391,1229392,1229395,1229398,1229399,1229400,1229402,1229403,1229404,1229407,1229409,1229410,1229411,1229413,1229414,1229417,1229444,1229451,1229452,1229455,1229456,1229480,1229481,1229482,1229484,1229485,1229486,1229487,1229488,1229489,1229490,1229493,1229495,1229496,1229497,1229500,1229503,1229707,1229739,1229743,1229746,1229747,1229752,1229754,1229755,1229756,1229759,1229761,1229767,1229781,1229784,1229785,1229787,1229788,1229789,1229792,1229820,1229827,1229830,1229837,1229940,1230056,1230350,1230413,CVE-2023-52489,CVE-2023-52581,CVE-2023-52668,CVE-2023-52688,CVE-2023-52735,CVE-2023-52859,CVE-2023-52885,CVE-2023-52886,CVE-2023-52887,CVE-2023- 52889,CVE-2024-26590,CVE-2024-26631,CVE-2024-26637,CVE-2024-26668,CVE-2024-26669,CVE-2024-26677,CVE-2024-26682,CVE-2024-26683,CVE-2024-26691,CVE-2024-26735,CVE-2024-26808,CVE-2024-26809,CVE-2024-26812,CVE-2024-26835,CVE-2024-26837,CVE-2024-26849,CVE-2024-26851,CVE-2024-26889,CVE-2024-26920,CVE-2024-26944,CVE-2024-26976,CVE-2024-27010,CVE-2024-27011,CVE-2024-27024,CVE-2024-27049,CVE-2024-27050,CVE-2024-27079,CVE-2024-27403,CVE-2024-27433,CVE-2024-27437,CVE-2024-31076,CVE-2024-35854,CVE-2024-35855,CVE-2024-35897,CVE-2024-35902,CVE-2024-35913,CVE-2024-35939,CVE-2024-35949,CVE-2024-36270,CVE-2024-36286,CVE-2024-36288,CVE-2024-36489,CVE-2024-36881,CVE-2024-36907,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36929,CVE-2024-36933,CVE-2024-36939,CVE-2024-36970,CVE-2024-36979,CVE-2024-38548,CVE-2024-38563,CVE-2024-38609,CVE-2024-38662,CVE-2024-39476,CVE-2024-39483,CVE-2024-39484,CVE-2024-39486,CVE-2024-39488,CVE-2024-39489,CVE-2024-39491,CVE-2024-39493,CVE-2024-39497,CVE-2024-39499,C VE-2024-39500,CVE-2024-39501,CVE-2024-39505,CVE-2024-39506,CVE-2024-39508,CVE-2024-39509,CVE-2024-39510,CVE-2024-40899,CVE-2024-40900,CVE-2024-40902,CVE-2024-40903,CVE-2024-40904,CVE-2024-40905,CVE-2024-40909,CVE-2024-40910,CVE-2024-40911,CVE-2024-40912,CVE-2024-40913,CVE-2024-40916,CVE-2024-40920,CVE-2024-40921,CVE-2024-40922,CVE-2024-40924,CVE-2024-40926,CVE-2024-40927,CVE-2024-40929,CVE-2024-40930,CVE-2024-40932,CVE-2024-40934,CVE-2024-40936,CVE-2024-40938,CVE-2024-40939,CVE-2024-40941,CVE-2024-40942,CVE-2024-40943,CVE-2024-40944,CVE-2024-40945,CVE-2024-40954,CVE-2024-40956,CVE-2024-40957,CVE-2024-40958,CVE-2024-40959,CVE-2024-40962,CVE-2024-40964,CVE-2024-40967,CVE-2024-40976,CVE-2024-40977,CVE-2024-40978,CVE-2024-40981,CVE-2024-40982,CVE-2024-40984,CVE-2024-40987,CVE-2024-40988,CVE-2024-40989,CVE-2024-40990,CVE-2024-40992,CVE-2024-40994,CVE-2024-40995,CVE-2024-40997,CVE-2024-41000,CVE-2024-41001,CVE-2024-41002,CVE-2024-41004,CVE-2024-41007,CVE-2024-41009,CVE-2024-41010,CVE-2024 -41011,CVE-2024-41012,CVE-2024-41015,CVE-2024-41016,CVE-2024-41020,CVE-2024-41022,CVE-2024-41024,CVE-2024-41025,CVE-2024-41028,CVE-2024-41032,CVE-2024-41035,CVE-2024-41036,CVE-2024-41037,CVE-2024-41038,CVE-2024-41039,CVE-2024-41040,CVE-2024-41041,CVE-2024-41044,CVE-2024-41045,CVE-2024-41048,CVE-2024-41049,CVE-2024-41050,CVE-2024-41051,CVE-2024-41056,CVE-2024-41057,CVE-2024-41058,CVE-2024-41059,CVE-2024-41060,CVE-2024-41061,CVE-2024-41062,CVE-2024-41063,CVE-2024-41064,CVE-2024-41065,CVE-2024-41066,CVE-2024-41068,CVE-2024-41069,CVE-2024-41070,CVE-2024-41071,CVE-2024-41072,CVE-2024-41073,CVE-2024-41074,CVE-2024-41075,CVE-2024-41076,CVE-2024-41078,CVE-2024-41079,CVE-2024-41080,CVE-2024-41081,CVE-2024-41084,CVE-2024-41087,CVE-2024-41088,CVE-2024-41089,CVE-2024-41092,CVE-2024-41093,CVE-2024-41094,CVE-2024-41095,CVE-2024-41096,CVE-2024-41097,CVE-2024-41098,CVE-2024-42064,CVE-2024-42069,CVE-2024-42070,CVE-2024-42073,CVE-2024-42074,CVE-2024-42076,CVE-2024-42077,CVE-2024-42079,CVE-2024-42080, CVE-2024-42082,CVE-2024-42085,CVE-2024-42086,CVE-2024-42087,CVE-2024-42089,CVE-2024-42090,CVE-2024-42092,CVE-2024-42093,CVE-2024-42095,CVE-2024-42096,CVE-2024-42097,CVE-2024-42098,CVE-2024-42101,CVE-2024-42104,CVE-2024-42105,CVE-2024-42106,CVE-2024-42107,CVE-2024-42109,CVE-2024-42110,CVE-2024-42113,CVE-2024-42114,CVE-2024-42115,CVE-2024-42117,CVE-2024-42119,CVE-2024-42120,CVE-2024-42121,CVE-2024-42122,CVE-2024-42124,CVE-2024-42125,CVE-2024-42126,CVE-2024-42127,CVE-2024-42130,CVE-2024-42131,CVE-2024-42132,CVE-2024-42133,CVE-2024-42136,CVE-2024-42137,CVE-2024-42138,CVE-2024-42139,CVE-2024-42141,CVE-2024-42142,CVE-2024-42143,CVE-2024-42144,CVE-2024-42145,CVE-2024-42147,CVE-2024-42148,CVE-2024-42152,CVE-2024-42153,CVE-2024-42155,CVE-2024-42156,CVE-2024-42157,CVE-2024-42158,CVE-2024-42159,CVE-2024-42161,CVE-2024-42162,CVE-2024-42223,CVE-2024-42224,CVE-2024-42225,CVE-2024-42226,CVE-2024-42227,CVE-2024-42228,CVE-2024-42229,CVE-2024-42230,CVE-2024-42232,CVE-2024-42236,CVE-2024-42237,CVE-202 4-42238,CVE-2024-42239,CVE-2024-42240,CVE-2024-42241,CVE-2024-42244,CVE-2024-42245,CVE-2024-42246,CVE-2024-42247,CVE-2024-42250,CVE-2024-42253,CVE-2024-42259,CVE-2024-42268,CVE-2024-42269,CVE-2024-42270,CVE-2024-42271,CVE-2024-42274,CVE-2024-42276,CVE-2024-42277,CVE-2024-42278,CVE-2024-42279,CVE-2024-42280,CVE-2024-42281,CVE-2024-42283,CVE-2024-42284,CVE-2024-42285,CVE-2024-42286,CVE-2024-42287,CVE-2024-42288,CVE-2024-42289,CVE-2024-42290,CVE-2024-42291,CVE-2024-42292,CVE-2024-42295,CVE-2024-42298,CVE-2024-42301,CVE-2024-42302,CVE-2024-42303,CVE-2024-42308,CVE-2024-42309,CVE-2024-42310,CVE-2024-42311,CVE-2024-42312,CVE-2024-42313,CVE-2024-42314,CVE-2024-42315,CVE-2024-42316,CVE-2024-42318,CVE-2024-42319,CVE-2024-42320,CVE-2024-42322,CVE-2024-43816,CVE-2024-43817,CVE-2024-43818,CVE-2024-43819,CVE-2024-43821,CVE-2024-43823,CVE-2024-43824,CVE-2024-43825,CVE-2024-43826,CVE-2024-43829,CVE-2024-43830,CVE-2024-43831,CVE-2024-43833,CVE-2024-43834,CVE-2024-43837,CVE-2024-43839,CVE-2024-43840 ,CVE-2024-43841,CVE-2024-43842,CVE-2024-43846,CVE-2024-43847,CVE-2024-43849,CVE-2024-43850,CVE-2024-43851,CVE-2024-43853,CVE-2024-43854,CVE-2024-43855,CVE-2024-43856,CVE-2024-43858,CVE-2024-43860,CVE-2024-43861,CVE-2024-43863,CVE-2024-43864,CVE-2024-43866,CVE-2024-43867,CVE-2024-43871,CVE-2024-43872,CVE-2024-43873,CVE-2024-43874,CVE-2024-43875,CVE-2024-43876,CVE-2024-43877,CVE-2024-43879,CVE-2024-43880,CVE-2024-43881,CVE-2024-43882,CVE-2024-43883,CVE-2024-43884,CVE-2024-43885,CVE-2024-43889,CVE-2024-43892,CVE-2024-43893,CVE-2024-43894,CVE-2024-43895,CVE-2024-43897,CVE-2024-43899,CVE-2024-43900,CVE-2024-43902,CVE-2024-43903,CVE-2024-43905,CVE-2024-43906,CVE-2024-43907,CVE-2024-43908,CVE-2024-43909,CVE-2024-43911,CVE-2024-43912,CVE-2024-44931,CVE-2024-44938,CVE-2024-44939 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in starting tx ba session (bsc#1229827). - CVE-2024-43899: drm/amd/display: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43880: kabi: lib: objagg: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-43864: net/mlx5e: Fix CT entry update leaks of modify header context (bsc#1229496). - CVE-2024-43855: md: fix deadlock between mddev_suspend and flush bio (bsc#1229342). - CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-43850: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove (bsc#1229316). - CVE-2024-43839: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-43837: bpf: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-43834: xdp: fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43821: scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42318: landlock: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2024-42316: mm/mglru: fix div-by-zero in vmpressure_calc_level() (bsc#1229353). - CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-42308: Update DRM patch reference (bsc#1229411) - CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-42295: nilfs2: handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-42291: ice: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42290: irqchip/imx-irqsteer: Handle runtime power management correctly (bsc#1229379). - CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: net: nexthop: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-42277: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-42270: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init() (bsc#1229404). - CVE-2024-42269: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init() (bsc#1229402). - CVE-2024-42268: net/mlx5: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-42247: wireguard: allowedips: avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42245: Revert 'sched/fair: Make sure to try to detach at least one movable task' (bsc#1228978). - CVE-2024-42241: mm/shmem: disable PMD-sized page cache if needed (bsc#1228986). - CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723). - CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-42159: scsi: mpi3mr: fix sanitise num_phys (bsc#1228754). - CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727). - CVE-2024-42156: s390/pkey: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). - CVE-2024-42142: net/mlx5: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42139: ice: Fix improper extts handling (bsc#1228503). - CVE-2024-42138: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file (bsc#1228500). - CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-42113: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568). - CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42109: netfilter: nf_tables: unconditionally flush pending work before notifier (bsc#1228505). - CVE-2024-42107: ice: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42095: serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-42073: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems (bsc#1228457). - CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-41084: cxl/region: Avoid null pointer dereference in region lookup (bsc#1228472). - CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617). - CVE-2024-41080: io_uring: fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-41075: cachefiles: add consistency check for copen/cread (bsc#1228646). - CVE-2024-41074: cachefiles: Set object to close if ondemand_id < 0 in copen (bsc#1228643). - CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640). - CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576). - CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41051: cachefiles: wait for ondemand_object_worker to finish when dropping object (bsc#1228468). - CVE-2024-41050: cachefiles: cyclic allocation of msg_id to avoid reuse (bsc#1228499). - CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-41036: net: ks8851: Fix deadlock with the SPI chip variant (bsc#1228496). - CVE-2024-41032: mm: vmalloc: check if a hash-index is in cpu_possible_mask (bsc#1228460). - CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41010: bpf: Fix too early release of tcx_entry (bsc#1228021). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-41007: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867). - CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40957: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (bsc#1227811). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-40939: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (bsc#1227799). - CVE-2024-40938: landlock: fix d_parent walk (bsc#1227840). - CVE-2024-40921: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (bsc#1227784). - CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (bsc#1227781). - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-40905: ipv6: fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-36979: net: bridge: mst: fix vlan use-after-free (bsc#1226604). - CVE-2024-36933: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-36929: net: core: reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36881: mm/userfaultfd: Fix reset ptes when close() for wr-protected (bsc#1225718). - CVE-2024-36489: tls: fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798) - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-35897: netfilter: nf_tables: discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711). - CVE-2024-27403: kabi: restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27079: iommu/vt-d: Fix NULL domain on device release (bsc#1223742). - CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777). - CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803). - CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-26835: netfilter: nf_tables: set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808). - CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path (bsc#1222633). - CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-26677: blacklist.conf: Add e7870cf13d20 ('rxrpc: Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-26669: kABI fix for net/sched: flower: Fix chain template offload (bsc#1222350). - CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26631: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-26590: erofs: fix inconsistent per-file compression format (bsc#1220252). - CVE-2023-52889: apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287). - CVE-2023-52859: perf: hisi: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2023-52581: netfilter: nf_tables: fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326). The following non-security bugs were fixed: - ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (git-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (stable-fixes). - ACPI: battery: create alarm sysfs attribute atomically (stable-fixes). - ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead() (git-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes). - ALSA: hda/realtek - Fixed ALC285 headphone no sound (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (stable-fixes). - ALSA: hda/realtek: Add support for new HP G12 laptops (stable-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (stable-fixes). - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra (stable-fixes). - ALSA: hda/realtek: Implement sound init sequence for Samsung Galaxy Book3 Pro 360 (stable-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (stable-fixes). - ALSA: hda/tas2781: Use correct endian conversion (git-fixes). - ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes). - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Skip event type filtering for UMP events (git-fixes). - ALSA: seq: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: seq: ump: Optimize conversions from SysEx to UMP (git-fixes). - ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: seq: ump: Use the common RPN/bank conversion context (stable-fixes). - ALSA: timer: Relax start tick time check for slave timer elements (git-fixes). - ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes). - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes). - ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: amd: Fix for acp init sequence (git-fixes). - ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data (stable-fixes). - ASoC: SOF: mediatek: Add missing board compatible (stable-fixes). - ASoC: allow module autoloading for table board_ids (stable-fixes). - ASoC: allow module autoloading for table db1200_pids (stable-fixes). - ASoC: amd: acp: fix module autoloading (git-fixes). - ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx (bsc#1227182). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio (stable-fixes). - Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Add error handling to pair_device() (git-fixes). - Bluetooth: SMP: Fix assumption of Central always being Initiator (git-fixes). - Bluetooth: bnep: Fix out-of-bound access (stable-fixes). - Bluetooth: btintel: Fail setup on error (git-fixes). - Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading (stable-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (stable-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (stable-fixes). - Bluetooth: hci_conn: Check non NULL function before calling for HFP offload (stable-fixes). - Bluetooth: hci_core: Fix LE quote calculation (git-fixes). - Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes). - Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (git-fixes). - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes). - Drop libata patch that caused a regression (bsc#1229054) - HID: wacom: Defer calculation of resolution until resolution_code is known (git-fixes). - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1229056). - Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 (stable-fixes). - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination (stable-fixes). - KVM: Always flush async #PF workqueue when vCPU is being destroyed (git-fixes). - KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY (git-fixes). - KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE (bsc#1215199). - KVM: Protect vcpu->pid dereference via debugfs with RCU (git-fixes). - KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes). - KVM: Stop processing *all* memslots when 'null' mmu_notifier handler is found (git-fixes). - KVM: VMX: Move posted interrupt descriptor out of VMX code (git-fixes). - KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (git-fixes). - KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in vmx_exit() (git-fixes). - KVM: arm64: AArch32: Fix spurious trapping of conditional instructions (git-fixes). - KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes). - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes). - KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes). - KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes). - KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes) - KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes). - KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 (git-fixes). - KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init() (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes). - KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes). - KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes). - KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy() (git-fixes). - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (git-fixes). - KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes). - KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes). - KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector (git-fixes). - KVM: nVMX: Check for pending posted interrupts when looking for nested events (git-fixes). - KVM: nVMX: Request immediate exit iff pending nested event needs injection (git-fixes). - KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - KVM: s390: fix validity interception issue when gisa is switched off (git-fixes bsc#1229167). - KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE (git-fixes). - KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes). - Move upstreamed powerpc patches into sorted section - Move upstreamed sound patches into sorted section - Moved upstreamed ASoC patch into sorted section - NFSD: Support write delegations in LAYOUTGET (git-fixes). - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes). - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes). - RDMA/cache: Release GID table even if leak is detected (git-fixes) - RDMA/device: Return error earlier if port in not valid (git-fixes) - RDMA/hns: Check atomic wr length (git-fixes) - RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes) - RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes) - RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes). - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes) - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes) - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783). - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783). - Revert 'KVM: Prevent module exit until all VMs are freed' (git-fixes). - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (git-fixes). - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (git-fixes). - Revert 'misc: fastrpc: Restrict untrusted app to attach to privileged PD' (git-fixes). - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413). - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413). - Revert 'usb: gadget: uvc: cleanup request when not in correct state' (stable-fixes). - Revert 'usb: typec: tcpm: clear pd_event queue in PORT_RESET' (git-fixes). - SUNRPC: Fix a race to wake a sync task (git-fixes). - SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - Squashfs: fix variable overflow triggered by sysbot (git-fixes). - USB: serial: debug: do not echo input by default (stable-fixes). - Update config files. Disable CONFIG_KFENCE on ppc64le (bsc#1226920) - Update config files. Disable vdpa drivers for Alibaba ENI and SolidNET (jsc#PED-8954, bsc#1227834) - Update patch references for ASoC regression fixes (bsc#1229045, bsc#1229046) - afs: fix __afs_break_callback() / afs_drop_open_mmap() race (git-fixes). - apparmor: unpack transition table if dfa is not present (bsc#1226031). - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes) - arm64: barrier: Restore spec_bar() macro (git-fixes) - arm64: cputype: Add Cortex-A720 definitions (git-fixes) - arm64: cputype: Add Cortex-A725 definitions (git-fixes) - arm64: cputype: Add Cortex-X1C definitions (git-fixes) - arm64: cputype: Add Cortex-X3 definitions (git-fixes) - arm64: cputype: Add Cortex-X4 definitions (git-fixes) - arm64: cputype: Add Cortex-X925 definitions (git-fixes) - arm64: cputype: Add Neoverse-V3 definitions (git-fixes) - arm64: dts: imx8mp: Add NPU Node (git-fixes) - arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes) - arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes) - arm64: dts: imx8mp: add HDMI power-domains (git-fixes) - arm64: errata: Expand speculative SSBS workaround (again) (git-fixes) - arm64: errata: Expand speculative SSBS workaround (git-fixes) - arm64: errata: Unify speculative SSBS errata logic (git-fixes). Update config files. - arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes) - ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 (stable-fixes). - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (stable-fixes). - blacklist.conf: Add libata upstream revert entry (bsc#1229054) - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes) - bpf, lpm: Fix check prefixlen before walking trie (git-fixes). - bpf/tests: Remove duplicate JSGT tests (git-fixes). - bpf: Add crosstask check to __bpf_get_stack (git-fixes). - bpf: Detect IP == ksym.end as part of BPF program (git-fixes). - bpf: Ensure proper register state printing for cond jumps (git-fixes). - bpf: Fix a few selftest failures due to llvm18 change (git-fixes). - bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903). - bpf: Fix check_stack_write_fixed_off() to correctly spill imm (git-fixes). - bpf: Fix kfunc callback register type handling (git-fixes). - bpf: Fix prog_array_map_poke_run map poke update (git-fixes). - bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes). - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (git-fixes). - bpf: Remove unnecessary wait from bpf_map_copy_value() (git-fixes). - bpf: Set uattr->batch.count as zero before batched update or deletion (git-fixes). - bpf: do not infer PTR_TO_CTX for programs with unnamed context type (git-fixes). - bpf: enforce precision of R0 on callback return (git-fixes). - bpf: extract bpf_ctx_convert_map logic and make it more reusable (git-fixes). - bpf: fix control-flow graph checking in privileged mode (git-fixes). - bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX global arg (git-fixes). - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() (git-fixes). - bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes). - bpf: simplify btf_get_prog_ctx_type() into btf_is_prog_ctx_type() (git-fixes). - bpftool: Align output skeleton ELF code (git-fixes). - bpftool: Fix -Wcast-qual warning (git-fixes). - bpftool: Silence build warning about calloc() (git-fixes). - bpftool: mark orphaned programs during prog show (git-fixes). - btrfs: add a btrfs_finish_ordered_extent helper (git-fixes). - btrfs: add a is_data_bbio helper (git-fixes). - btrfs: add an ordered_extent pointer to struct btrfs_bio (git-fixes). - btrfs: copy dir permission and time when creating a stub subvolume (bsc#1228321). - btrfs: ensure fast fsync waits for ordered extents after a write failure (git-fixes). - btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes). - btrfs: factor out a can_finish_ordered_extent helper (git-fixes). - btrfs: fix corruption after buffer fault in during direct IO append write (git-fixes). - btrfs: fix double inode unlock for direct IO sync writes (git-fixes). - btrfs: fix extent map use-after-free when adding pages to compressed bio (git-fixes). - btrfs: fix leak of qgroup extent records after transaction abort (git-fixes). - btrfs: fix ordered extent split error handling in btrfs_dio_submit_io (git-fixes). - btrfs: limit write bios to a single ordered extent (git-fixes). - btrfs: make btrfs_finish_ordered_extent() return void (git-fixes). - btrfs: merge the two calls to btrfs_add_ordered_extent in run_delalloc_nocow (git-fixes). - btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io (git-fixes). - btrfs: open code end_extent_writepage in end_bio_extent_writepage (git-fixes). - btrfs: pass a btrfs_inode to btrfs_fdatawrite_range() (git-fixes). - btrfs: pass a btrfs_inode to btrfs_wait_ordered_range() (git-fixes). - btrfs: pass an ordered_extent to btrfs_reloc_clone_csums (git-fixes). - btrfs: pass an ordered_extent to btrfs_submit_compressed_write (git-fixes). - btrfs: remove btrfs_add_ordered_extent (git-fixes). - btrfs: rename err to ret in btrfs_direct_write() (git-fixes). - btrfs: uninline some static inline helpers from tree-log.h (git-fixes). - btrfs: use a btrfs_inode in the log context (struct btrfs_log_ctx) (git-fixes). - btrfs: use a btrfs_inode local variable at btrfs_sync_file() (git-fixes). - btrfs: use bbio->ordered in btrfs_csum_one_bio (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete buffered writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete compressed writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete direct writes (git-fixes). - btrfs: use irq safe locking when running and adding delayed iputs (git-fixes). - cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode (bsc#1229245). - cachefiles: add missing lock protection when polling (bsc#1229256). - cachefiles: add restore command to recover inflight ondemand read requests (bsc#1229244). - cachefiles: add spin_lock for cachefiles_ondemand_info (bsc#1229249). - cachefiles: cancel all requests for the object that is being dropped (bsc#1229255). - cachefiles: defer exposing anon_fd until after copy_to_user() succeeds (bsc#1229251). - cachefiles: extract ondemand info field from cachefiles_object (bsc#1229240). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() (bsc#1229247). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() (bsc#1229246). - cachefiles: introduce object ondemand state (bsc#1229239). - cachefiles: make on-demand read killable (bsc#1229252). - cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode (bsc#1229243). - cachefiles: never get a new anonymous fd if ondemand_id is valid (bsc#1229250). - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229253). - cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() (bsc#1229248). - cachefiles: resend an open request if the read request's object is closed (bsc#1229241). - cachefiles: stop sending new request when dropping object (bsc#1229254). - can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum (stable-fixes). - can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - ceph: periodically flush the cap releases (bsc#1230056). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - char: xillybus: Check USB endpoints when probing device (git-fixes). - char: xillybus: Do not destroy workqueue from work item running on it (stable-fixes). - char: xillybus: Refine workqueue handling (git-fixes). - clk: en7523: fix rate divider for slic and spi clocks (git-fixes). - clk: qcom: Park shared RCGs upon registration (git-fixes). - clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags (git-fixes). - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (git-fixes). - clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags (git-fixes). - clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's (git-fixes). - clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error (git-fixes). - clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider (stable-fixes). - clocksource/drivers/sh_cmt: Address race condition for clock events (stable-fixes). - cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - dev/parport: fix the array out-of-bounds risk (stable-fixes). - device property: Add cleanup.h based fwnode_handle_put() scope based cleanup (stable-fixes). - dmaengine: dw: Add memory bus width verification (git-fixes). - dmaengine: dw: Add peripheral bus width verification (git-fixes). - docs: KVM: Fix register ID of SPSR_FIQ (git-fixes). - driver core: Fix uevent_show() vs driver detach race (git-fixes). - drm/admgpu: fix dereferencing null pointer context (stable-fixes). - drm/amd/display: Add delay to improve LTTPR UHBR interop (stable-fixes). - drm/amd/display: Add null checker before passing variables (stable-fixes). - drm/amd/display: Adjust cursor position (git-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes). - drm/amd/display: avoid using null object of framebuffer (git-fixes). - drm/amd/display: fix cursor offset on rotation 180 (git-fixes). - drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes). - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - drm/amdgpu/jpeg4: properly set atomics vmid field (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 (git-fixes). - drm/amdgpu: Actually check flags for all context ops (stable-fixes). - drm/amdgpu: Add lock around VF RLCG interface (stable-fixes). - drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes). - drm/amdgpu: Forward soft recovery errors to userspace (stable-fixes). - drm/amdgpu: Validate TA binary size (stable-fixes). - drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - drm/amdgpu: fix potential resource leak warning (stable-fixes). - drm/amdgpu: reset vm state machine after gpu reset(vram lost) (stable-fixes). - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes). - drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (git-fixes). - drm/i915/gem: Adjust vma offset for framebuffer mmap offset (stable-fixes). - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (git-fixes). - drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes). - drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() (git-fixes). - drm/lima: set gp bus_stop bit before hard reset (stable-fixes). - drm/mediatek/dp: Fix spurious kfree() (git-fixes). - drm/msm/dp: fix the max supported bpp logic (git-fixes). - drm/msm/dp: reset the link phy params before link training (git-fixes). - drm/msm/dpu: capture snapshot on the first commit_done timeout (stable-fixes). - drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes). - drm/msm/dpu: do not play tricks with debug macros (git-fixes). - drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes). - drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() (git-fixes). - drm/msm/dpu: split dpu_encoder_wait_for_event into two functions (stable-fixes). - drm/msm/dpu: take plane rotation into account for wide planes (git-fixes). - drm/msm/dpu: try multirect based on mdp clock limits (stable-fixes). - drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys (stable-fixes). - drm/msm/mdss: Rename path references to mdp_path (stable-fixes). - drm/msm/mdss: switch mdss to use devm_of_icc_get() (stable-fixes). - drm/msm: Reduce fallout of fence signaling vs reclaim hangs (stable-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels (stable-fixes). - drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c (bsc#1229024). - drm/radeon: Remove __counted_by from StateArray.states[] (git-fixes). - drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode (stable-fixes). - drm/virtio: Fix type of dma-fence context variable (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - drm/vmwgfx: Fix prime with external buffers (git-fixes). - efi/libstub: Zero initialize heap allocated struct screen_info (git-fixes). - evm: do not copy up 'security.evm' xattr (git-fixes). - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid (stable-fixes). - fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229455). - fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229456). - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes). - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes). - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - gfs2: setattr_chown: Add missing initialization (git-fixes). - gpio: mlxbf3: Support shutdown() function (git-fixes). - gpio: prevent potential speculation leaks in gpio_device_get_desc() (stable-fixes). - gpio: sysfs: extend the critical section for unregistering sysfs devices (stable-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - hwmon: (ltc2992) Avoid division by zero (stable-fixes). - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (git-fixes). - hwmon: (pc87360) Bounds check data->innr usage (stable-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: riic: avoid potential division by zero (stable-fixes). - i2c: smbus: Improve handling of stuck alerts (git-fixes). - i2c: smbus: Send alert notifications to all devices if source not found (git-fixes). - i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes). - i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (stable-fixes). - i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (stable-fixes). - i915/perf: Remove code to update PWR_CLK_STATE for gen12 (git-fixes). - ice: Fix NULL pointer access, if PF does not support SRIOV_LAG (bsc#1228737). - io_uring/advise: support 64-bit lengths (git-fixes). - io_uring: Drop per-ctx dummy_ubuf (git-fixes). - io_uring: Fix probe of disabled operations (git-fixes). - io_uring: fix io_match_task must_hold (git-fixes). - io_uring: tighten task exit cancellations (git-fixes). - iommu/amd: Convert comma to semicolon (git-fixes). - iommu/vt-d: Fix identity map bounds in si_domain_init() (git-fixes). - iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace() (git-fixes). - ip6_tunnel: Fix broken GRO (bsc#1229444). - ipv6: sr: fix incorrect unregister order (git-fixes). - irqdomain: Fixed unbalanced fwnode get and put (git-fixes). - jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes). - jfs: define xtree root and page independently (git-fixes). - jfs: fix null ptr deref in dtInsertEntry (git-fixes). - jump_label: Clarify condition in static_key_fast_inc_not_disabled() (git-fixes). - jump_label: Fix concurrency issues in static_key_slow_dec() (git-fixes). - jump_label: Fix the fix, brown paper bags galore (git-fixes). - jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() (git-fixes). - kABI fix of: virtio-crypto: handle config changed by work queue (git-fixes). - kABI workaround for sound core UMP conversion (stable-fixes). - kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi: more build fix without patches.kabi (bsc#1226502) - kcov: properly check for softirq context (git-fixes). - kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042). - kernel-binary: generate and install compile_commands.json (bsc#1228971). - kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() (bsc#1229134). - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files (git-fixes). - kprobes: Fix to check symbol prefixes correctly (git-fixes). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - kvm: s390: Reject memory region operations for ucontrol VMs (git-fixes bsc#1229168). - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API (git-fixes). - libbpf: Apply map_set_def_max_entries() for inner_maps on creation (git-fixes). - libbpf: Fix faccessat() usage on Android (git-fixes). - libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: keeping kabi compatibility for upstream commit 35a0a409fa26 (bsc#1223395). - md/md-bitmap: fix writing non bitmap pages (git-fixes). - md/raid1: set max_sectors during early return from choose_slow_rdev() (git-fixes). - md/raid1: support read error check (git-fixes). - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (git-fixes). - md/raid5: fix spares errors about rcu usage (git-fixes). - md/raid5: recheck if reshape has finished with device_lock held (git-fixes). - md: Do not wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl (git-fixes). - md: add a mddev_add_trace_msg helper (git-fixes). - md: add check for sleepers in md_wakeup_thread() (git-fixes). - md: change the return value type of md_write_start to void (git-fixes). - md: do not account sync_io if iostats of the disk is disabled (git-fixes). - md: do not delete safemode_timer in mddev_suspend (git-fixes). - md: factor out a helper exceed_read_errors() to check read_errors (git-fixes). - md: fix a suspicious RCU usage warning (git-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: amphion: Remove lock in s_ctrl callback (stable-fixes). - media: drivers/media/dvb-core: copy user arrays safely (stable-fixes). - media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes). - media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 (git-fixes). - media: uvcvideo: Disable autosuspend for Insta360 Link (stable-fixes). - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (stable-fixes). - media: uvcvideo: Ignore empty TS packets (stable-fixes). - media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 (stable-fixes). - media: xc2028: avoid use-after-free in load_firmware_cb() (stable-fixes). - memcg: protect concurrent access to mem_cgroup_idr (git-fixes). - memory: stm32-fmc2-ebi: check regmap_read return value (stable-fixes). - memory: tegra: Skip SID programming if SID registers are not set (stable-fixes). - minmax: add a few more MIN_T/MAX_T users (bsc#1229024). - minmax: avoid overly complicated constant expressions in VM code (bsc#1229024). - minmax: do not use max() in situations that want a C constant expression (bsc#1229024). - minmax: fix up min3() and max3() too (bsc#1229024). - minmax: improve macro expansion and type checking (bsc#1229024). - minmax: make generic MIN() and MAX() macros available everywhere (bsc#1229024). - minmax: simplify and clarify min_t()/max_t() implementation (bsc#1229024). - minmax: simplify min()/max()/clamp() implementation (bsc#1229024). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes). - mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes). - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail (git-fixes). - net/iucv: fix the allocation size of iucv_path_table array (git-fixes bsc#1229451). - net/iucv: fix use after free in iucv_sock_close() (bsc#1228973). - net/rds: fix possible cp null dereference (git-fixes). - net/sched: initialize noop_qdisc owner (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() (git-fixes). - net: fix sk_memory_allocated_{add|sub} vs softirqs (bsc#1228757). - net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - net: missing check virtio (git-fixes). - net: phy: micrel: Fix the KSZ9131 MDI-X status issue (git-fixes). - net: phy: realtek: add support for RTL8366S Gigabit PHY (git-fixes). - net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc: pn533: Add poll mod list filling check (git-fixes). - nfs: do not invalidate dentries on transient errors (git-fixes). - nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - nfs: make the rpc_stat per net namespace (git-fixes). - nfs: pass explicit offset/count to trace events (git-fixes). - nfs: propagate readlink errors in nfs_symlink_filler (git-fixes). - nouveau/firmware: use dma non-coherent allocator (git-fixes). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-multipath: implement 'queue-depth' iopolicy (bsc#1227706). - nvme-multipath: prepare for 'queue-depth' iopolicy (bsc#1227706). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: do not directly handle subsys reset fallout (bsc#1220066). - nvme-sysfs: add 'tls_configured_key' sysfs attribute (bsc#1221857). - nvme-sysfs: add 'tls_keyring' attribute (bsc#1221857). - nvme-tcp: check for invalidated or revoked key (bsc#1221857). - nvme-tcp: sanitize TLS key handling (bsc#1221857). - nvme: add a newline to the 'tls_key' sysfs attribute (bsc#1221857). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: split off TLS sysfs attributes into a separate group (bsc#1221857). - nvme: tcp: remove unnecessary goto statement (bsc#1221857). - nvme_core: scan namespaces asynchronously (bsc#1224105). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: do not return 'reserved' for empty TSAS values (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - nvmet: make 'tsas' attribute idempotent for RDMA (git-fixes). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (git-fixes). - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes). - platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779). - platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779). - platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779). - platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779). - platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779). - platform/x86/intel/ifs: Initialize union ifs_status to zero (git-fixes). - platform/x86: lg-laptop: fix %s null argument warning (stable-fixes). - power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes). - power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes). - power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (git-fixes). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec: make the update_cpus_node() function public (bsc#1194869). - powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869). - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869). - powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869). - printk/panic: Allow cpu backtraces to be written into ringbuffer during panic (bsc#1225607). - reiserfs: fix uninit-value in comp_keys (git-fixes). - rtc: nct3018y: fix possible NULL dereference (stable-fixes). - s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes bsc#1229171). - s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229173). - s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229452). - s390/pci: Add missing virt_to_phys() for directed DIBV (git-fixes bsc#1229174). - s390/pci: Allow allocation of more than 1 MSI interrupt (git-fixes bsc#1229172). - s390/pci: Refactor arch_setup_msi_irqs() (git-fixes bsc#1229172). - s390/pkey: harmonize pkey s390 debug feature calls (bsc#1228720). - s390/pkey: introduce dynamic debugging for pkey (bsc#1228720). - s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229169). - s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229170). - samples/bpf: syscall_tp_user: Fix array out-of-bound access (git-fixes). - samples/bpf: syscall_tp_user: Rename num_progs into nr_tests (git-fixes). - sbitmap: use READ_ONCE to access map->word (stable-fixes). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values (git-fixes). - selftests/bpf: Add a test to verify previous stacksafe() fix (bsc#1225903). - selftests/bpf: Add assert for user stacks in test_task_stack (git-fixes). - selftests/bpf: Add netkit to tc_redirect selftest (git-fixes). - selftests/bpf: De-veth-ize the tc_redirect test case (git-fixes). - selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes). - selftests/bpf: Fix erroneous bitmask operation (git-fixes). - selftests/bpf: Fix issues in setup_classid_environment() (git-fixes). - selftests/bpf: Fix potential premature unload in bpf_testmod (git-fixes). - selftests/bpf: Fix pyperf180 compilation failure with clang18 (git-fixes). - selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes). - selftests/bpf: Fix up xdp bonding test wrt feature flags (git-fixes). - selftests/bpf: Make linked_list failure test more robust (git-fixes). - selftests/bpf: Relax time_tai test for equal timestamps in tai_forward (git-fixes). - selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (git-fixes). - selftests/bpf: Wait for the netstamp_needed_key static key to be turned on (git-fixes). - selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes). - selftests/bpf: fix bpf_loop_bench for new callback verification scheme (git-fixes). - selftests/bpf: fix compiler warnings in RELEASE=1 mode (git-fixes). - selftests/bpf: satisfy compiler by having explicit return in btf test (git-fixes). - serial: core: check uartclk for zero to avoid divide by zero (stable-fixes). - soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes). - soc: qcom: pmic_glink: Actually communicate when remote goes down (git-fixes). - soundwire: stream: fix programming slave ports for non-continous port maps (git-fixes). - spi: Add empty versions of ACPI functions (stable-fixes). - spi: microchip-core: fix init function not setting the master and motorola modes (git-fixes). - spi: microchip-core: switch to use modern name (stable-fixes). - spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes). - spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes). - squashfs: squashfs_read_data need to check if the length is 0 (git-fixes). - ssb: Fix division by zero issue in ssb_calc_clock_rate (stable-fixes). - staging: iio: resolver: ad2s1210: fix use before initialization (stable-fixes). - staging: ks7010: disable bh on tx_dev_lock (stable-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849). - sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes). - swiotlb: do not set total_used to 0 in swiotlb_create_debugfs_files() (git-fixes). - swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes). - thermal/drivers/broadcom: Fix race between removal and clock disable (git-fixes). - thermal: bcm2835: Convert to platform remove callback returning void (stable-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tools/perf: Fix perf bench epoll to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix perf bench futex to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix timing issue with parallel threads in perf bench wake-up-parallel (bsc#1227747). - tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids (git-fixes). - tools/resolve_btfids: Fix cross-compilation to non-host endianness (git-fixes). - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h (git-fixes). - tools/resolve_btfids: fix build with musl libc (git-fixes). - trace/pid_list: Change gfp flags in pid_list_fill_irq() (git-fixes). - tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - tty: atmel_serial: use the correct RTS flag (git-fixes). - tty: serial: fsl_lpuart: mark last busy before uart_add_one_port (git-fixes). - usb: cdnsp: fix for Link TRB with TC (git-fixes). - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (git-fixes). - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usb: gadget: core: Check for unset descriptor (git-fixes). - usb: gadget: fsl: Increase size of name buffer for endpoints (stable-fixes). - usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed (git-fixes). - usb: gadget: u_serial: Set start_delayed during suspend (git-fixes). - usb: gadget: uvc: cleanup request when not in correct state (stable-fixes). - usb: typec: fsa4480: Add support to swap SBU orientation (git-fixes). - usb: typec: fsa4480: Check if the chip is really there (git-fixes). - usb: typec: fsa4480: Relax CHIP_ID check (git-fixes). - usb: typec: fsa4480: add support for Audio Accessory Mode (git-fixes). - usb: typec: fsa4480: rework mux & switch setup to handle more states (git-fixes). - usb: vhci-hcd: Do not drop references before new references are gained (stable-fixes). - vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes). - vhost-scsi: Handle vhost_vq_work_queue failures for events (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - vhost/vsock: always initialize seqpacket_allow (git-fixes). - vhost: Release worker mutex during flushes (git-fixes). - vhost: Use virtqueue mutex for swapping worker (git-fixes). - virt: guest_memfd: fix reference leak on hwpoisoned page (git-fixes). - virtio-crypto: handle config changed by work queue (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtiofs: forbid newlines in tags (bsc#1229940). - wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() (stable-fixes). - wifi: ath12k: fix soft lockup on suspend (git-fixes). - wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion (git-fixes). - wifi: cfg80211: fix reporting failed MLO links status with cfg80211_connect_done (git-fixes). - wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes). - wifi: mac80211: use monitor sdata with driver only if desired (git-fixes). - wifi: mwifiex: duplicate static structs used in driver instances (git-fixes). - wifi: nl80211: disallow setting special AP channel widths (stable-fixes). - wifi: nl80211: do not give key data to userspace (stable-fixes). - wifi: rtw88: usb: Fix disconnection after beacon loss (stable-fixes). - wifi: wfx: repair open network AP mode (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes). - x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes). - x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes). - x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes). - x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes). - x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() (git-fixes). - x86/numa: Fix the address overlap check in numa_fill_memblks() (git-fixes). - x86/numa: Fix the sort compare func used in numa_fill_memblks() (git-fixes). - x86/numa: Introduce numa_fill_memblks() (git-fixes). - x86/pci: Skip early E820 check for ECAM region (git-fixes). - x86/xen: Convert comma to semicolon (git-fixes). - xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes). - xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - xfs: allow cross-linking special files without project quota (git-fixes). - xfs: allow symlinks with short remote targets (bsc#1229160). - xfs: allow unlinked symlinks and dirs with zero size (git-fixes). - xfs: attr forks require attr, not attr2 (git-fixes). - xfs: convert comma to semicolon (git-fixes). - xfs: do not use current->journal_info (git-fixes). - xfs: fix unlink vs cluster buffer instantiation race (git-fixes). - xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (git-fixes). - xfs: journal geometry is not properly bounds checked (git-fixes). - xfs: match lock mode in xfs_buffered_write_iomap_begin() (git-fixes). - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (git-fixes). - xfs: upgrade the extent counters in xfs_reflink_end_cow_extent later (git-fixes). - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - xfs: use consistent uid/gid when grabbing dquots for inodes (git-fixes). - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes). The following package changes have been done: - container-suseconnect-2.5.0-150000.4.55.1 updated - kernel-default-6.4.0-150600.23.22.1 updated From sle-container-updates at lists.suse.com Tue Sep 24 08:53:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 10:53:16 +0200 (CEST) Subject: SUSE-CU-2024:4500-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240924085316.46163FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4500-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.24.6 , bci/bci-sle15-kernel-module-devel:latest Container Release : 24.6 Severity : important Type : security References : 1012628 1193454 1194869 1205462 1208783 1213123 1214285 1215199 1220066 1220252 1220877 1221326 1221630 1221645 1221652 1221857 1222254 1222335 1222350 1222364 1222372 1222387 1222433 1222434 1222463 1222625 1222633 1222634 1222808 1222967 1222973 1223053 1223074 1223191 1223395 1223635 1223720 1223731 1223742 1223763 1223767 1223777 1223803 1224105 1224415 1224485 1224496 1224510 1224535 1224631 1224636 1224690 1224694 1224700 1224711 1225475 1225582 1225607 1225717 1225718 1225744 1225745 1225751 1225814 1225832 1225838 1225903 1226031 1226127 1226502 1226530 1226588 1226604 1226743 1226751 1226765 1226798 1226801 1226834 1226874 1226885 1226920 1227149 1227182 1227383 1227437 1227492 1227493 1227494 1227618 1227620 1227623 1227627 1227634 1227706 1227722 1227724 1227725 1227728 1227729 1227732 1227733 1227734 1227747 1227750 1227754 1227758 1227760 1227761 1227764 1227766 1227770 1227771 1227772 1227774 1227781 1227784 1227785 1227787 1227790 1227791 1227792 1227796 1227798 1227799 1227802 1227808 1227810 1227811 1227812 1227815 1227816 1227818 1227820 1227823 1227824 1227826 1227828 1227829 1227830 1227832 1227833 1227834 1227839 1227840 1227846 1227849 1227851 1227853 1227863 1227864 1227865 1227867 1227869 1227870 1227883 1227884 1227891 1227893 1227929 1227950 1227957 1227981 1228020 1228021 1228114 1228192 1228195 1228202 1228235 1228236 1228237 1228247 1228321 1228409 1228410 1228426 1228427 1228429 1228446 1228447 1228449 1228450 1228452 1228456 1228457 1228458 1228459 1228460 1228462 1228463 1228466 1228467 1228468 1228469 1228470 1228472 1228479 1228480 1228481 1228482 1228483 1228484 1228485 1228486 1228487 1228489 1228491 1228492 1228493 1228494 1228495 1228496 1228499 1228500 1228501 1228502 1228503 1228505 1228508 1228509 1228510 1228511 1228513 1228515 1228516 1228518 1228520 1228525 1228527 1228530 1228531 1228539 1228561 1228563 1228564 1228565 1228567 1228568 1228572 1228576 1228579 1228580 1228581 1228582 1228584 1228586 1228588 1228590 1228591 1228599 1228615 1228616 1228617 1228625 1228626 1228633 1228635 1228636 1228640 1228643 1228644 1228646 1228649 1228650 1228654 1228655 1228656 1228658 1228660 1228662 1228665 1228666 1228667 1228672 1228673 1228674 1228677 1228680 1228687 1228705 1228706 1228707 1228708 1228709 1228710 1228718 1228720 1228721 1228722 1228723 1228724 1228726 1228727 1228733 1228737 1228743 1228748 1228754 1228756 1228757 1228758 1228764 1228766 1228779 1228801 1228849 1228850 1228857 1228959 1228964 1228966 1228967 1228973 1228977 1228978 1228979 1228986 1228988 1228989 1228991 1228992 1229005 1229024 1229028 1229042 1229045 1229046 1229054 1229056 1229086 1229134 1229136 1229154 1229156 1229160 1229167 1229168 1229169 1229170 1229171 1229172 1229173 1229174 1229239 1229240 1229241 1229243 1229244 1229245 1229246 1229247 1229248 1229249 1229250 1229251 1229252 1229253 1229254 1229255 1229256 1229287 1229290 1229291 1229292 1229294 1229296 1229297 1229298 1229299 1229301 1229303 1229304 1229305 1229307 1229309 1229312 1229313 1229314 1229315 1229316 1229317 1229318 1229319 1229320 1229327 1229341 1229342 1229344 1229345 1229346 1229347 1229349 1229350 1229351 1229353 1229354 1229355 1229356 1229357 1229358 1229359 1229360 1229365 1229366 1229369 1229370 1229373 1229374 1229379 1229381 1229382 1229383 1229386 1229388 1229390 1229391 1229392 1229395 1229398 1229399 1229400 1229402 1229403 1229404 1229407 1229409 1229410 1229411 1229413 1229414 1229417 1229444 1229451 1229452 1229455 1229456 1229480 1229481 1229482 1229484 1229485 1229486 1229487 1229488 1229489 1229490 1229493 1229495 1229496 1229497 1229500 1229503 1229707 1229739 1229743 1229746 1229747 1229752 1229754 1229755 1229756 1229759 1229761 1229767 1229781 1229784 1229785 1229787 1229788 1229789 1229792 1229820 1229827 1229830 1229837 1229940 1230056 1230350 1230413 CVE-2023-52489 CVE-2023-52581 CVE-2023-52668 CVE-2023-52688 CVE-2023-52735 CVE-2023-52859 CVE-2023-52885 CVE-2023-52886 CVE-2023-52887 CVE-2023-52889 CVE-2024-26590 CVE-2024-26631 CVE-2024-26637 CVE-2024-26668 CVE-2024-26669 CVE-2024-26677 CVE-2024-26682 CVE-2024-26683 CVE-2024-26691 CVE-2024-26735 CVE-2024-26808 CVE-2024-26809 CVE-2024-26812 CVE-2024-26835 CVE-2024-26837 CVE-2024-26849 CVE-2024-26851 CVE-2024-26889 CVE-2024-26920 CVE-2024-26944 CVE-2024-26976 CVE-2024-27010 CVE-2024-27011 CVE-2024-27024 CVE-2024-27049 CVE-2024-27050 CVE-2024-27079 CVE-2024-27403 CVE-2024-27433 CVE-2024-27437 CVE-2024-31076 CVE-2024-35854 CVE-2024-35855 CVE-2024-35897 CVE-2024-35902 CVE-2024-35913 CVE-2024-35939 CVE-2024-35949 CVE-2024-36270 CVE-2024-36286 CVE-2024-36288 CVE-2024-36489 CVE-2024-36881 CVE-2024-36907 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36929 CVE-2024-36933 CVE-2024-36939 CVE-2024-36970 CVE-2024-36979 CVE-2024-38548 CVE-2024-38563 CVE-2024-38609 CVE-2024-38662 CVE-2024-39476 CVE-2024-39483 CVE-2024-39484 CVE-2024-39486 CVE-2024-39488 CVE-2024-39489 CVE-2024-39491 CVE-2024-39493 CVE-2024-39497 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39505 CVE-2024-39506 CVE-2024-39508 CVE-2024-39509 CVE-2024-39510 CVE-2024-40899 CVE-2024-40900 CVE-2024-40902 CVE-2024-40903 CVE-2024-40904 CVE-2024-40905 CVE-2024-40909 CVE-2024-40910 CVE-2024-40911 CVE-2024-40912 CVE-2024-40913 CVE-2024-40916 CVE-2024-40920 CVE-2024-40921 CVE-2024-40922 CVE-2024-40924 CVE-2024-40926 CVE-2024-40927 CVE-2024-40929 CVE-2024-40930 CVE-2024-40932 CVE-2024-40934 CVE-2024-40936 CVE-2024-40938 CVE-2024-40939 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40944 CVE-2024-40945 CVE-2024-40954 CVE-2024-40956 CVE-2024-40957 CVE-2024-40958 CVE-2024-40959 CVE-2024-40962 CVE-2024-40964 CVE-2024-40967 CVE-2024-40976 CVE-2024-40977 CVE-2024-40978 CVE-2024-40981 CVE-2024-40982 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40989 CVE-2024-40990 CVE-2024-40992 CVE-2024-40994 CVE-2024-40995 CVE-2024-40997 CVE-2024-41000 CVE-2024-41001 CVE-2024-41002 CVE-2024-41004 CVE-2024-41007 CVE-2024-41009 CVE-2024-41010 CVE-2024-41011 CVE-2024-41012 CVE-2024-41015 CVE-2024-41016 CVE-2024-41020 CVE-2024-41022 CVE-2024-41024 CVE-2024-41025 CVE-2024-41028 CVE-2024-41032 CVE-2024-41035 CVE-2024-41036 CVE-2024-41037 CVE-2024-41038 CVE-2024-41039 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41045 CVE-2024-41048 CVE-2024-41049 CVE-2024-41050 CVE-2024-41051 CVE-2024-41056 CVE-2024-41057 CVE-2024-41058 CVE-2024-41059 CVE-2024-41060 CVE-2024-41061 CVE-2024-41062 CVE-2024-41063 CVE-2024-41064 CVE-2024-41065 CVE-2024-41066 CVE-2024-41068 CVE-2024-41069 CVE-2024-41070 CVE-2024-41071 CVE-2024-41072 CVE-2024-41073 CVE-2024-41074 CVE-2024-41075 CVE-2024-41076 CVE-2024-41078 CVE-2024-41079 CVE-2024-41080 CVE-2024-41081 CVE-2024-41084 CVE-2024-41087 CVE-2024-41088 CVE-2024-41089 CVE-2024-41092 CVE-2024-41093 CVE-2024-41094 CVE-2024-41095 CVE-2024-41096 CVE-2024-41097 CVE-2024-41098 CVE-2024-42064 CVE-2024-42069 CVE-2024-42070 CVE-2024-42073 CVE-2024-42074 CVE-2024-42076 CVE-2024-42077 CVE-2024-42079 CVE-2024-42080 CVE-2024-42082 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087 CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42093 CVE-2024-42095 CVE-2024-42096 CVE-2024-42097 CVE-2024-42098 CVE-2024-42101 CVE-2024-42104 CVE-2024-42105 CVE-2024-42106 CVE-2024-42107 CVE-2024-42109 CVE-2024-42110 CVE-2024-42113 CVE-2024-42114 CVE-2024-42115 CVE-2024-42117 CVE-2024-42119 CVE-2024-42120 CVE-2024-42121 CVE-2024-42122 CVE-2024-42124 CVE-2024-42125 CVE-2024-42126 CVE-2024-42127 CVE-2024-42130 CVE-2024-42131 CVE-2024-42132 CVE-2024-42133 CVE-2024-42136 CVE-2024-42137 CVE-2024-42138 CVE-2024-42139 CVE-2024-42141 CVE-2024-42142 CVE-2024-42143 CVE-2024-42144 CVE-2024-42145 CVE-2024-42147 CVE-2024-42148 CVE-2024-42152 CVE-2024-42153 CVE-2024-42155 CVE-2024-42156 CVE-2024-42157 CVE-2024-42158 CVE-2024-42159 CVE-2024-42161 CVE-2024-42162 CVE-2024-42223 CVE-2024-42224 CVE-2024-42225 CVE-2024-42226 CVE-2024-42227 CVE-2024-42228 CVE-2024-42229 CVE-2024-42230 CVE-2024-42232 CVE-2024-42236 CVE-2024-42237 CVE-2024-42238 CVE-2024-42239 CVE-2024-42240 CVE-2024-42241 CVE-2024-42244 CVE-2024-42245 CVE-2024-42246 CVE-2024-42247 CVE-2024-42250 CVE-2024-42253 CVE-2024-42259 CVE-2024-42268 CVE-2024-42269 CVE-2024-42270 CVE-2024-42271 CVE-2024-42274 CVE-2024-42276 CVE-2024-42277 CVE-2024-42278 CVE-2024-42279 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42290 CVE-2024-42291 CVE-2024-42292 CVE-2024-42295 CVE-2024-42298 CVE-2024-42301 CVE-2024-42302 CVE-2024-42303 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-42314 CVE-2024-42315 CVE-2024-42316 CVE-2024-42318 CVE-2024-42319 CVE-2024-42320 CVE-2024-42322 CVE-2024-43816 CVE-2024-43817 CVE-2024-43818 CVE-2024-43819 CVE-2024-43821 CVE-2024-43823 CVE-2024-43824 CVE-2024-43825 CVE-2024-43826 CVE-2024-43829 CVE-2024-43830 CVE-2024-43831 CVE-2024-43833 CVE-2024-43834 CVE-2024-43837 CVE-2024-43839 CVE-2024-43840 CVE-2024-43841 CVE-2024-43842 CVE-2024-43846 CVE-2024-43847 CVE-2024-43849 CVE-2024-43850 CVE-2024-43851 CVE-2024-43853 CVE-2024-43854 CVE-2024-43855 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43863 CVE-2024-43864 CVE-2024-43866 CVE-2024-43867 CVE-2024-43871 CVE-2024-43872 CVE-2024-43873 CVE-2024-43874 CVE-2024-43875 CVE-2024-43876 CVE-2024-43877 CVE-2024-43879 CVE-2024-43880 CVE-2024-43881 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43885 CVE-2024-43889 CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43895 CVE-2024-43897 CVE-2024-43899 CVE-2024-43900 CVE-2024-43902 CVE-2024-43903 CVE-2024-43905 CVE-2024-43906 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909 CVE-2024-43911 CVE-2024-43912 CVE-2024-44931 CVE-2024-44938 CVE-2024-44939 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3383-1 Released: Mon Sep 23 10:29:54 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1193454,1194869,1205462,1208783,1213123,1214285,1215199,1220066,1220252,1220877,1221326,1221630,1221645,1221652,1221857,1222254,1222335,1222350,1222364,1222372,1222387,1222433,1222434,1222463,1222625,1222633,1222634,1222808,1222967,1222973,1223053,1223074,1223191,1223395,1223635,1223720,1223731,1223742,1223763,1223767,1223777,1223803,1224105,1224415,1224485,1224496,1224510,1224535,1224631,1224636,1224690,1224694,1224700,1224711,1225475,1225582,1225607,1225717,1225718,1225744,1225745,1225751,1225814,1225832,1225838,1225903,1226031,1226127,1226502,1226530,1226588,1226604,1226743,1226751,1226765,1226798,1226801,1226834,1226874,1226885,1226920,1227149,1227182,1227383,1227437,1227492,1227493,1227494,1227618,1227620,1227623,1227627,1227634,1227706,1227722,1227724,1227725,1227728,1227729,1227732,1227733,1227734,1227747,1227750,1227754,1227758,1227760,1227761,1227764,1227766,1227770,1227771,1227772,1227774,1227781,1227784,1227785,1227787,1227790,1227791,1227792,1227796,1 227798,1227799,1227802,1227808,1227810,1227811,1227812,1227815,1227816,1227818,1227820,1227823,1227824,1227826,1227828,1227829,1227830,1227832,1227833,1227834,1227839,1227840,1227846,1227849,1227851,1227853,1227863,1227864,1227865,1227867,1227869,1227870,1227883,1227884,1227891,1227893,1227929,1227950,1227957,1227981,1228020,1228021,1228114,1228192,1228195,1228202,1228235,1228236,1228237,1228247,1228321,1228409,1228410,1228426,1228427,1228429,1228446,1228447,1228449,1228450,1228452,1228456,1228457,1228458,1228459,1228460,1228462,1228463,1228466,1228467,1228468,1228469,1228470,1228472,1228479,1228480,1228481,1228482,1228483,1228484,1228485,1228486,1228487,1228489,1228491,1228492,1228493,1228494,1228495,1228496,1228499,1228500,1228501,1228502,1228503,1228505,1228508,1228509,1228510,1228511,1228513,1228515,1228516,1228518,1228520,1228525,1228527,1228530,1228531,1228539,1228561,1228563,1228564,1228565,1228567,1228568,1228572,1228576,1228579,1228580,1228581,1228582,1228584,1228586,122858 8,1228590,1228591,1228599,1228615,1228616,1228617,1228625,1228626,1228633,1228635,1228636,1228640,1228643,1228644,1228646,1228649,1228650,1228654,1228655,1228656,1228658,1228660,1228662,1228665,1228666,1228667,1228672,1228673,1228674,1228677,1228680,1228687,1228705,1228706,1228707,1228708,1228709,1228710,1228718,1228720,1228721,1228722,1228723,1228724,1228726,1228727,1228733,1228737,1228743,1228748,1228754,1228756,1228757,1228758,1228764,1228766,1228779,1228801,1228849,1228850,1228857,1228959,1228964,1228966,1228967,1228973,1228977,1228978,1228979,1228986,1228988,1228989,1228991,1228992,1229005,1229024,1229042,1229045,1229046,1229054,1229056,1229086,1229134,1229136,1229154,1229156,1229160,1229167,1229168,1229169,1229170,1229171,1229172,1229173,1229174,1229239,1229240,1229241,1229243,1229244,1229245,1229246,1229247,1229248,1229249,1229250,1229251,1229252,1229253,1229254,1229255,1229256,1229287,1229290,1229291,1229292,1229294,1229296,1229297,1229298,1229299,1229301,1229303,1229304,122 9305,1229307,1229309,1229312,1229313,1229314,1229315,1229316,1229317,1229318,1229319,1229320,1229327,1229341,1229342,1229344,1229345,1229346,1229347,1229349,1229350,1229351,1229353,1229354,1229355,1229356,1229357,1229358,1229359,1229360,1229365,1229366,1229369,1229370,1229373,1229374,1229379,1229381,1229382,1229383,1229386,1229388,1229390,1229391,1229392,1229395,1229398,1229399,1229400,1229402,1229403,1229404,1229407,1229409,1229410,1229411,1229413,1229414,1229417,1229444,1229451,1229452,1229455,1229456,1229480,1229481,1229482,1229484,1229485,1229486,1229487,1229488,1229489,1229490,1229493,1229495,1229496,1229497,1229500,1229503,1229707,1229739,1229743,1229746,1229747,1229752,1229754,1229755,1229756,1229759,1229761,1229767,1229781,1229784,1229785,1229787,1229788,1229789,1229792,1229820,1229827,1229830,1229837,1229940,1230056,1230350,1230413,CVE-2023-52489,CVE-2023-52581,CVE-2023-52668,CVE-2023-52688,CVE-2023-52735,CVE-2023-52859,CVE-2023-52885,CVE-2023-52886,CVE-2023-52887,CVE-2023- 52889,CVE-2024-26590,CVE-2024-26631,CVE-2024-26637,CVE-2024-26668,CVE-2024-26669,CVE-2024-26677,CVE-2024-26682,CVE-2024-26683,CVE-2024-26691,CVE-2024-26735,CVE-2024-26808,CVE-2024-26809,CVE-2024-26812,CVE-2024-26835,CVE-2024-26837,CVE-2024-26849,CVE-2024-26851,CVE-2024-26889,CVE-2024-26920,CVE-2024-26944,CVE-2024-26976,CVE-2024-27010,CVE-2024-27011,CVE-2024-27024,CVE-2024-27049,CVE-2024-27050,CVE-2024-27079,CVE-2024-27403,CVE-2024-27433,CVE-2024-27437,CVE-2024-31076,CVE-2024-35854,CVE-2024-35855,CVE-2024-35897,CVE-2024-35902,CVE-2024-35913,CVE-2024-35939,CVE-2024-35949,CVE-2024-36270,CVE-2024-36286,CVE-2024-36288,CVE-2024-36489,CVE-2024-36881,CVE-2024-36907,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36929,CVE-2024-36933,CVE-2024-36939,CVE-2024-36970,CVE-2024-36979,CVE-2024-38548,CVE-2024-38563,CVE-2024-38609,CVE-2024-38662,CVE-2024-39476,CVE-2024-39483,CVE-2024-39484,CVE-2024-39486,CVE-2024-39488,CVE-2024-39489,CVE-2024-39491,CVE-2024-39493,CVE-2024-39497,CVE-2024-39499,C VE-2024-39500,CVE-2024-39501,CVE-2024-39505,CVE-2024-39506,CVE-2024-39508,CVE-2024-39509,CVE-2024-39510,CVE-2024-40899,CVE-2024-40900,CVE-2024-40902,CVE-2024-40903,CVE-2024-40904,CVE-2024-40905,CVE-2024-40909,CVE-2024-40910,CVE-2024-40911,CVE-2024-40912,CVE-2024-40913,CVE-2024-40916,CVE-2024-40920,CVE-2024-40921,CVE-2024-40922,CVE-2024-40924,CVE-2024-40926,CVE-2024-40927,CVE-2024-40929,CVE-2024-40930,CVE-2024-40932,CVE-2024-40934,CVE-2024-40936,CVE-2024-40938,CVE-2024-40939,CVE-2024-40941,CVE-2024-40942,CVE-2024-40943,CVE-2024-40944,CVE-2024-40945,CVE-2024-40954,CVE-2024-40956,CVE-2024-40957,CVE-2024-40958,CVE-2024-40959,CVE-2024-40962,CVE-2024-40964,CVE-2024-40967,CVE-2024-40976,CVE-2024-40977,CVE-2024-40978,CVE-2024-40981,CVE-2024-40982,CVE-2024-40984,CVE-2024-40987,CVE-2024-40988,CVE-2024-40989,CVE-2024-40990,CVE-2024-40992,CVE-2024-40994,CVE-2024-40995,CVE-2024-40997,CVE-2024-41000,CVE-2024-41001,CVE-2024-41002,CVE-2024-41004,CVE-2024-41007,CVE-2024-41009,CVE-2024-41010,CVE-2024 -41011,CVE-2024-41012,CVE-2024-41015,CVE-2024-41016,CVE-2024-41020,CVE-2024-41022,CVE-2024-41024,CVE-2024-41025,CVE-2024-41028,CVE-2024-41032,CVE-2024-41035,CVE-2024-41036,CVE-2024-41037,CVE-2024-41038,CVE-2024-41039,CVE-2024-41040,CVE-2024-41041,CVE-2024-41044,CVE-2024-41045,CVE-2024-41048,CVE-2024-41049,CVE-2024-41050,CVE-2024-41051,CVE-2024-41056,CVE-2024-41057,CVE-2024-41058,CVE-2024-41059,CVE-2024-41060,CVE-2024-41061,CVE-2024-41062,CVE-2024-41063,CVE-2024-41064,CVE-2024-41065,CVE-2024-41066,CVE-2024-41068,CVE-2024-41069,CVE-2024-41070,CVE-2024-41071,CVE-2024-41072,CVE-2024-41073,CVE-2024-41074,CVE-2024-41075,CVE-2024-41076,CVE-2024-41078,CVE-2024-41079,CVE-2024-41080,CVE-2024-41081,CVE-2024-41084,CVE-2024-41087,CVE-2024-41088,CVE-2024-41089,CVE-2024-41092,CVE-2024-41093,CVE-2024-41094,CVE-2024-41095,CVE-2024-41096,CVE-2024-41097,CVE-2024-41098,CVE-2024-42064,CVE-2024-42069,CVE-2024-42070,CVE-2024-42073,CVE-2024-42074,CVE-2024-42076,CVE-2024-42077,CVE-2024-42079,CVE-2024-42080, CVE-2024-42082,CVE-2024-42085,CVE-2024-42086,CVE-2024-42087,CVE-2024-42089,CVE-2024-42090,CVE-2024-42092,CVE-2024-42093,CVE-2024-42095,CVE-2024-42096,CVE-2024-42097,CVE-2024-42098,CVE-2024-42101,CVE-2024-42104,CVE-2024-42105,CVE-2024-42106,CVE-2024-42107,CVE-2024-42109,CVE-2024-42110,CVE-2024-42113,CVE-2024-42114,CVE-2024-42115,CVE-2024-42117,CVE-2024-42119,CVE-2024-42120,CVE-2024-42121,CVE-2024-42122,CVE-2024-42124,CVE-2024-42125,CVE-2024-42126,CVE-2024-42127,CVE-2024-42130,CVE-2024-42131,CVE-2024-42132,CVE-2024-42133,CVE-2024-42136,CVE-2024-42137,CVE-2024-42138,CVE-2024-42139,CVE-2024-42141,CVE-2024-42142,CVE-2024-42143,CVE-2024-42144,CVE-2024-42145,CVE-2024-42147,CVE-2024-42148,CVE-2024-42152,CVE-2024-42153,CVE-2024-42155,CVE-2024-42156,CVE-2024-42157,CVE-2024-42158,CVE-2024-42159,CVE-2024-42161,CVE-2024-42162,CVE-2024-42223,CVE-2024-42224,CVE-2024-42225,CVE-2024-42226,CVE-2024-42227,CVE-2024-42228,CVE-2024-42229,CVE-2024-42230,CVE-2024-42232,CVE-2024-42236,CVE-2024-42237,CVE-202 4-42238,CVE-2024-42239,CVE-2024-42240,CVE-2024-42241,CVE-2024-42244,CVE-2024-42245,CVE-2024-42246,CVE-2024-42247,CVE-2024-42250,CVE-2024-42253,CVE-2024-42259,CVE-2024-42268,CVE-2024-42269,CVE-2024-42270,CVE-2024-42271,CVE-2024-42274,CVE-2024-42276,CVE-2024-42277,CVE-2024-42278,CVE-2024-42279,CVE-2024-42280,CVE-2024-42281,CVE-2024-42283,CVE-2024-42284,CVE-2024-42285,CVE-2024-42286,CVE-2024-42287,CVE-2024-42288,CVE-2024-42289,CVE-2024-42290,CVE-2024-42291,CVE-2024-42292,CVE-2024-42295,CVE-2024-42298,CVE-2024-42301,CVE-2024-42302,CVE-2024-42303,CVE-2024-42308,CVE-2024-42309,CVE-2024-42310,CVE-2024-42311,CVE-2024-42312,CVE-2024-42313,CVE-2024-42314,CVE-2024-42315,CVE-2024-42316,CVE-2024-42318,CVE-2024-42319,CVE-2024-42320,CVE-2024-42322,CVE-2024-43816,CVE-2024-43817,CVE-2024-43818,CVE-2024-43819,CVE-2024-43821,CVE-2024-43823,CVE-2024-43824,CVE-2024-43825,CVE-2024-43826,CVE-2024-43829,CVE-2024-43830,CVE-2024-43831,CVE-2024-43833,CVE-2024-43834,CVE-2024-43837,CVE-2024-43839,CVE-2024-43840 ,CVE-2024-43841,CVE-2024-43842,CVE-2024-43846,CVE-2024-43847,CVE-2024-43849,CVE-2024-43850,CVE-2024-43851,CVE-2024-43853,CVE-2024-43854,CVE-2024-43855,CVE-2024-43856,CVE-2024-43858,CVE-2024-43860,CVE-2024-43861,CVE-2024-43863,CVE-2024-43864,CVE-2024-43866,CVE-2024-43867,CVE-2024-43871,CVE-2024-43872,CVE-2024-43873,CVE-2024-43874,CVE-2024-43875,CVE-2024-43876,CVE-2024-43877,CVE-2024-43879,CVE-2024-43880,CVE-2024-43881,CVE-2024-43882,CVE-2024-43883,CVE-2024-43884,CVE-2024-43885,CVE-2024-43889,CVE-2024-43892,CVE-2024-43893,CVE-2024-43894,CVE-2024-43895,CVE-2024-43897,CVE-2024-43899,CVE-2024-43900,CVE-2024-43902,CVE-2024-43903,CVE-2024-43905,CVE-2024-43906,CVE-2024-43907,CVE-2024-43908,CVE-2024-43909,CVE-2024-43911,CVE-2024-43912,CVE-2024-44931,CVE-2024-44938,CVE-2024-44939 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in starting tx ba session (bsc#1229827). - CVE-2024-43899: drm/amd/display: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43880: kabi: lib: objagg: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-43864: net/mlx5e: Fix CT entry update leaks of modify header context (bsc#1229496). - CVE-2024-43855: md: fix deadlock between mddev_suspend and flush bio (bsc#1229342). - CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-43850: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove (bsc#1229316). - CVE-2024-43839: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-43837: bpf: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-43834: xdp: fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43821: scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42318: landlock: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2024-42316: mm/mglru: fix div-by-zero in vmpressure_calc_level() (bsc#1229353). - CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-42308: Update DRM patch reference (bsc#1229411) - CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-42295: nilfs2: handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-42291: ice: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42290: irqchip/imx-irqsteer: Handle runtime power management correctly (bsc#1229379). - CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: net: nexthop: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-42277: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-42270: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init() (bsc#1229404). - CVE-2024-42269: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init() (bsc#1229402). - CVE-2024-42268: net/mlx5: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-42247: wireguard: allowedips: avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42245: Revert 'sched/fair: Make sure to try to detach at least one movable task' (bsc#1228978). - CVE-2024-42241: mm/shmem: disable PMD-sized page cache if needed (bsc#1228986). - CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723). - CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-42159: scsi: mpi3mr: fix sanitise num_phys (bsc#1228754). - CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727). - CVE-2024-42156: s390/pkey: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). - CVE-2024-42142: net/mlx5: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42139: ice: Fix improper extts handling (bsc#1228503). - CVE-2024-42138: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file (bsc#1228500). - CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-42113: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568). - CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42109: netfilter: nf_tables: unconditionally flush pending work before notifier (bsc#1228505). - CVE-2024-42107: ice: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42095: serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-42073: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems (bsc#1228457). - CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-41084: cxl/region: Avoid null pointer dereference in region lookup (bsc#1228472). - CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617). - CVE-2024-41080: io_uring: fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-41075: cachefiles: add consistency check for copen/cread (bsc#1228646). - CVE-2024-41074: cachefiles: Set object to close if ondemand_id < 0 in copen (bsc#1228643). - CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640). - CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576). - CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41051: cachefiles: wait for ondemand_object_worker to finish when dropping object (bsc#1228468). - CVE-2024-41050: cachefiles: cyclic allocation of msg_id to avoid reuse (bsc#1228499). - CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-41036: net: ks8851: Fix deadlock with the SPI chip variant (bsc#1228496). - CVE-2024-41032: mm: vmalloc: check if a hash-index is in cpu_possible_mask (bsc#1228460). - CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41010: bpf: Fix too early release of tcx_entry (bsc#1228021). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-41007: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867). - CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40957: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (bsc#1227811). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-40939: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (bsc#1227799). - CVE-2024-40938: landlock: fix d_parent walk (bsc#1227840). - CVE-2024-40921: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (bsc#1227784). - CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (bsc#1227781). - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-40905: ipv6: fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-36979: net: bridge: mst: fix vlan use-after-free (bsc#1226604). - CVE-2024-36933: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-36929: net: core: reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36881: mm/userfaultfd: Fix reset ptes when close() for wr-protected (bsc#1225718). - CVE-2024-36489: tls: fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798) - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-35897: netfilter: nf_tables: discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711). - CVE-2024-27403: kabi: restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27079: iommu/vt-d: Fix NULL domain on device release (bsc#1223742). - CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777). - CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803). - CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-26835: netfilter: nf_tables: set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808). - CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path (bsc#1222633). - CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-26677: blacklist.conf: Add e7870cf13d20 ('rxrpc: Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-26669: kABI fix for net/sched: flower: Fix chain template offload (bsc#1222350). - CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26631: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-26590: erofs: fix inconsistent per-file compression format (bsc#1220252). - CVE-2023-52889: apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287). - CVE-2023-52859: perf: hisi: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2023-52581: netfilter: nf_tables: fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326). The following non-security bugs were fixed: - ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (git-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (stable-fixes). - ACPI: battery: create alarm sysfs attribute atomically (stable-fixes). - ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead() (git-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes). - ALSA: hda/realtek - Fixed ALC285 headphone no sound (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (stable-fixes). - ALSA: hda/realtek: Add support for new HP G12 laptops (stable-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (stable-fixes). - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra (stable-fixes). - ALSA: hda/realtek: Implement sound init sequence for Samsung Galaxy Book3 Pro 360 (stable-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (stable-fixes). - ALSA: hda/tas2781: Use correct endian conversion (git-fixes). - ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes). - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Skip event type filtering for UMP events (git-fixes). - ALSA: seq: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: seq: ump: Optimize conversions from SysEx to UMP (git-fixes). - ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: seq: ump: Use the common RPN/bank conversion context (stable-fixes). - ALSA: timer: Relax start tick time check for slave timer elements (git-fixes). - ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes). - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes). - ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: amd: Fix for acp init sequence (git-fixes). - ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data (stable-fixes). - ASoC: SOF: mediatek: Add missing board compatible (stable-fixes). - ASoC: allow module autoloading for table board_ids (stable-fixes). - ASoC: allow module autoloading for table db1200_pids (stable-fixes). - ASoC: amd: acp: fix module autoloading (git-fixes). - ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx (bsc#1227182). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio (stable-fixes). - Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Add error handling to pair_device() (git-fixes). - Bluetooth: SMP: Fix assumption of Central always being Initiator (git-fixes). - Bluetooth: bnep: Fix out-of-bound access (stable-fixes). - Bluetooth: btintel: Fail setup on error (git-fixes). - Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading (stable-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (stable-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (stable-fixes). - Bluetooth: hci_conn: Check non NULL function before calling for HFP offload (stable-fixes). - Bluetooth: hci_core: Fix LE quote calculation (git-fixes). - Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes). - Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (git-fixes). - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes). - Drop libata patch that caused a regression (bsc#1229054) - HID: wacom: Defer calculation of resolution until resolution_code is known (git-fixes). - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1229056). - Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 (stable-fixes). - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination (stable-fixes). - KVM: Always flush async #PF workqueue when vCPU is being destroyed (git-fixes). - KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY (git-fixes). - KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE (bsc#1215199). - KVM: Protect vcpu->pid dereference via debugfs with RCU (git-fixes). - KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes). - KVM: Stop processing *all* memslots when 'null' mmu_notifier handler is found (git-fixes). - KVM: VMX: Move posted interrupt descriptor out of VMX code (git-fixes). - KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (git-fixes). - KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in vmx_exit() (git-fixes). - KVM: arm64: AArch32: Fix spurious trapping of conditional instructions (git-fixes). - KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes). - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes). - KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes). - KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes). - KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes) - KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes). - KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 (git-fixes). - KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init() (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes). - KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes). - KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes). - KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy() (git-fixes). - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (git-fixes). - KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes). - KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes). - KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector (git-fixes). - KVM: nVMX: Check for pending posted interrupts when looking for nested events (git-fixes). - KVM: nVMX: Request immediate exit iff pending nested event needs injection (git-fixes). - KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - KVM: s390: fix validity interception issue when gisa is switched off (git-fixes bsc#1229167). - KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE (git-fixes). - KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes). - Move upstreamed powerpc patches into sorted section - Move upstreamed sound patches into sorted section - Moved upstreamed ASoC patch into sorted section - NFSD: Support write delegations in LAYOUTGET (git-fixes). - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes). - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes). - RDMA/cache: Release GID table even if leak is detected (git-fixes) - RDMA/device: Return error earlier if port in not valid (git-fixes) - RDMA/hns: Check atomic wr length (git-fixes) - RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes) - RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes) - RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes). - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes) - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes) - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783). - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783). - Revert 'KVM: Prevent module exit until all VMs are freed' (git-fixes). - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (git-fixes). - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (git-fixes). - Revert 'misc: fastrpc: Restrict untrusted app to attach to privileged PD' (git-fixes). - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413). - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413). - Revert 'usb: gadget: uvc: cleanup request when not in correct state' (stable-fixes). - Revert 'usb: typec: tcpm: clear pd_event queue in PORT_RESET' (git-fixes). - SUNRPC: Fix a race to wake a sync task (git-fixes). - SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - Squashfs: fix variable overflow triggered by sysbot (git-fixes). - USB: serial: debug: do not echo input by default (stable-fixes). - Update config files. Disable CONFIG_KFENCE on ppc64le (bsc#1226920) - Update config files. Disable vdpa drivers for Alibaba ENI and SolidNET (jsc#PED-8954, bsc#1227834) - Update patch references for ASoC regression fixes (bsc#1229045, bsc#1229046) - afs: fix __afs_break_callback() / afs_drop_open_mmap() race (git-fixes). - apparmor: unpack transition table if dfa is not present (bsc#1226031). - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes) - arm64: barrier: Restore spec_bar() macro (git-fixes) - arm64: cputype: Add Cortex-A720 definitions (git-fixes) - arm64: cputype: Add Cortex-A725 definitions (git-fixes) - arm64: cputype: Add Cortex-X1C definitions (git-fixes) - arm64: cputype: Add Cortex-X3 definitions (git-fixes) - arm64: cputype: Add Cortex-X4 definitions (git-fixes) - arm64: cputype: Add Cortex-X925 definitions (git-fixes) - arm64: cputype: Add Neoverse-V3 definitions (git-fixes) - arm64: dts: imx8mp: Add NPU Node (git-fixes) - arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes) - arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes) - arm64: dts: imx8mp: add HDMI power-domains (git-fixes) - arm64: errata: Expand speculative SSBS workaround (again) (git-fixes) - arm64: errata: Expand speculative SSBS workaround (git-fixes) - arm64: errata: Unify speculative SSBS errata logic (git-fixes). Update config files. - arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes) - ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 (stable-fixes). - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (stable-fixes). - blacklist.conf: Add libata upstream revert entry (bsc#1229054) - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes) - bpf, lpm: Fix check prefixlen before walking trie (git-fixes). - bpf/tests: Remove duplicate JSGT tests (git-fixes). - bpf: Add crosstask check to __bpf_get_stack (git-fixes). - bpf: Detect IP == ksym.end as part of BPF program (git-fixes). - bpf: Ensure proper register state printing for cond jumps (git-fixes). - bpf: Fix a few selftest failures due to llvm18 change (git-fixes). - bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903). - bpf: Fix check_stack_write_fixed_off() to correctly spill imm (git-fixes). - bpf: Fix kfunc callback register type handling (git-fixes). - bpf: Fix prog_array_map_poke_run map poke update (git-fixes). - bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes). - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (git-fixes). - bpf: Remove unnecessary wait from bpf_map_copy_value() (git-fixes). - bpf: Set uattr->batch.count as zero before batched update or deletion (git-fixes). - bpf: do not infer PTR_TO_CTX for programs with unnamed context type (git-fixes). - bpf: enforce precision of R0 on callback return (git-fixes). - bpf: extract bpf_ctx_convert_map logic and make it more reusable (git-fixes). - bpf: fix control-flow graph checking in privileged mode (git-fixes). - bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX global arg (git-fixes). - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() (git-fixes). - bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes). - bpf: simplify btf_get_prog_ctx_type() into btf_is_prog_ctx_type() (git-fixes). - bpftool: Align output skeleton ELF code (git-fixes). - bpftool: Fix -Wcast-qual warning (git-fixes). - bpftool: Silence build warning about calloc() (git-fixes). - bpftool: mark orphaned programs during prog show (git-fixes). - btrfs: add a btrfs_finish_ordered_extent helper (git-fixes). - btrfs: add a is_data_bbio helper (git-fixes). - btrfs: add an ordered_extent pointer to struct btrfs_bio (git-fixes). - btrfs: copy dir permission and time when creating a stub subvolume (bsc#1228321). - btrfs: ensure fast fsync waits for ordered extents after a write failure (git-fixes). - btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes). - btrfs: factor out a can_finish_ordered_extent helper (git-fixes). - btrfs: fix corruption after buffer fault in during direct IO append write (git-fixes). - btrfs: fix double inode unlock for direct IO sync writes (git-fixes). - btrfs: fix extent map use-after-free when adding pages to compressed bio (git-fixes). - btrfs: fix leak of qgroup extent records after transaction abort (git-fixes). - btrfs: fix ordered extent split error handling in btrfs_dio_submit_io (git-fixes). - btrfs: limit write bios to a single ordered extent (git-fixes). - btrfs: make btrfs_finish_ordered_extent() return void (git-fixes). - btrfs: merge the two calls to btrfs_add_ordered_extent in run_delalloc_nocow (git-fixes). - btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io (git-fixes). - btrfs: open code end_extent_writepage in end_bio_extent_writepage (git-fixes). - btrfs: pass a btrfs_inode to btrfs_fdatawrite_range() (git-fixes). - btrfs: pass a btrfs_inode to btrfs_wait_ordered_range() (git-fixes). - btrfs: pass an ordered_extent to btrfs_reloc_clone_csums (git-fixes). - btrfs: pass an ordered_extent to btrfs_submit_compressed_write (git-fixes). - btrfs: remove btrfs_add_ordered_extent (git-fixes). - btrfs: rename err to ret in btrfs_direct_write() (git-fixes). - btrfs: uninline some static inline helpers from tree-log.h (git-fixes). - btrfs: use a btrfs_inode in the log context (struct btrfs_log_ctx) (git-fixes). - btrfs: use a btrfs_inode local variable at btrfs_sync_file() (git-fixes). - btrfs: use bbio->ordered in btrfs_csum_one_bio (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete buffered writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete compressed writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete direct writes (git-fixes). - btrfs: use irq safe locking when running and adding delayed iputs (git-fixes). - cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode (bsc#1229245). - cachefiles: add missing lock protection when polling (bsc#1229256). - cachefiles: add restore command to recover inflight ondemand read requests (bsc#1229244). - cachefiles: add spin_lock for cachefiles_ondemand_info (bsc#1229249). - cachefiles: cancel all requests for the object that is being dropped (bsc#1229255). - cachefiles: defer exposing anon_fd until after copy_to_user() succeeds (bsc#1229251). - cachefiles: extract ondemand info field from cachefiles_object (bsc#1229240). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() (bsc#1229247). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() (bsc#1229246). - cachefiles: introduce object ondemand state (bsc#1229239). - cachefiles: make on-demand read killable (bsc#1229252). - cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode (bsc#1229243). - cachefiles: never get a new anonymous fd if ondemand_id is valid (bsc#1229250). - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229253). - cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() (bsc#1229248). - cachefiles: resend an open request if the read request's object is closed (bsc#1229241). - cachefiles: stop sending new request when dropping object (bsc#1229254). - can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum (stable-fixes). - can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - ceph: periodically flush the cap releases (bsc#1230056). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - char: xillybus: Check USB endpoints when probing device (git-fixes). - char: xillybus: Do not destroy workqueue from work item running on it (stable-fixes). - char: xillybus: Refine workqueue handling (git-fixes). - clk: en7523: fix rate divider for slic and spi clocks (git-fixes). - clk: qcom: Park shared RCGs upon registration (git-fixes). - clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags (git-fixes). - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (git-fixes). - clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags (git-fixes). - clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's (git-fixes). - clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error (git-fixes). - clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider (stable-fixes). - clocksource/drivers/sh_cmt: Address race condition for clock events (stable-fixes). - cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - dev/parport: fix the array out-of-bounds risk (stable-fixes). - device property: Add cleanup.h based fwnode_handle_put() scope based cleanup (stable-fixes). - dmaengine: dw: Add memory bus width verification (git-fixes). - dmaengine: dw: Add peripheral bus width verification (git-fixes). - docs: KVM: Fix register ID of SPSR_FIQ (git-fixes). - driver core: Fix uevent_show() vs driver detach race (git-fixes). - drm/admgpu: fix dereferencing null pointer context (stable-fixes). - drm/amd/display: Add delay to improve LTTPR UHBR interop (stable-fixes). - drm/amd/display: Add null checker before passing variables (stable-fixes). - drm/amd/display: Adjust cursor position (git-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes). - drm/amd/display: avoid using null object of framebuffer (git-fixes). - drm/amd/display: fix cursor offset on rotation 180 (git-fixes). - drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes). - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - drm/amdgpu/jpeg4: properly set atomics vmid field (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 (git-fixes). - drm/amdgpu: Actually check flags for all context ops (stable-fixes). - drm/amdgpu: Add lock around VF RLCG interface (stable-fixes). - drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes). - drm/amdgpu: Forward soft recovery errors to userspace (stable-fixes). - drm/amdgpu: Validate TA binary size (stable-fixes). - drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - drm/amdgpu: fix potential resource leak warning (stable-fixes). - drm/amdgpu: reset vm state machine after gpu reset(vram lost) (stable-fixes). - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes). - drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (git-fixes). - drm/i915/gem: Adjust vma offset for framebuffer mmap offset (stable-fixes). - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (git-fixes). - drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes). - drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() (git-fixes). - drm/lima: set gp bus_stop bit before hard reset (stable-fixes). - drm/mediatek/dp: Fix spurious kfree() (git-fixes). - drm/msm/dp: fix the max supported bpp logic (git-fixes). - drm/msm/dp: reset the link phy params before link training (git-fixes). - drm/msm/dpu: capture snapshot on the first commit_done timeout (stable-fixes). - drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes). - drm/msm/dpu: do not play tricks with debug macros (git-fixes). - drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes). - drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() (git-fixes). - drm/msm/dpu: split dpu_encoder_wait_for_event into two functions (stable-fixes). - drm/msm/dpu: take plane rotation into account for wide planes (git-fixes). - drm/msm/dpu: try multirect based on mdp clock limits (stable-fixes). - drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys (stable-fixes). - drm/msm/mdss: Rename path references to mdp_path (stable-fixes). - drm/msm/mdss: switch mdss to use devm_of_icc_get() (stable-fixes). - drm/msm: Reduce fallout of fence signaling vs reclaim hangs (stable-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels (stable-fixes). - drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c (bsc#1229024). - drm/radeon: Remove __counted_by from StateArray.states[] (git-fixes). - drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode (stable-fixes). - drm/virtio: Fix type of dma-fence context variable (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - drm/vmwgfx: Fix prime with external buffers (git-fixes). - efi/libstub: Zero initialize heap allocated struct screen_info (git-fixes). - evm: do not copy up 'security.evm' xattr (git-fixes). - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid (stable-fixes). - fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229455). - fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229456). - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes). - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes). - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - gfs2: setattr_chown: Add missing initialization (git-fixes). - gpio: mlxbf3: Support shutdown() function (git-fixes). - gpio: prevent potential speculation leaks in gpio_device_get_desc() (stable-fixes). - gpio: sysfs: extend the critical section for unregistering sysfs devices (stable-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - hwmon: (ltc2992) Avoid division by zero (stable-fixes). - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (git-fixes). - hwmon: (pc87360) Bounds check data->innr usage (stable-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: riic: avoid potential division by zero (stable-fixes). - i2c: smbus: Improve handling of stuck alerts (git-fixes). - i2c: smbus: Send alert notifications to all devices if source not found (git-fixes). - i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes). - i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (stable-fixes). - i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (stable-fixes). - i915/perf: Remove code to update PWR_CLK_STATE for gen12 (git-fixes). - ice: Fix NULL pointer access, if PF does not support SRIOV_LAG (bsc#1228737). - io_uring/advise: support 64-bit lengths (git-fixes). - io_uring: Drop per-ctx dummy_ubuf (git-fixes). - io_uring: Fix probe of disabled operations (git-fixes). - io_uring: fix io_match_task must_hold (git-fixes). - io_uring: tighten task exit cancellations (git-fixes). - iommu/amd: Convert comma to semicolon (git-fixes). - iommu/vt-d: Fix identity map bounds in si_domain_init() (git-fixes). - iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace() (git-fixes). - ip6_tunnel: Fix broken GRO (bsc#1229444). - ipv6: sr: fix incorrect unregister order (git-fixes). - irqdomain: Fixed unbalanced fwnode get and put (git-fixes). - jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes). - jfs: define xtree root and page independently (git-fixes). - jfs: fix null ptr deref in dtInsertEntry (git-fixes). - jump_label: Clarify condition in static_key_fast_inc_not_disabled() (git-fixes). - jump_label: Fix concurrency issues in static_key_slow_dec() (git-fixes). - jump_label: Fix the fix, brown paper bags galore (git-fixes). - jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() (git-fixes). - kABI fix of: virtio-crypto: handle config changed by work queue (git-fixes). - kABI workaround for sound core UMP conversion (stable-fixes). - kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi: more build fix without patches.kabi (bsc#1226502) - kcov: properly check for softirq context (git-fixes). - kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042). - kernel-binary: generate and install compile_commands.json (bsc#1228971). - kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() (bsc#1229134). - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files (git-fixes). - kprobes: Fix to check symbol prefixes correctly (git-fixes). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - kvm: s390: Reject memory region operations for ucontrol VMs (git-fixes bsc#1229168). - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API (git-fixes). - libbpf: Apply map_set_def_max_entries() for inner_maps on creation (git-fixes). - libbpf: Fix faccessat() usage on Android (git-fixes). - libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: keeping kabi compatibility for upstream commit 35a0a409fa26 (bsc#1223395). - md/md-bitmap: fix writing non bitmap pages (git-fixes). - md/raid1: set max_sectors during early return from choose_slow_rdev() (git-fixes). - md/raid1: support read error check (git-fixes). - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (git-fixes). - md/raid5: fix spares errors about rcu usage (git-fixes). - md/raid5: recheck if reshape has finished with device_lock held (git-fixes). - md: Do not wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl (git-fixes). - md: add a mddev_add_trace_msg helper (git-fixes). - md: add check for sleepers in md_wakeup_thread() (git-fixes). - md: change the return value type of md_write_start to void (git-fixes). - md: do not account sync_io if iostats of the disk is disabled (git-fixes). - md: do not delete safemode_timer in mddev_suspend (git-fixes). - md: factor out a helper exceed_read_errors() to check read_errors (git-fixes). - md: fix a suspicious RCU usage warning (git-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: amphion: Remove lock in s_ctrl callback (stable-fixes). - media: drivers/media/dvb-core: copy user arrays safely (stable-fixes). - media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes). - media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 (git-fixes). - media: uvcvideo: Disable autosuspend for Insta360 Link (stable-fixes). - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (stable-fixes). - media: uvcvideo: Ignore empty TS packets (stable-fixes). - media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 (stable-fixes). - media: xc2028: avoid use-after-free in load_firmware_cb() (stable-fixes). - memcg: protect concurrent access to mem_cgroup_idr (git-fixes). - memory: stm32-fmc2-ebi: check regmap_read return value (stable-fixes). - memory: tegra: Skip SID programming if SID registers are not set (stable-fixes). - minmax: add a few more MIN_T/MAX_T users (bsc#1229024). - minmax: avoid overly complicated constant expressions in VM code (bsc#1229024). - minmax: do not use max() in situations that want a C constant expression (bsc#1229024). - minmax: fix up min3() and max3() too (bsc#1229024). - minmax: improve macro expansion and type checking (bsc#1229024). - minmax: make generic MIN() and MAX() macros available everywhere (bsc#1229024). - minmax: simplify and clarify min_t()/max_t() implementation (bsc#1229024). - minmax: simplify min()/max()/clamp() implementation (bsc#1229024). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes). - mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes). - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail (git-fixes). - net/iucv: fix the allocation size of iucv_path_table array (git-fixes bsc#1229451). - net/iucv: fix use after free in iucv_sock_close() (bsc#1228973). - net/rds: fix possible cp null dereference (git-fixes). - net/sched: initialize noop_qdisc owner (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() (git-fixes). - net: fix sk_memory_allocated_{add|sub} vs softirqs (bsc#1228757). - net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - net: missing check virtio (git-fixes). - net: phy: micrel: Fix the KSZ9131 MDI-X status issue (git-fixes). - net: phy: realtek: add support for RTL8366S Gigabit PHY (git-fixes). - net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc: pn533: Add poll mod list filling check (git-fixes). - nfs: do not invalidate dentries on transient errors (git-fixes). - nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - nfs: make the rpc_stat per net namespace (git-fixes). - nfs: pass explicit offset/count to trace events (git-fixes). - nfs: propagate readlink errors in nfs_symlink_filler (git-fixes). - nouveau/firmware: use dma non-coherent allocator (git-fixes). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-multipath: implement 'queue-depth' iopolicy (bsc#1227706). - nvme-multipath: prepare for 'queue-depth' iopolicy (bsc#1227706). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: do not directly handle subsys reset fallout (bsc#1220066). - nvme-sysfs: add 'tls_configured_key' sysfs attribute (bsc#1221857). - nvme-sysfs: add 'tls_keyring' attribute (bsc#1221857). - nvme-tcp: check for invalidated or revoked key (bsc#1221857). - nvme-tcp: sanitize TLS key handling (bsc#1221857). - nvme: add a newline to the 'tls_key' sysfs attribute (bsc#1221857). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: split off TLS sysfs attributes into a separate group (bsc#1221857). - nvme: tcp: remove unnecessary goto statement (bsc#1221857). - nvme_core: scan namespaces asynchronously (bsc#1224105). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: do not return 'reserved' for empty TSAS values (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - nvmet: make 'tsas' attribute idempotent for RDMA (git-fixes). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (git-fixes). - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes). - platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779). - platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779). - platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779). - platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779). - platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779). - platform/x86/intel/ifs: Initialize union ifs_status to zero (git-fixes). - platform/x86: lg-laptop: fix %s null argument warning (stable-fixes). - power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes). - power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes). - power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (git-fixes). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec: make the update_cpus_node() function public (bsc#1194869). - powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869). - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869). - powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869). - printk/panic: Allow cpu backtraces to be written into ringbuffer during panic (bsc#1225607). - reiserfs: fix uninit-value in comp_keys (git-fixes). - rtc: nct3018y: fix possible NULL dereference (stable-fixes). - s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes bsc#1229171). - s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229173). - s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229452). - s390/pci: Add missing virt_to_phys() for directed DIBV (git-fixes bsc#1229174). - s390/pci: Allow allocation of more than 1 MSI interrupt (git-fixes bsc#1229172). - s390/pci: Refactor arch_setup_msi_irqs() (git-fixes bsc#1229172). - s390/pkey: harmonize pkey s390 debug feature calls (bsc#1228720). - s390/pkey: introduce dynamic debugging for pkey (bsc#1228720). - s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229169). - s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229170). - samples/bpf: syscall_tp_user: Fix array out-of-bound access (git-fixes). - samples/bpf: syscall_tp_user: Rename num_progs into nr_tests (git-fixes). - sbitmap: use READ_ONCE to access map->word (stable-fixes). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values (git-fixes). - selftests/bpf: Add a test to verify previous stacksafe() fix (bsc#1225903). - selftests/bpf: Add assert for user stacks in test_task_stack (git-fixes). - selftests/bpf: Add netkit to tc_redirect selftest (git-fixes). - selftests/bpf: De-veth-ize the tc_redirect test case (git-fixes). - selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes). - selftests/bpf: Fix erroneous bitmask operation (git-fixes). - selftests/bpf: Fix issues in setup_classid_environment() (git-fixes). - selftests/bpf: Fix potential premature unload in bpf_testmod (git-fixes). - selftests/bpf: Fix pyperf180 compilation failure with clang18 (git-fixes). - selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes). - selftests/bpf: Fix up xdp bonding test wrt feature flags (git-fixes). - selftests/bpf: Make linked_list failure test more robust (git-fixes). - selftests/bpf: Relax time_tai test for equal timestamps in tai_forward (git-fixes). - selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (git-fixes). - selftests/bpf: Wait for the netstamp_needed_key static key to be turned on (git-fixes). - selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes). - selftests/bpf: fix bpf_loop_bench for new callback verification scheme (git-fixes). - selftests/bpf: fix compiler warnings in RELEASE=1 mode (git-fixes). - selftests/bpf: satisfy compiler by having explicit return in btf test (git-fixes). - serial: core: check uartclk for zero to avoid divide by zero (stable-fixes). - soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes). - soc: qcom: pmic_glink: Actually communicate when remote goes down (git-fixes). - soundwire: stream: fix programming slave ports for non-continous port maps (git-fixes). - spi: Add empty versions of ACPI functions (stable-fixes). - spi: microchip-core: fix init function not setting the master and motorola modes (git-fixes). - spi: microchip-core: switch to use modern name (stable-fixes). - spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes). - spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes). - squashfs: squashfs_read_data need to check if the length is 0 (git-fixes). - ssb: Fix division by zero issue in ssb_calc_clock_rate (stable-fixes). - staging: iio: resolver: ad2s1210: fix use before initialization (stable-fixes). - staging: ks7010: disable bh on tx_dev_lock (stable-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849). - sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes). - swiotlb: do not set total_used to 0 in swiotlb_create_debugfs_files() (git-fixes). - swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes). - thermal/drivers/broadcom: Fix race between removal and clock disable (git-fixes). - thermal: bcm2835: Convert to platform remove callback returning void (stable-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tools/perf: Fix perf bench epoll to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix perf bench futex to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix timing issue with parallel threads in perf bench wake-up-parallel (bsc#1227747). - tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids (git-fixes). - tools/resolve_btfids: Fix cross-compilation to non-host endianness (git-fixes). - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h (git-fixes). - tools/resolve_btfids: fix build with musl libc (git-fixes). - trace/pid_list: Change gfp flags in pid_list_fill_irq() (git-fixes). - tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - tty: atmel_serial: use the correct RTS flag (git-fixes). - tty: serial: fsl_lpuart: mark last busy before uart_add_one_port (git-fixes). - usb: cdnsp: fix for Link TRB with TC (git-fixes). - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (git-fixes). - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usb: gadget: core: Check for unset descriptor (git-fixes). - usb: gadget: fsl: Increase size of name buffer for endpoints (stable-fixes). - usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed (git-fixes). - usb: gadget: u_serial: Set start_delayed during suspend (git-fixes). - usb: gadget: uvc: cleanup request when not in correct state (stable-fixes). - usb: typec: fsa4480: Add support to swap SBU orientation (git-fixes). - usb: typec: fsa4480: Check if the chip is really there (git-fixes). - usb: typec: fsa4480: Relax CHIP_ID check (git-fixes). - usb: typec: fsa4480: add support for Audio Accessory Mode (git-fixes). - usb: typec: fsa4480: rework mux & switch setup to handle more states (git-fixes). - usb: vhci-hcd: Do not drop references before new references are gained (stable-fixes). - vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes). - vhost-scsi: Handle vhost_vq_work_queue failures for events (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - vhost/vsock: always initialize seqpacket_allow (git-fixes). - vhost: Release worker mutex during flushes (git-fixes). - vhost: Use virtqueue mutex for swapping worker (git-fixes). - virt: guest_memfd: fix reference leak on hwpoisoned page (git-fixes). - virtio-crypto: handle config changed by work queue (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtiofs: forbid newlines in tags (bsc#1229940). - wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() (stable-fixes). - wifi: ath12k: fix soft lockup on suspend (git-fixes). - wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion (git-fixes). - wifi: cfg80211: fix reporting failed MLO links status with cfg80211_connect_done (git-fixes). - wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes). - wifi: mac80211: use monitor sdata with driver only if desired (git-fixes). - wifi: mwifiex: duplicate static structs used in driver instances (git-fixes). - wifi: nl80211: disallow setting special AP channel widths (stable-fixes). - wifi: nl80211: do not give key data to userspace (stable-fixes). - wifi: rtw88: usb: Fix disconnection after beacon loss (stable-fixes). - wifi: wfx: repair open network AP mode (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes). - x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes). - x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes). - x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes). - x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes). - x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() (git-fixes). - x86/numa: Fix the address overlap check in numa_fill_memblks() (git-fixes). - x86/numa: Fix the sort compare func used in numa_fill_memblks() (git-fixes). - x86/numa: Introduce numa_fill_memblks() (git-fixes). - x86/pci: Skip early E820 check for ECAM region (git-fixes). - x86/xen: Convert comma to semicolon (git-fixes). - xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes). - xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - xfs: allow cross-linking special files without project quota (git-fixes). - xfs: allow symlinks with short remote targets (bsc#1229160). - xfs: allow unlinked symlinks and dirs with zero size (git-fixes). - xfs: attr forks require attr, not attr2 (git-fixes). - xfs: convert comma to semicolon (git-fixes). - xfs: do not use current->journal_info (git-fixes). - xfs: fix unlink vs cluster buffer instantiation race (git-fixes). - xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (git-fixes). - xfs: journal geometry is not properly bounds checked (git-fixes). - xfs: match lock mode in xfs_buffered_write_iomap_begin() (git-fixes). - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (git-fixes). - xfs: upgrade the extent counters in xfs_reflink_end_cow_extent later (git-fixes). - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - xfs: use consistent uid/gid when grabbing dquots for inodes (git-fixes). - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes). The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - kernel-macros-6.4.0-150600.23.22.1 updated - kernel-devel-6.4.0-150600.23.22.1 updated - kernel-default-devel-6.4.0-150600.23.22.1 updated - kernel-syms-6.4.0-150600.23.22.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 15:29:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 17:29:49 +0200 (CEST) Subject: SUSE-CU-2024:4505-1: Recommended update of bci/openjdk-devel Message-ID: <20240924152949.4D3E7F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4505-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-28.6 Container Release : 28.6 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - container:bci-openjdk-11-af10e78909b77256d425704fd9857428b66a457e5cb1b19ada16d62a2f69f8b1-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 15:30:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 17:30:41 +0200 (CEST) Subject: SUSE-CU-2024:4506-1: Recommended update of bci/openjdk-devel Message-ID: <20240924153041.4549AF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4506-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-30.5 Container Release : 30.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - container:bci-openjdk-17-a1c8eb57bd216ac1e703fc6fbcc27b2f214d079ea63ec867e44e391973ed4d1f-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 15:30:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 17:30:55 +0200 (CEST) Subject: SUSE-CU-2024:4507-1: Recommended update of bci/openjdk-devel Message-ID: <20240924153055.DF0D8F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4507-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-23.5 , bci/openjdk-devel:latest Container Release : 23.5 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - container:bci-openjdk-21-28b529c36f7f13fb6fa829701eeb7b2fece5002cfa4e50e38972be8d09c55c85-0 updated From sle-container-updates at lists.suse.com Tue Sep 24 15:31:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 24 Sep 2024 17:31:04 +0200 (CEST) Subject: SUSE-CU-2024:4508-1: Recommended update of suse/pcp Message-ID: <20240924153104.A032FF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4508-1 Container Tags : suse/pcp:5 , suse/pcp:5-42.11 , suse/pcp:5.3 , suse/pcp:5.3-42.11 , suse/pcp:5.3.7 , suse/pcp:5.3.7-42.11 , suse/pcp:latest Container Release : 42.11 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - container:bci-bci-init-15.6-4aa199b5c154abc093226c828b635d073bd82fc89b8d898bcc199d75ca3e6b82-0 updated From sle-container-updates at lists.suse.com Wed Sep 25 07:10:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 25 Sep 2024 09:10:04 +0200 (CEST) Subject: SUSE-CU-2024:4515-1: Recommended update of suse/sle15 Message-ID: <20240925071004.3BA12F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4515-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.26 , suse/sle15:15.5 , suse/sle15:15.5.36.14.26 Container Release : 36.14.26 Severity : moderate Type : recommended References : 1228647 1230267 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3420-1 Released: Tue Sep 24 16:13:23 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) The following package changes have been done: - libsolv-tools-base-0.7.30-150500.6.2.2 updated - libsolv-tools-0.7.30-150500.6.2.2 updated - libzypp-17.35.11-150500.6.18.3 updated - zypper-1.14.77-150500.6.11.3 updated From sle-container-updates at lists.suse.com Wed Sep 25 07:10:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 25 Sep 2024 09:10:14 +0200 (CEST) Subject: SUSE-CU-2024:4516-1: Security update of suse/registry Message-ID: <20240925071014.C0FD6F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4516-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-25.7 , suse/registry:latest Container Release : 25.7 Severity : moderate Type : security References : 1229783 CVE-2023-49582 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3428-1 Released: Tue Sep 24 18:46:11 2024 Summary: Security update for apr Type: security Severity: moderate References: 1229783,CVE-2023-49582 This update for apr fixes the following issues: - CVE-2023-49582: Fixed an unexpected lax shared memory permissions. (bsc#1229783) The following package changes have been done: - libapr1-1.6.3-150000.3.6.1 updated From sle-container-updates at lists.suse.com Wed Sep 25 07:10:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 25 Sep 2024 09:10:23 +0200 (CEST) Subject: SUSE-CU-2024:4517-1: Recommended update of bci/kiwi Message-ID: <20240925071023.0D102F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4517-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-4.5 , bci/kiwi:9.24 , bci/kiwi:9.24-4.5 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-4.5 , bci/kiwi:latest Container Release : 4.5 Severity : important Type : recommended References : 1220304 1220592 1228729 1228972 1229929 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3407-1 Released: Tue Sep 24 07:05:00 2024 Summary: Recommended update for virtiofsd Type: recommended Severity: moderate References: 1220304,1220592,1228972 This update for virtiofsd fixes the following issues: - Update vendored dependencies, fixing build failures with Rust 1.80 (bsc#1228972) - Remove deprecated cargo_config and cargo_audit services, both are now handled by the cargo_vendor service - Fix libexecdir move: rpm cannot replace a directory with a single file on upgrades (bsc#1220592, bsc#1220304) - Add pre scriptlet removing the directory on Tumbleweed during upgrades ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3412-1 Released: Tue Sep 24 09:42:52 2024 Summary: Recommended update for python-kiwi Type: recommended Severity: moderate References: 1228729 This update for python-kiwi fixes the following issues: - Fixed resize of DOS table type on s390 systems (bsc#1228729) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3413-1 Released: Tue Sep 24 10:56:18 2024 Summary: Recommended update for qemu Type: recommended Severity: important References: 1229929 This update for qemu fixes the following issues: - Fixed lxvx/stxvx facility check on PowerPC (bsc#1229929) The following package changes have been done: - kiwi-tools-9.24.43-150100.3.87.2 updated - virtiofsd-1.10.1-150600.4.3.1 updated - kiwi-systemdeps-core-9.24.43-150100.3.87.2 updated - qemu-pr-helper-8.2.6-150600.3.15.1 updated - qemu-img-8.2.6-150600.3.15.1 updated - qemu-tools-8.2.6-150600.3.15.1 updated - dracut-kiwi-lib-9.24.43-150100.3.87.2 updated - kiwi-systemdeps-filesystems-9.24.43-150100.3.87.2 updated - dracut-kiwi-oem-repart-9.24.43-150100.3.87.2 updated - python3-kiwi-9.24.43-150100.3.87.2 updated From sle-container-updates at lists.suse.com Wed Sep 25 07:10:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 25 Sep 2024 09:10:34 +0200 (CEST) Subject: SUSE-CU-2024:4518-1: Security update of bci/php-apache Message-ID: <20240925071034.667F9F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4518-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-38.6 , bci/php-apache:8.2.20 , bci/php-apache:8.2.20-38.6 , bci/php-apache:latest Container Release : 38.6 Severity : moderate Type : security References : 1229783 CVE-2023-49582 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3428-1 Released: Tue Sep 24 18:46:11 2024 Summary: Security update for apr Type: security Severity: moderate References: 1229783,CVE-2023-49582 This update for apr fixes the following issues: - CVE-2023-49582: Fixed an unexpected lax shared memory permissions. (bsc#1229783) The following package changes have been done: - libapr1-1.6.3-150000.3.6.1 updated From sle-container-updates at lists.suse.com Wed Sep 25 07:10:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 25 Sep 2024 09:10:46 +0200 (CEST) Subject: SUSE-CU-2024:4519-1: Security update of bci/python Message-ID: <20240925071046.36EB3F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4519-1 Container Tags : bci/python:3 , bci/python:3-50.6 , bci/python:3.11 , bci/python:3.11-50.6 , bci/python:3.11.10 , bci/python:3.11.10-50.6 Container Release : 50.6 Severity : important Type : security References : 1229596 1229704 1230227 CVE-2024-6232 CVE-2024-7592 CVE-2024-8088 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3427-1 Released: Tue Sep 24 18:42:49 2024 Summary: Security update for python311 Type: security Severity: important References: 1229596,1229704,1230227,CVE-2024-6232,CVE-2024-7592,CVE-2024-8088 This update for python311 fixes the following issues: Update python311 to version 3.11.10. - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) - CVE-2024-7592: quadratic algorithm used when parsing cookies leads to excessive resource consumption. (bsc#1229596) - CVE-2024-8088: lack of name validation when extracting a zip archive leads to infinite loops. (bsc#1229704) The following package changes have been done: - libpython3_11-1_0-3.11.10-150600.3.6.1 updated - python311-base-3.11.10-150600.3.6.1 updated - python311-3.11.10-150600.3.6.1 updated - python311-devel-3.11.10-150600.3.6.1 updated From sle-container-updates at lists.suse.com Wed Sep 25 07:10:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 25 Sep 2024 09:10:57 +0200 (CEST) Subject: SUSE-CU-2024:4520-1: Recommended update of containers/apache-tomcat Message-ID: <20240925071057.49777F7A3@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4520-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1-openjdk21-48.3 , containers/apache-tomcat:10.1.25-openjdk21 , containers/apache-tomcat:10.1.25-openjdk21-48.3 Container Release : 48.3 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated From sle-container-updates at lists.suse.com Wed Sep 25 07:11:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 25 Sep 2024 09:11:53 +0200 (CEST) Subject: SUSE-CU-2024:4521-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240925071153.6D41FF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4521-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.37 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.37 Severity : moderate Type : security References : 1229783 CVE-2023-49582 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3428-1 Released: Tue Sep 24 18:46:11 2024 Summary: Security update for apr Type: security Severity: moderate References: 1229783,CVE-2023-49582 This update for apr fixes the following issues: - CVE-2023-49582: Fixed an unexpected lax shared memory permissions. (bsc#1229783) The following package changes have been done: - libapr1-1.6.3-150000.3.6.1 updated From sle-container-updates at lists.suse.com Thu Sep 26 07:03:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 09:03:27 +0200 (CEST) Subject: SUSE-CU-2024:4522-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240926070327.96747F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4522-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.56 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.56 Severity : moderate Type : recommended References : 1228647 1230267 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3420-1 Released: Tue Sep 24 16:13:23 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) The following package changes have been done: - libsolv-tools-base-0.7.30-150500.6.2.2 updated - libsolv-tools-0.7.30-150500.6.2.2 updated - libzypp-17.35.11-150500.6.18.3 updated - zypper-1.14.77-150500.6.11.3 updated - container:suse-sle15-15.5-3b949750bcdace970aaaeed051c0d97f197cfe43cac8c4b72c57a63e9fac461a-0 updated From sle-container-updates at lists.suse.com Thu Sep 26 07:14:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 09:14:39 +0200 (CEST) Subject: SUSE-CU-2024:4550-1: Recommended update of bci/rust Message-ID: <20240926071439.E0143F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4550-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-2.2.1 , bci/rust:1.80.1 , bci/rust:1.80.1-2.2.1 , bci/rust:oldstable , bci/rust:oldstable-2.2.1 Container Release : 2.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2777-1 Released: Tue Aug 6 14:35:24 2024 Summary: Recommended update for rust, rust1.80 Type: recommended Severity: moderate References: This update for rust, rust1.80 fixes the following issues: Version 1.80.0 (2024-07-25) ========================== Language -------- - Document maximum allocation size - Allow zero-byte offsets and ZST read/writes on arbitrary pointers - Support C23's variadics without a named parameter - Stabilize `exclusive_range_pattern` feature - Guarantee layout and ABI of `Result` in some scenarios Compiler -------- - Update cc crate to v1.0.97 allowing additional spectre mitigations on MSVC targets - Allow field reordering on types marked `repr(packed(1))` - Add a lint against never type fallback affecting unsafe code - Disallow cast with trailing braced macro in let-else - Expand `for_loops_over_fallibles` lint to lint on fallibles behind references. - self-contained linker: retry linking without `-fuse-ld=lld` on CCs that don't support it - Do not parse CVarArgs (`...`) as a type in trait bounds - Improvements to LLDB formatting - For the wasm32-wasip2 target default to PIC and do not use `-fuse-ld=lld` - Add x86_64-unknown-linux-none as a tier 3 target - Lint on `foo.into_iter()` resolving to `&Box<[T]>: IntoIterator` Libraries --------- - Add `size_of` and `size_of_val` and `align_of` and `align_of_val` to the prelude - Abort a process when FD ownership is violated - io::Write::write_fmt: panic if the formatter fails when the stream does not fail - Panic if `PathBuf::set_extension` would add a path separator - Add assert_unsafe_precondition to unchecked_{add,sub,neg,mul,shl,shr} methods - Update `c_char` on AIX to use the correct type - `offset_of!` no longer returns a temporary - Handle sigma in `str.to_lowercase` correctly - Raise `DEFAULT_MIN_STACK_SIZE` to at least 64KiB Stabilized APIs --------------- - `impl Default for Rc` https://doc.rust-lang.org/beta/alloc/rc/struct.Rc.html#impl-Default-for-Rc%3CCStr%3E - `impl Default for Rc` https://doc.rust-lang.org/beta/alloc/rc/struct.Rc.html#impl-Default-for-Rc%3Cstr%3E - `impl Default for Rc<[T]>` https://doc.rust-lang.org/beta/alloc/rc/struct.Rc.html#impl-Default-for-Rc%3C%5BT%5D%3E - `impl Default for Arc` https://doc.rust-lang.org/beta/alloc/sync/struct.Arc.html#impl-Default-for-Arc%3Cstr%3E - `impl Default for Arc` https://doc.rust-lang.org/beta/alloc/sync/struct.Arc.html#impl-Default-for-Arc%3CCStr%3E - `impl Default for Arc<[T]>` https://doc.rust-lang.org/beta/alloc/sync/struct.Arc.html#impl-Default-for-Arc%3C%5BT%5D%3E - `impl IntoIterator for Box<[T]>` https://doc.rust-lang.org/beta/alloc/boxed/struct.Box.html#impl-IntoIterator-for-Box%3C%5BI%5D,+A%3E - `impl FromIterator for Box` https://doc.rust-lang.org/beta/alloc/boxed/struct.Box.html#impl-FromIterator%3CString%3E-for-Box%3Cstr%3E) - `impl FromIterator for Box` https://doc.rust-lang.org/beta/alloc/boxed/struct.Box.html#impl-FromIterator%3Cchar%3E-for-Box%3Cstr%3E - `LazyCell` https://doc.rust-lang.org/beta/core/cell/struct.LazyCell.html - `LazyLock` https://doc.rust-lang.org/beta/std/sync/struct.LazyLock.html - `Duration::div_duration_f32` https://doc.rust-lang.org/beta/std/time/struct.Duration.html#method.div_duration_f32 - `Duration::div_duration_f64` https://doc.rust-lang.org/beta/std/time/struct.Duration.html#method.div_duration_f64 - `Option::take_if` https://doc.rust-lang.org/beta/std/option/enum.Option.html#method.take_if - `Seek::seek_relative` https://doc.rust-lang.org/beta/std/io/trait.Seek.html#method.seek_relative - `BinaryHeap::as_slice` https://doc.rust-lang.org/beta/std/collections/struct.BinaryHeap.html#method.as_slice - `NonNull::offset` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.offset - `NonNull::byte_offset` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.byte_offset - `NonNull::add` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.add - `NonNull::byte_add` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.byte_add - `NonNull::sub` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.sub - `NonNull::byte_sub` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.byte_sub - `NonNull::offset_from` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.offset_from - `NonNull::byte_offset_from` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.byte_offset_from - `NonNull::read` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.read - `NonNull::read_volatile` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.read_volatile - `NonNull::read_unaligned` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.read_unaligned - `NonNull::write` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.write - `NonNull::write_volatile` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.write_volatile - `NonNull::write_unaligned` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.write_unaligned - `NonNull::write_bytes` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.write_bytes - `NonNull::copy_to` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.copy_to - `NonNull::copy_to_nonoverlapping` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.copy_to_nonoverlapping - `NonNull::copy_from` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.copy_from - `NonNull::copy_from_nonoverlapping` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.copy_from_nonoverlapping - `NonNull::replace` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.replace - `NonNull::swap` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.swap - `NonNull::drop_in_place` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.drop_in_place - `NonNull::align_offset` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.align_offset - `<[T]>::split_at_checked` https://doc.rust-lang.org/beta/std/primitive.slice.html#method.split_at_checked - `<[T]>::split_at_mut_checked` https://doc.rust-lang.org/beta/std/primitive.slice.html#method.split_at_mut_checked - `str::split_at_checked` https://doc.rust-lang.org/beta/std/primitive.str.html#method.split_at_checked - `str::split_at_mut_checked` https://doc.rust-lang.org/beta/std/primitive.str.html#method.split_at_mut_checked - `str::trim_ascii` https://doc.rust-lang.org/beta/std/primitive.str.html#method.trim_ascii - `str::trim_ascii_start` https://doc.rust-lang.org/beta/std/primitive.str.html#method.trim_ascii_start - `str::trim_ascii_end` https://doc.rust-lang.org/beta/std/primitive.str.html#method.trim_ascii_end - `<[u8]>::trim_ascii` https://doc.rust-lang.org/beta/core/primitive.slice.html#method.trim_ascii - `<[u8]>::trim_ascii_start` https://doc.rust-lang.org/beta/core/primitive.slice.html#method.trim_ascii_start - `<[u8]>::trim_ascii_end` https://doc.rust-lang.org/beta/core/primitive.slice.html#method.trim_ascii_end - `Ipv4Addr::BITS` https://doc.rust-lang.org/beta/core/net/struct.Ipv4Addr.html#associatedconstant.BITS - `Ipv4Addr::to_bits` https://doc.rust-lang.org/beta/core/net/struct.Ipv4Addr.html#method.to_bits - `Ipv4Addr::from_bits` https://doc.rust-lang.org/beta/core/net/struct.Ipv4Addr.html#method.from_bits - `Ipv6Addr::BITS` https://doc.rust-lang.org/beta/core/net/struct.Ipv6Addr.html#associatedconstant.BITS - `Ipv6Addr::to_bits` https://doc.rust-lang.org/beta/core/net/struct.Ipv6Addr.html#method.to_bits - `Ipv6Addr::from_bits` https://doc.rust-lang.org/beta/core/net/struct.Ipv6Addr.html#method.from_bits - `Vec::<[T; N]>::into_flattened` https://doc.rust-lang.org/beta/alloc/vec/struct.Vec.html#method.into_flattened - `<[[T; N]]>::as_flattened` https://doc.rust-lang.org/beta/core/primitive.slice.html#method.as_flattened - `<[[T; N]]>::as_flattened_mut` https://doc.rust-lang.org/beta/core/primitive.slice.html#method.as_flattened_mut These APIs are now stable in const contexts: - `<[T]>::last_chunk` https://doc.rust-lang.org/beta/core/primitive.slice.html#method.last_chunk - `BinaryHeap::new` https://doc.rust-lang.org/beta/std/collections/struct.BinaryHeap.html#method.new Cargo ----- - Stabilize `-Zcheck-cfg` as always enabled - Warn, rather than fail publish, if a target is excluded - Add special `check-cfg` lint config for the `unexpected_cfgs` lint - Stabilize `cargo update --precise ` - Don't change file permissions on `Cargo.toml` when using `cargo add` - Support using `cargo fix` on IPv6-only networks Rustdoc ----- - Allow searching for references - Stabilize `custom_code_classes_in_docs` feature - fix: In cross-crate scenarios show enum variants on type aliases of enums Compatibility Notes ------------------- - rustfmt estimates line lengths differently when using non-ascii characters - Type aliases are now handled correctly in orphan check - Allow instructing rustdoc to read from stdin via `-` - `std::env::{set_var, remove_var}` can no longer be converted to safe function pointers and no longer implement the `Fn` family of traits - Warn (or error) when `Self` constructor from outer item is referenced in inner nested item - Turn `indirect_structural_match` and `pointer_structural_match` lints into hard errors - Make `where_clause_object_safety` lint a regular object safety violation - Turn `proc_macro_back_compat` lint into a hard error. - Detect unused structs even when implementing private traits - `std::sync::ReentrantLockGuard` is no longer `Sync` if `T: !Sync` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3093-1 Released: Tue Sep 3 16:34:07 2024 Summary: Recommended update for rust1.80 Type: recommended Severity: moderate References: This update for rust1.80 fixes the following issues: Version 1.80.1 (2024-08-08) =========================== - Fix miscompilation in the jump threading MIR optimization when comparing floats - Revert changes to the `dead_code` lint from 1.80.0 The following package changes have been done: - rust1.80-1.80.1-150500.11.6.1 added - cargo1.80-1.80.1-150500.11.6.1 added - cargo1.79-1.79.0-150500.11.3.1 removed - rust1.79-1.79.0-150500.11.3.1 removed From sle-container-updates at lists.suse.com Thu Sep 26 13:46:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:19 +0200 (CEST) Subject: SUSE-CU-2024:4554-1: Recommended update of bci/golang Message-ID: <20240926134619.63EE4F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4554-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-2.37.1 , bci/golang:1.22.7 , bci/golang:oldstable , bci/golang:oldstable-2.37.1 Container Release : 37.1 Severity : moderate Type : recommended References : 1229028 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 updated From sle-container-updates at lists.suse.com Thu Sep 26 13:46:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:26 +0200 (CEST) Subject: SUSE-CU-2024:4555-1: Recommended update of bci/rust Message-ID: <20240926134626.C1249F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4555-1 Container Tags : bci/rust:1.81 , bci/rust:1.81-1.2.1 , bci/rust:1.81.0 , bci/rust:1.81.0-1.2.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.1 Container Release : 2.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3406-1 Released: Mon Sep 23 17:33:49 2024 Summary: Recommended update for rust, rust1.81 Type: recommended Severity: moderate References: This update for rust, rust1.81 fixes the following issues: Changes in rust1.81: - Resolve wasm32-wasi build issues Version 1.81.0 (2024-09-05) ========================== Language -------- - Abort on uncaught panics in `extern 'C'` functions. - Fix ambiguous cases of multiple `&` in elided self lifetimes. - Stabilize `#[expect]` for lints (RFC 2383), like `#[allow]` with a warning if the lint is _not_ fulfilled. - Change method resolution to constrain hidden types instead of rejecting method candidates. - Bump `elided_lifetimes_in_associated_constant` to deny. - `offset_from`: always allow pointers to point to the same address. - Allow constraining opaque types during subtyping in the trait system. - Allow constraining opaque types during various unsizing casts. - Deny keyword lifetimes pre-expansion. Compiler -------- - Make casts of pointers to trait objects stricter. - Check alias args for well-formedness even if they have escaping bound vars. - Deprecate no-op codegen option `-Cinline-threshold=...`. - Re-implement a type-size based limit. - Properly account for alignment in `transmute` size checks. - Remove the `box_pointers` lint. - Ensure the interpreter checks bool/char for validity when they are used in a cast. - Improve coverage instrumentation for functions containing nested items. - Target changes: - Add Tier 3 `no_std` Xtensa targets: `xtensa-esp32-none-elf`, `xtensa-esp32s2-none-elf`, `xtensa-esp32s3-none-elf` - Add Tier 3 `std` Xtensa targets: `xtensa-esp32-espidf`, `xtensa-esp32s2-espidf`, `xtensa-esp32s3-espidf` - Add Tier 3 i686 Redox OS target: `i686-unknown-redox` - Promote `arm64ec-pc-windows-msvc` to Tier 2. - Promote `loongarch64-unknown-linux-musl` to Tier 2 with host tools. - Enable full tools and profiler for LoongArch Linux targets. - Unconditionally warn on usage of `wasm32-wasi`. (see compatibility note below) - Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - Split core's `PanicInfo` and std's `PanicInfo`. (see compatibility note below) - Generalize `{Rc,Arc}::make_mut()` to unsized types. - Replace sort implementations with stable `driftsort` and unstable `ipnsort`. All `slice::sort*` and `slice::select_nth*` methods are expected to see significant performance improvements. See the research project https://github.com/Voultapher/sort-research-rs for more details. - Document behavior of `create_dir_all` with respect to empty paths. - Fix interleaved output in the default panic hook when multiple threads panic simultaneously. Stabilized APIs --------------- - `core::error` https://doc.rust-lang.org/stable/core/error/index.html - `hint::assert_unchecked` https://doc.rust-lang.org/stable/core/hint/fn.assert_unchecked.html - `fs::exists` https://doc.rust-lang.org/stable/std/fs/fn.exists.html - `AtomicBool::fetch_not` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicBool.html#method.fetch_not - `Duration::abs_diff` https://doc.rust-lang.org/stable/core/time/struct.Duration.html#method.abs_diff - `IoSlice::advance` https://doc.rust-lang.org/stable/std/io/struct.IoSlice.html#method.advance - `IoSlice::advance_slices` https://doc.rust-lang.org/stable/std/io/struct.IoSlice.html#method.advance_slices - `IoSliceMut::advance` https://doc.rust-lang.org/stable/std/io/struct.IoSliceMut.html#method.advance - `IoSliceMut::advance_slices` https://doc.rust-lang.org/stable/std/io/struct.IoSliceMut.html#method.advance_slices - `PanicHookInfo` https://doc.rust-lang.org/stable/std/panic/struct.PanicHookInfo.html - `PanicInfo::message` https://doc.rust-lang.org/stable/core/panic/struct.PanicInfo.html#method.message - `PanicMessage` https://doc.rust-lang.org/stable/core/panic/struct.PanicMessage.html These APIs are now stable in const contexts: - `char::from_u32_unchecked` https://doc.rust-lang.org/stable/core/char/fn.from_u32_unchecked.html (function) - `char::from_u32_unchecked` https://doc.rust-lang.org/stable/core/primitive.char.html#method.from_u32_unchecked (method) - `CStr::count_bytes` https://doc.rust-lang.org/stable/core/ffi/c_str/struct.CStr.html#method.count_bytes - `CStr::from_ptr` https://doc.rust-lang.org/stable/core/ffi/c_str/struct.CStr.html#method.from_ptr Cargo ----- - Generated `.cargo_vcs_info.json` is always included, even when `--allow-dirty` is passed. - Disallow `package.license-file` and `package.readme` pointing to non-existent files during packaging. - Disallow passing `--release`/`--debug` flag along with the `--profile` flag. - Remove `lib.plugin` key support in `Cargo.toml`. Rust plugin support has been deprecated for four years and was removed in 1.75.0. Compatibility Notes ------------------- * Usage of the `wasm32-wasi` target will now issue a compiler warning and request users switch to the `wasm32-wasip1` target instead. Both targets are the same, `wasm32-wasi` is only being renamed, and this change to the WASI target https://blog.rust-lang.org/2024/04/09/updates-to-rusts-wasi-targets.html is being done to enable removing `wasm32-wasi` in January 2025. * We have renamed `std::panic::PanicInfo` to `std::panic::PanicHookInfo`. The old name will continue to work as an alias, but will result in a deprecation warning starting in Rust 1.82.0. `core::panic::PanicInfo` will remain unchanged, however, as this is now a *different type*. The reason is that these types have different roles: `std::panic::PanicHookInfo` is the argument to the panic hook https://doc.rust-lang.org/stable/std/panic/fn.set_hook.html in std context (where panics can have an arbitrary payload), while `core::panic::PanicInfo` is the argument to the `#[panic_handler]` https://doc.rust-lang.org/nomicon/panic-handler.html in no_std context (where panics always carry a formatted *message*). Separating these types allows us to add more useful methods to these types, such as `std::panic::PanicHookInfo::payload_as_str()` and `core::panic::PanicInfo::message()`. * The new sort implementations may panic if a type's implementation of `Ord` https://doc.rust-lang.org/std/cmp/trait.Ord.html (or the given comparison function) does not implement a total order https://en.wikipedia.org/wiki/Total_order as the trait requires. `Ord`'s supertraits (`PartialOrd`, `Eq`, and `PartialEq`) must also be consistent. The previous implementations would not 'notice' any problem, but the new implementations have a good chance of detecting inconsistencies, throwing a panic rather than returning knowingly unsorted data. * In very rare cases, a change in the internal evaluation order of the trait solver may result in new fatal overflow errors. The following package changes have been done: - rust1.81-1.81.0-150500.11.3.1 added - cargo1.81-1.81.0-150500.11.3.1 added - cargo1.80-1.80.1-150500.11.6.1 removed - rust1.80-1.80.1-150500.11.6.1 removed From sle-container-updates at lists.suse.com Thu Sep 26 13:46:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:30 +0200 (CEST) Subject: SUSE-CU-2024:4556-1: Security update of suse/sles/15.7/cdi-apiserver Message-ID: <20240926134630.0C26DF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4556-1 Container Tags : suse/sles/15.7/cdi-apiserver:1.58.0 , suse/sles/15.7/cdi-apiserver:1.58.0-150700.7.11 , suse/sles/15.7/cdi-apiserver:1.58.0.27.22 Container Release : 27.22 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - containerized-data-importer-api-1.58.0-150700.7.11 updated - container:sles15-image-15.0.0-50.18 updated From sle-container-updates at lists.suse.com Thu Sep 26 13:46:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:32 +0200 (CEST) Subject: SUSE-CU-2024:4557-1: Security update of suse/sles/15.7/cdi-cloner Message-ID: <20240926134632.72CD8F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4557-1 Container Tags : suse/sles/15.7/cdi-cloner:1.58.0 , suse/sles/15.7/cdi-cloner:1.58.0-150700.7.11 , suse/sles/15.7/cdi-cloner:1.58.0.28.22 Container Release : 28.22 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 1229476 1230093 CVE-2024-6119 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libmount1-2.39.3-150600.4.12.2 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - libcurl4-8.6.0-150600.4.6.1 updated - permissions-20240826-150600.10.9.1 updated - util-linux-2.39.3-150600.4.12.2 updated - curl-8.6.0-150600.4.6.1 updated - containerized-data-importer-cloner-1.58.0-150700.7.11 updated - container:sles15-image-15.0.0-50.18 updated From sle-container-updates at lists.suse.com Thu Sep 26 13:46:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:35 +0200 (CEST) Subject: SUSE-CU-2024:4558-1: Security update of suse/sles/15.7/cdi-controller Message-ID: <20240926134635.08968F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4558-1 Container Tags : suse/sles/15.7/cdi-controller:1.58.0 , suse/sles/15.7/cdi-controller:1.58.0-150700.7.11 , suse/sles/15.7/cdi-controller:1.58.0.27.22 Container Release : 27.22 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - containerized-data-importer-controller-1.58.0-150700.7.11 updated - container:sles15-image-15.0.0-50.18 updated From sle-container-updates at lists.suse.com Thu Sep 26 13:46:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:37 +0200 (CEST) Subject: SUSE-CU-2024:4559-1: Security update of suse/sles/15.7/cdi-importer Message-ID: <20240926134637.56D99F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4559-1 Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.11 , suse/sles/15.7/cdi-importer:1.58.0.28.26 Container Release : 28.26 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 1229476 1230093 CVE-2024-6119 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libmount1-2.39.3-150600.4.12.2 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - libcurl4-8.6.0-150600.4.6.1 updated - permissions-20240826-150600.10.9.1 updated - util-linux-2.39.3-150600.4.12.2 updated - curl-8.6.0-150600.4.6.1 updated - qemu-img-9.1.0-150700.1.1 updated - containerized-data-importer-importer-1.58.0-150700.7.11 updated - container:sles15-image-15.0.0-50.18 updated From sle-container-updates at lists.suse.com Thu Sep 26 13:46:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:39 +0200 (CEST) Subject: SUSE-CU-2024:4560-1: Security update of suse/sles/15.7/cdi-operator Message-ID: <20240926134639.5DE08F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4560-1 Container Tags : suse/sles/15.7/cdi-operator:1.58.0 , suse/sles/15.7/cdi-operator:1.58.0-150700.7.11 , suse/sles/15.7/cdi-operator:1.58.0.27.22 Container Release : 27.22 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - containerized-data-importer-operator-1.58.0-150700.7.11 updated - container:sles15-image-15.0.0-50.18 updated From sle-container-updates at lists.suse.com Thu Sep 26 13:46:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:41 +0200 (CEST) Subject: SUSE-CU-2024:4561-1: Security update of suse/sles/15.7/cdi-uploadproxy Message-ID: <20240926134641.BC21CF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4561-1 Container Tags : suse/sles/15.7/cdi-uploadproxy:1.58.0 , suse/sles/15.7/cdi-uploadproxy:1.58.0-150700.7.11 , suse/sles/15.7/cdi-uploadproxy:1.58.0.27.22 Container Release : 27.22 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - containerized-data-importer-uploadproxy-1.58.0-150700.7.11 updated - container:sles15-image-15.0.0-50.18 updated From sle-container-updates at lists.suse.com Thu Sep 26 13:46:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:44 +0200 (CEST) Subject: SUSE-CU-2024:4562-1: Security update of suse/sles/15.7/cdi-uploadserver Message-ID: <20240926134644.50437F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4562-1 Container Tags : suse/sles/15.7/cdi-uploadserver:1.58.0 , suse/sles/15.7/cdi-uploadserver:1.58.0-150700.7.11 , suse/sles/15.7/cdi-uploadserver:1.58.0.28.26 Container Release : 28.26 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 1229476 1230093 CVE-2024-6119 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libmount1-2.39.3-150600.4.12.2 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - libcurl4-8.6.0-150600.4.6.1 updated - permissions-20240826-150600.10.9.1 updated - util-linux-2.39.3-150600.4.12.2 updated - curl-8.6.0-150600.4.6.1 updated - qemu-img-9.1.0-150700.1.1 updated - containerized-data-importer-uploadserver-1.58.0-150700.7.11 updated - container:sles15-image-15.0.0-50.18 updated From sle-container-updates at lists.suse.com Thu Sep 26 13:46:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:47 +0200 (CEST) Subject: SUSE-CU-2024:4563-1: Security update of suse/sle15 Message-ID: <20240926134647.15E7CF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4563-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7.50.18 , suse/sle15:15.7 , suse/sle15:15.7.50.18 Container Release : 50.18 Severity : important Type : security References : 1081596 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228042 1228138 1228206 1228208 1228420 1228647 1228787 1228968 1229028 1229329 1229339 1229465 1229476 1230093 1230267 222971 CVE-2024-6119 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3346-1 Released: Thu Sep 19 17:20:06 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) The following package changes have been done: - curl-8.6.0-150600.4.6.1 updated - glibc-2.38-150600.14.8.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libcurl4-8.6.0-150600.4.6.1 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libmount1-2.39.3-150600.4.12.2 updated - libncurses6-6.1-150000.5.27.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libsolv-tools-base-0.7.30-150600.8.2.1 updated - libuuid1-2.39.3-150600.4.12.2 updated - libzypp-17.35.11-150600.3.24.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - openssl-3-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - sle-module-basesystem-release-15.7-150700.6.1 updated - sle-module-python3-release-15.7-150700.6.1 updated - sle-module-server-applications-release-15.7-150700.6.1 updated - sles-release-15.7-150700.6.1 updated - suse-build-key-12.0-150000.8.52.3 updated - terminfo-base-6.1-150000.5.27.1 updated - util-linux-2.39.3-150600.4.12.2 updated - zypper-1.14.77-150600.10.11.2 updated - libabsl2401_0_0-20240116.1-150600.17.7 removed - liblz4-1-1.9.4-150600.1.4 removed - libprocps8-3.3.17-150000.7.39.1 removed - libprotobuf-lite25_1_0-25.1-150600.16.4.2 removed - libsystemd0-254.15-150600.4.8.1 removed - procps-3.3.17-150000.7.39.1 removed From sle-container-updates at lists.suse.com Thu Sep 26 13:46:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:49 +0200 (CEST) Subject: SUSE-CU-2024:4564-1: Security update of suse/sles/15.7/virt-api Message-ID: <20240926134649.DF56BF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4564-1 Container Tags : suse/sles/15.7/virt-api:1.1.1 , suse/sles/15.7/virt-api:1.1.1-150700.9.13 , suse/sles/15.7/virt-api:1.1.1.27.24 Container Release : 27.24 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/sles/15.7/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - kubevirt-virt-api-1.1.1-150700.9.13 updated - container:sles15-image-15.0.0-50.18 updated From sle-container-updates at lists.suse.com Thu Sep 26 13:46:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:52 +0200 (CEST) Subject: SUSE-CU-2024:4565-1: Security update of suse/sles/15.7/virt-controller Message-ID: <20240926134652.B4498F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4565-1 Container Tags : suse/sles/15.7/virt-controller:1.1.1 , suse/sles/15.7/virt-controller:1.1.1-150700.9.13 , suse/sles/15.7/virt-controller:1.1.1.27.24 Container Release : 27.24 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/sles/15.7/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - kubevirt-virt-controller-1.1.1-150700.9.13 updated - container:sles15-image-15.0.0-50.18 updated From sle-container-updates at lists.suse.com Thu Sep 26 13:46:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:55 +0200 (CEST) Subject: SUSE-CU-2024:4566-1: Security update of suse/sles/15.7/virt-exportproxy Message-ID: <20240926134655.3C549F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4566-1 Container Tags : suse/sles/15.7/virt-exportproxy:1.1.1 , suse/sles/15.7/virt-exportproxy:1.1.1-150700.9.13 , suse/sles/15.7/virt-exportproxy:1.1.1.11.24 Container Release : 11.24 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - kubevirt-virt-exportproxy-1.1.1-150700.9.13 updated - container:sles15-image-15.0.0-50.18 updated From sle-container-updates at lists.suse.com Thu Sep 26 13:46:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:46:58 +0200 (CEST) Subject: SUSE-CU-2024:4567-1: Security update of suse/sles/15.7/virt-exportserver Message-ID: <20240926134658.736A7F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4567-1 Container Tags : suse/sles/15.7/virt-exportserver:1.1.1 , suse/sles/15.7/virt-exportserver:1.1.1-150700.9.13 , suse/sles/15.7/virt-exportserver:1.1.1.12.24 Container Release : 12.24 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - kubevirt-virt-exportserver-1.1.1-150700.9.13 updated - container:sles15-image-15.0.0-50.18 updated From sle-container-updates at lists.suse.com Thu Sep 26 13:47:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:47:01 +0200 (CEST) Subject: SUSE-CU-2024:4568-1: Security update of suse/sles/15.7/virt-handler Message-ID: <20240926134701.51129F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4568-1 Container Tags : suse/sles/15.7/virt-handler:1.1.1 , suse/sles/15.7/virt-handler:1.1.1-150700.9.13 , suse/sles/15.7/virt-handler:1.1.1.29.30 Container Release : 29.30 Severity : moderate Type : security References : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 1229476 1229930 1229931 1229932 1230093 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-6119 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - libmount1-2.39.3-150600.4.12.2 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - libcurl4-8.6.0-150600.4.6.1 updated - sles-release-15.7-150700.6.1 updated - permissions-20240826-150600.10.9.1 updated - util-linux-2.39.3-150600.4.12.2 updated - curl-8.6.0-150600.4.6.1 updated - kubevirt-container-disk-1.1.1-150700.9.13 updated - kubevirt-virt-handler-1.1.1-150700.9.13 updated - libexpat1-2.4.4-150400.3.22.1 updated - qemu-img-9.1.0-150700.1.1 updated - util-linux-systemd-2.39.3-150600.4.12.2 updated - container:sles15-image-15.0.0-50.18 updated From sle-container-updates at lists.suse.com Thu Sep 26 13:47:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:47:03 +0200 (CEST) Subject: SUSE-CU-2024:4569-1: Security update of suse/sles/15.7/virt-launcher Message-ID: <20240926134703.9F317F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4569-1 Container Tags : suse/sles/15.7/virt-launcher:1.1.1 , suse/sles/15.7/virt-launcher:1.1.1-150700.9.13 , suse/sles/15.7/virt-launcher:1.1.1.34.9 Container Release : 34.9 Severity : moderate Type : security References : 1209266 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 1229476 1229930 1229931 1229932 1229975 1230093 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-6119 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3124-1 Released: Tue Sep 3 17:38:34 2024 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1229975 This update for cryptsetup fixes the following issues: - FIPS: Extend the password for PBKDF2 benchmarking to be more than 20 chars to meet FIPS 140-3 requirements (bsc#1229975) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3134-1 Released: Tue Sep 3 17:49:43 2024 Summary: Recommended update for ovmf Type: recommended Severity: moderate References: 1209266 This update for ovmf fixes the following issues: - We do not official support AMD SEV yet. On the other hand, the secure boot will be disabled in SEV flavor, so we do not need revert the patch anymore (bsc#1209266). - Add backslash to the end of '-D BUILD_SHELL=FALSE' in BUILD_OPTIONS_X86. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - libmount1-2.39.3-150600.4.12.2 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - libcurl4-8.6.0-150600.4.6.1 updated - sles-release-15.7-150700.6.1 updated - permissions-20240826-150600.10.9.1 updated - util-linux-2.39.3-150600.4.12.2 updated - curl-8.6.0-150600.4.6.1 updated - kubevirt-container-disk-1.1.1-150700.9.13 updated - libexpat1-2.4.4-150400.3.22.1 updated - qemu-accel-tcg-x86-9.1.0-150700.1.1 updated - qemu-hw-usb-host-9.1.0-150700.1.1 updated - qemu-ipxe-9.1.0-150700.1.1 updated - qemu-seabios-9.1.01.16.3_3_gc13ff2cd-150700.1.1 updated - qemu-vgabios-9.1.01.16.3_3_gc13ff2cd-150700.1.1 updated - libcryptsetup12-2.7.0-150600.3.3.1 updated - qemu-hw-usb-redirect-9.1.0-150700.1.1 updated - xen-libs-4.19.0_02-150700.1.7 updated - qemu-img-9.1.0-150700.1.1 updated - gnutls-3.8.3-150600.2.15 added - libvirt-libs-10.7.0-150700.1.1 updated - libvirt-daemon-log-10.7.0-150700.1.1 updated - libvirt-client-10.7.0-150700.1.1 updated - kubevirt-virt-launcher-1.1.1-150700.9.13 updated - swtpm-0.9.0-150700.1.1 updated - libvirt-daemon-common-10.7.0-150700.1.1 updated - qemu-ovmf-x86_64-202308-150600.5.3.2 updated - qemu-x86-9.1.0-150700.1.1 updated - qemu-9.1.0-150700.1.1 updated - libvirt-daemon-driver-qemu-10.7.0-150700.1.1 updated - container:sles15-image-15.0.0-50.18 updated - trousers-0.3.15-150600.8.2 removed From sle-container-updates at lists.suse.com Thu Sep 26 13:47:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:47:06 +0200 (CEST) Subject: SUSE-CU-2024:4570-1: Security update of suse/sles/15.7/libguestfs-tools Message-ID: <20240926134706.31488F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4570-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.13 , suse/sles/15.7/libguestfs-tools:1.1.1.28.36 Container Release : 28.36 Severity : important Type : security References : 1081596 1209266 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228042 1228138 1228206 1228208 1228398 1228420 1228647 1228787 1228847 1228968 1229028 1229160 1229329 1229465 1229476 1229930 1229931 1229932 1229975 1230093 1230267 222971 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-6119 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3103-1 Released: Tue Sep 3 16:59:06 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1229160 This update for xfsprogs fixes the following issue: - xfs_repair: allow symlinks with short remote targets (bsc#1229160) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3124-1 Released: Tue Sep 3 17:38:34 2024 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1229975 This update for cryptsetup fixes the following issues: - FIPS: Extend the password for PBKDF2 benchmarking to be more than 20 chars to meet FIPS 140-3 requirements (bsc#1229975) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3134-1 Released: Tue Sep 3 17:49:43 2024 Summary: Recommended update for ovmf Type: recommended Severity: moderate References: 1209266 This update for ovmf fixes the following issues: - We do not official support AMD SEV yet. On the other hand, the secure boot will be disabled in SEV flavor, so we do not need revert the patch anymore (bsc#1209266). - Add backslash to the end of '-D BUILD_SHELL=FALSE' in BUILD_OPTIONS_X86. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3147-1 Released: Thu Sep 5 09:30:37 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228398,1228847 This update for dracut fixes the following issues: - Version update with: * feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398) * fix(convertfs) error in conditional expressions (bsc#1228847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3346-1 Released: Thu Sep 19 17:20:06 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - libmount1-2.39.3-150600.4.12.2 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - libcurl4-8.6.0-150600.4.6.1 updated - sles-release-15.7-150700.6.1 updated - permissions-20240826-150600.10.9.1 updated - libsolv-tools-base-0.7.30-150600.8.2.1 updated - libzypp-17.35.11-150600.3.24.1 updated - zypper-1.14.77-150600.10.11.2 updated - util-linux-2.39.3-150600.4.12.2 updated - curl-8.6.0-150600.4.6.1 updated - libguestfs-winsupport-1.53.6-150700.1.3 updated - guestfs-tools-1.53.3-150700.1.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - osinfo-db-20240701-150700.1.1 updated - qemu-accel-tcg-x86-9.1.0-150700.1.1 updated - qemu-ipxe-9.1.0-150700.1.1 updated - qemu-seabios-9.1.01.16.3_3_gc13ff2cd-150700.1.1 updated - qemu-vgabios-9.1.01.16.3_3_gc13ff2cd-150700.1.1 updated - libcryptsetup12-2.7.0-150600.3.3.1 updated - xfsprogs-6.7.0-150600.3.6.2 updated - cryptsetup-2.7.0-150600.3.3.1 updated - libmpath0-0.10.0+103+suse.0fc97cd-150700.1.2 updated - xen-libs-4.19.0_02-150700.1.7 updated - qemu-vmsr-helper-9.1.0-150700.1.1 added - qemu-pr-helper-9.1.0-150700.1.1 updated - qemu-img-9.1.0-150700.1.1 updated - qemu-tools-9.1.0-150700.1.1 updated - util-linux-systemd-2.39.3-150600.4.12.2 updated - libvirt-libs-10.7.0-150700.1.1 updated - dracut-059+suse.531.g48487c31-150600.3.6.2 updated - supermin-5.3.5-150700.1.2 updated - dracut-fips-059+suse.531.g48487c31-150600.3.6.2 updated - qemu-x86-9.1.0-150700.1.1 updated - qemu-9.1.0-150700.1.1 updated - qemu-ovmf-x86_64-202308-150600.5.3.2 updated - libguestfs0-1.53.6-150700.1.3 updated - libguestfs-devel-1.53.6-150700.1.3 updated - libguestfs-appliance-1.53.6-150700.1.3 updated - libguestfs-1.53.6-150700.1.3 updated - container:sles15-image-15.0.0-50.18 updated - libabsl2401_0_0-20240116.1-150600.17.7 removed - libprocps8-3.3.17-150000.7.39.1 removed - libprotobuf-lite25_1_0-25.1-150600.16.4.2 removed - procps-3.3.17-150000.7.39.1 removed From sle-container-updates at lists.suse.com Thu Sep 26 13:47:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 26 Sep 2024 15:47:08 +0200 (CEST) Subject: SUSE-CU-2024:4571-1: Security update of suse/sles/15.7/virt-operator Message-ID: <20240926134708.EA4F9F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4571-1 Container Tags : suse/sles/15.7/virt-operator:1.1.1 , suse/sles/15.7/virt-operator:1.1.1-150700.9.13 , suse/sles/15.7/virt-operator:1.1.1.27.24 Container Release : 27.24 Severity : moderate Type : security References : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1228042 1228968 1229028 1229329 1229465 CVE-2024-6119 ----------------------------------------------------------------- The container suse/sles/15.7/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - permissions-20240826-150600.10.9.1 updated - kubevirt-virt-operator-1.1.1-150700.9.13 updated - container:sles15-image-15.0.0-50.18 updated From sle-container-updates at lists.suse.com Fri Sep 27 07:02:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 27 Sep 2024 09:02:02 +0200 (CEST) Subject: SUSE-IU-2024:1428-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20240927070202.4C03AFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1428-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.183 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.183 Severity : moderate Type : recommended References : 1227216 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3451-1 Released: Thu Sep 26 09:10:50 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) The following package changes have been done: - pam-config-1.1-150200.3.9.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.140 updated From sle-container-updates at lists.suse.com Fri Sep 27 07:07:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 27 Sep 2024 09:07:50 +0200 (CEST) Subject: SUSE-CU-2024:4574-1: Recommended update of suse/sles12sp5 Message-ID: <20240927070750.ADCC4F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4574-1 Container Tags : suse/sles12sp5:6.11.6 , suse/sles12sp5:latest Container Release : 6.11.6 Severity : important Type : recommended References : 1227099 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3448-1 Released: Thu Sep 26 08:48:25 2024 Summary: Recommended update for grep Type: recommended Severity: important References: 1227099 This update for grep fixes the following issues: - Don't assume that pcre_exec that returns PCRE_ERROR_NOMATCH leaves its sub argument alone (bsc#1227099) The following package changes have been done: - grep-2.16-4.9.1 updated From sle-container-updates at lists.suse.com Fri Sep 27 07:07:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 27 Sep 2024 09:07:52 +0200 (CEST) Subject: SUSE-CU-2024:4575-1: Recommended update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20240927070752.5E21EF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4575-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.8 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.8 Severity : important Type : recommended References : 1227099 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3448-1 Released: Thu Sep 26 08:48:25 2024 Summary: Recommended update for grep Type: recommended Severity: important References: 1227099 This update for grep fixes the following issues: - Don't assume that pcre_exec that returns PCRE_ERROR_NOMATCH leaves its sub argument alone (bsc#1227099) The following package changes have been done: - grep-2.16-4.9.1 updated From sle-container-updates at lists.suse.com Fri Sep 27 07:11:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 27 Sep 2024 09:11:29 +0200 (CEST) Subject: SUSE-CU-2024:4577-1: Recommended update of bci/bci-init Message-ID: <20240927071129.045EEF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4577-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.30.1 Container Release : 30.1 Severity : moderate Type : recommended References : 1227216 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3451-1 Released: Thu Sep 26 09:10:50 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) The following package changes have been done: - pam-config-1.1-150200.3.9.1 updated From sle-container-updates at lists.suse.com Fri Sep 27 07:20:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 27 Sep 2024 09:20:13 +0200 (CEST) Subject: SUSE-CU-2024:4601-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240927072013.E3FE3F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4601-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.38 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.38 Severity : moderate Type : recommended References : 1227216 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3450-1 Released: Thu Sep 26 09:09:16 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) The following package changes have been done: - pam-config-1.1-150600.16.3.1 updated From sle-container-updates at lists.suse.com Fri Sep 27 07:20:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 27 Sep 2024 09:20:26 +0200 (CEST) Subject: SUSE-CU-2024:4602-1: Recommended update of bci/bci-init Message-ID: <20240927072026.69297F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4602-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.26.1 , bci/bci-init:latest Container Release : 26.1 Severity : moderate Type : recommended References : 1227216 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3450-1 Released: Thu Sep 26 09:09:16 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) The following package changes have been done: - pam-config-1.1-150600.16.3.1 updated From sle-container-updates at lists.suse.com Fri Sep 27 07:20:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 27 Sep 2024 09:20:34 +0200 (CEST) Subject: SUSE-CU-2024:4603-1: Recommended update of bci/kiwi Message-ID: <20240927072034.A3AC4F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4603-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-7.1 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:latest Container Release : 7.1 Severity : moderate Type : recommended References : 1227216 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3450-1 Released: Thu Sep 26 09:09:16 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) The following package changes have been done: - pam-config-1.1-150600.16.3.1 updated From sle-container-updates at lists.suse.com Fri Sep 27 07:24:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 27 Sep 2024 09:24:58 +0200 (CEST) Subject: SUSE-CU-2024:4624-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240927072458.AC46AF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4624-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.38 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.38 Severity : moderate Type : recommended References : 1227216 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3451-1 Released: Thu Sep 26 09:10:50 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) The following package changes have been done: - pam-config-1.1-150200.3.9.1 updated From sle-container-updates at lists.suse.com Sat Sep 28 07:08:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 28 Sep 2024 09:08:00 +0200 (CEST) Subject: SUSE-CU-2024:4633-1: Recommended update of suse/pcp Message-ID: <20240928070800.BBA96F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4633-1 Container Tags : suse/pcp:5 , suse/pcp:5.3 , suse/pcp:5.3.7 , suse/pcp:5.3.7-45.2 , suse/pcp:latest Container Release : 45.2 Severity : moderate Type : recommended References : 1227216 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3450-1 Released: Thu Sep 26 09:09:16 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) The following package changes have been done: - pam-config-1.1-150600.16.3.1 updated - container:bci-bci-init-15.6-24ddd7e6419e1cb7f16c88283fedea7955d177e59308d93186a4af4a9666fdf8-0 updated From sle-container-updates at lists.suse.com Sat Sep 28 07:08:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 28 Sep 2024 09:08:52 +0200 (CEST) Subject: SUSE-CU-2024:4635-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20240928070852.48CAFF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4635-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.27 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.27 Severity : important Type : security References : 1227233 1227378 1227999 1228780 1229596 1230227 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - python3-base-3.6.15-150300.10.72.1 updated - python3-3.6.15-150300.10.72.1 updated From sle-container-updates at lists.suse.com Sat Sep 28 07:09:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 28 Sep 2024 09:09:24 +0200 (CEST) Subject: SUSE-CU-2024:4636-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20240928070924.F20AEF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4636-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.27 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.27 Severity : important Type : security References : 1227233 1227378 1227999 1228780 1229596 1230227 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - python3-base-3.6.15-150300.10.72.1 updated - python3-3.6.15-150300.10.72.1 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:02:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:02:11 +0200 (CEST) Subject: SUSE-IU-2024:1432-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20240929070212.064DAFCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1432-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.190 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.190 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) The following package changes have been done: - logrotate-3.18.1-150400.3.10.1 updated - libcurl4-8.0.1-150400.5.53.2 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.145 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:06:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:06:05 +0200 (CEST) Subject: SUSE-CU-2024:4638-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240929070605.B958EFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4638-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.33 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.33 Severity : important Type : security References : 1227233 1227378 1227999 1228647 1228780 1229596 1230227 1230267 1230516 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3485-1 Released: Fri Sep 27 19:54:13 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) - Fix wrong numbers used in CommitSummary skipped/failed messages. The following package changes have been done: - curl-8.0.1-150400.5.53.2 updated - libcurl4-8.0.1-150400.5.53.2 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - libzypp-17.35.11-150400.3.90.1 updated - python3-base-3.6.15-150300.10.72.1 updated - zypper-1.14.77-150400.3.62.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:09:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:09:08 +0200 (CEST) Subject: SUSE-CU-2024:4640-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240929070908.56BA5FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4640-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.34 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.34 Severity : important Type : security References : 1227233 1227378 1227999 1228647 1228780 1229596 1230227 1230267 1230516 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3485-1 Released: Fri Sep 27 19:54:13 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) - Fix wrong numbers used in CommitSummary skipped/failed messages. The following package changes have been done: - curl-8.0.1-150400.5.53.2 updated - libcurl4-8.0.1-150400.5.53.2 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - libzypp-17.35.11-150400.3.90.1 updated - python3-base-3.6.15-150300.10.72.1 updated - zypper-1.14.77-150400.3.62.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:11:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:11:53 +0200 (CEST) Subject: SUSE-CU-2024:4641-1: Recommended update of suse/sles12sp5 Message-ID: <20240929071153.6FA26FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4641-1 Container Tags : suse/sles12sp5:6.11.8 , suse/sles12sp5:latest Container Release : 6.11.8 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3474-1 Released: Fri Sep 27 15:08:47 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3484-1 Released: Fri Sep 27 19:53:39 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. The following package changes have been done: - libcurl4-8.0.1-11.95.2 updated - sles-release-POOL-12.5-9.5.2 updated - sles-release-12.5-9.5.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:11:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:11:56 +0200 (CEST) Subject: SUSE-CU-2024:4642-1: Recommended update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20240929071156.1A503FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4642-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.10 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.10 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3474-1 Released: Fri Sep 27 15:08:47 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3484-1 Released: Fri Sep 27 19:53:39 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. The following package changes have been done: - libcurl4-8.0.1-11.95.2 updated - sles-release-POOL-12.5-9.5.2 updated - sles-release-12.5-9.5.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:12:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:12:07 +0200 (CEST) Subject: SUSE-CU-2024:4643-1: Security update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20240929071207.777CDFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4643-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.4.9 Container Release : 4.9 Severity : important Type : security References : 1227233 1227378 1227999 1228780 1229596 1230227 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. The following package changes have been done: - python3-base-3.6.15-150300.10.72.1 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - container:sles15-ltss-image-15.0.0-5.23 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:12:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:12:42 +0200 (CEST) Subject: SUSE-CU-2024:4644-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240929071242.75092FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4644-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.23 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.23 Container Release : 5.23 Severity : moderate Type : recommended References : 1228647 1230267 1230516 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3485-1 Released: Fri Sep 27 19:54:13 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) - Fix wrong numbers used in CommitSummary skipped/failed messages. The following package changes have been done: - curl-8.0.1-150400.5.53.2 updated - libcurl4-8.0.1-150400.5.53.2 updated - libzypp-17.35.11-150400.3.90.1 updated - zypper-1.14.77-150400.3.62.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:16:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:16:44 +0200 (CEST) Subject: SUSE-CU-2024:4645-1: Recommended update of bci/nodejs Message-ID: <20240929071644.F265BFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4645-1 Container Tags : bci/node:18 , bci/node:18-34.2 , bci/node:18.20.4 , bci/nodejs:18 , bci/nodejs:18-34.2 , bci/nodejs:18.20.4 Container Release : 34.2 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.0.1-150400.5.53.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:19:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:19:15 +0200 (CEST) Subject: SUSE-CU-2024:4647-1: Recommended update of bci/openjdk Message-ID: <20240929071915.3212EFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4647-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-31.2 Container Release : 31.2 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.0.1-150400.5.53.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:21:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:21:29 +0200 (CEST) Subject: SUSE-CU-2024:4649-1: Recommended update of bci/openjdk Message-ID: <20240929072129.E79C1FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4649-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-33.2 Container Release : 33.2 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.0.1-150400.5.53.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:22:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:22:24 +0200 (CEST) Subject: SUSE-CU-2024:4651-1: Recommended update of suse/sle15 Message-ID: <20240929072224.08C53FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4651-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.27 , suse/sle15:15.5 , suse/sle15:15.5.36.14.27 Container Release : 36.14.27 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.0.1-150400.5.53.2 updated - libcurl4-8.0.1-150400.5.53.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:22:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:22:39 +0200 (CEST) Subject: SUSE-CU-2024:4652-1: Security update of suse/389-ds Message-ID: <20240929072239.993EEFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4652-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-44.2 , suse/389-ds:latest Container Release : 44.2 Severity : important Type : security References : 1227233 1227378 1227999 1228780 1229596 1230227 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. The following package changes have been done: - python3-base-3.6.15-150300.10.72.1 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - python3-3.6.15-150300.10.72.1 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:23:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:23:18 +0200 (CEST) Subject: SUSE-CU-2024:4655-1: Security update of bci/bci-base-fips Message-ID: <20240929072318.3934AFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4655-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.13.2 , bci/bci-base-fips:latest Container Release : 13.2 Severity : important Type : security References : 1227233 1227378 1227999 1228780 1229596 1230227 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. The following package changes have been done: - python3-base-3.6.15-150300.10.72.1 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:24:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:24:33 +0200 (CEST) Subject: SUSE-CU-2024:4660-1: Recommended update of suse/git Message-ID: <20240929072433.9F413FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4660-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43-27.3 , suse/git:2.43.0 , suse/git:latest Container Release : 27.3 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - libcurl4-8.6.0-150600.4.9.2 updated - container:bci-bci-micro-15.6-55b7c238b0779b03b519ae690c0a09e32afccf1fb94334e5ddbe650d910aaa49-0 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:24:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:24:45 +0200 (CEST) Subject: SUSE-CU-2024:4661-1: Recommended update of bci/golang Message-ID: <20240929072445.84B2DFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4661-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-2.39.2 , bci/golang:1.22.7 , bci/golang:oldstable , bci/golang:oldstable-2.39.2 Container Release : 39.2 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.6.0-150600.4.9.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:24:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:24:59 +0200 (CEST) Subject: SUSE-CU-2024:4662-1: Recommended update of bci/golang Message-ID: <20240929072459.89177FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4662-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-45.2 , bci/golang:1.20.12.1 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-45.2 Container Release : 45.2 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.6.0-150600.4.9.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:25:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:25:09 +0200 (CEST) Subject: SUSE-CU-2024:4663-1: Recommended update of bci/golang Message-ID: <20240929072509.1DCFAFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4663-1 Container Tags : bci/golang:1.23 , bci/golang:1.23-1.39.2 , bci/golang:1.23.1 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.39.2 Container Release : 39.2 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.6.0-150600.4.9.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:25:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:25:22 +0200 (CEST) Subject: SUSE-CU-2024:4664-1: Recommended update of bci/golang Message-ID: <20240929072522.DBD9FFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4664-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-45.2 , bci/golang:1.21.5.1 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-45.2 Container Release : 45.2 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.6.0-150600.4.9.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:25:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:25:35 +0200 (CEST) Subject: SUSE-CU-2024:4666-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240929072535.CD321FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4666-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.41 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.41 Severity : moderate Type : recommended References : 1226413 1230070 1230516 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3466-1 Released: Fri Sep 27 08:18:07 2024 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1230070 This update for perl-Bootloader fixes the following issues: - Handle missing grub_installdevice on PowerPC (bsc#1230070) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3480-1 Released: Fri Sep 27 15:35:46 2024 Summary: Recommended update for mdadm Type: recommended Severity: moderate References: 1226413 This update for mdadm fixes the following issues: - Detail: remove duplicated code (bsc#1226413). - mdadm: Fix native --detail --export (bsc#1226413). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) The following package changes have been done: - curl-8.6.0-150600.4.9.2 updated - libcurl4-8.6.0-150600.4.9.2 updated - logrotate-3.18.1-150400.3.10.1 updated - mdadm-4.3-150600.3.6.2 updated - perl-Bootloader-1.8.2-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:25:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:25:47 +0200 (CEST) Subject: SUSE-CU-2024:4667-1: Security update of bci/kiwi Message-ID: <20240929072547.3404FFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4667-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-7.3 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:latest Container Release : 7.3 Severity : important Type : security References : 1226413 1227233 1227378 1227999 1228780 1229596 1230227 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3480-1 Released: Fri Sep 27 15:35:46 2024 Summary: Recommended update for mdadm Type: recommended Severity: moderate References: 1226413 This update for mdadm fixes the following issues: - Detail: remove duplicated code (bsc#1226413). - mdadm: Fix native --detail --export (bsc#1226413). The following package changes have been done: - mdadm-4.3-150600.3.6.2 updated - python3-base-3.6.15-150300.10.72.1 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - python3-3.6.15-150300.10.72.1 updated - python3-devel-3.6.15-150300.10.72.1 updated From sle-container-updates at lists.suse.com Sun Sep 29 07:25:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 09:25:48 +0200 (CEST) Subject: SUSE-CU-2024:4668-1: Recommended update of bci/kiwi Message-ID: <20240929072548.380E8FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4668-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-7.4 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:latest Container Release : 7.4 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - libcurl4-8.6.0-150600.4.9.2 updated - curl-8.6.0-150600.4.9.2 updated - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:02:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:02:36 +0200 (CEST) Subject: SUSE-CU-2024:4669-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240929090236.7291AFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4669-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.59 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.59 Severity : important Type : security References : 1227233 1227378 1227999 1228780 1229596 1230227 1230516 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - libcurl4-8.0.1-150400.5.53.2 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - python3-base-3.6.15-150300.10.72.1 updated - container:suse-sle15-15.5-fb7ad4d718937947003b51413c0825e6affb5ed11784f7510b1082d92d754e88-0 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:08:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:08:37 +0200 (CEST) Subject: SUSE-CU-2024:4668-1: Recommended update of bci/kiwi Message-ID: <20240929090837.CC220FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4668-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-7.4 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:latest Container Release : 7.4 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - libcurl4-8.6.0-150600.4.9.2 updated - curl-8.6.0-150600.4.9.2 updated - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:08:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:08:48 +0200 (CEST) Subject: SUSE-CU-2024:4677-1: Recommended update of bci/nodejs Message-ID: <20240929090848.029A2FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4677-1 Container Tags : bci/node:20 , bci/node:20-41.2 , bci/node:20.15.1 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-41.2 , bci/nodejs:20.15.1 , bci/nodejs:latest Container Release : 41.2 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.6.0-150600.4.9.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:09:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:09:18 +0200 (CEST) Subject: SUSE-CU-2024:4679-1: Recommended update of bci/openjdk Message-ID: <20240929090918.B7176FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4679-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-25.2 , bci/openjdk:latest Container Release : 25.2 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.6.0-150600.4.9.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:09:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:09:29 +0200 (CEST) Subject: SUSE-CU-2024:4681-1: Recommended update of bci/php-apache Message-ID: <20240929090929.9144AFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4681-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-41.4 , bci/php-apache:8.2.20 , bci/php-apache:latest Container Release : 41.4 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) The following package changes have been done: - libcurl4-8.6.0-150600.4.9.2 updated - logrotate-3.18.1-150400.3.10.1 updated - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:09:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:09:40 +0200 (CEST) Subject: SUSE-CU-2024:4682-1: Recommended update of bci/python Message-ID: <20240929090940.53B40FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4682-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11-53.2 , bci/python:3.11.10 Container Release : 53.2 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.6.0-150600.4.9.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:09:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:09:54 +0200 (CEST) Subject: SUSE-CU-2024:4684-1: Recommended update of bci/python Message-ID: <20240929090954.5CDEFFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4684-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12-53.2 , bci/python:3.12.6 , bci/python:latest Container Release : 53.2 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.6.0-150600.4.9.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:10:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:10:05 +0200 (CEST) Subject: SUSE-CU-2024:4686-1: Security update of bci/python Message-ID: <20240929091005.65727FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4686-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-52.2 , bci/python:3.6.15 Container Release : 52.2 Severity : important Type : security References : 1227233 1227378 1227999 1228780 1229596 1230227 1230516 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.6.0-150600.4.9.2 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - python3-base-3.6.15-150300.10.72.1 updated - python3-3.6.15-150300.10.72.1 updated - python3-devel-3.6.15-150300.10.72.1 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:10:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:10:22 +0200 (CEST) Subject: SUSE-CU-2024:4688-1: Security update of suse/rmt-mariadb Message-ID: <20240929091022.96508FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4688-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-49.2 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-49.2 , suse/rmt-mariadb:latest Container Release : 49.2 Severity : important Type : security References : 1227233 1227378 1227999 1228780 1229596 1230227 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - python3-base-3.6.15-150300.10.72.1 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:10:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:10:33 +0200 (CEST) Subject: SUSE-CU-2024:4690-1: Recommended update of bci/ruby Message-ID: <20240929091033.06BECFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4690-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-26.2 , bci/ruby:latest Container Release : 26.2 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.6.0-150600.4.9.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:10:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:10:42 +0200 (CEST) Subject: SUSE-CU-2024:4692-1: Recommended update of bci/rust Message-ID: <20240929091042.62C82FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4692-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-2.4.3 , bci/rust:1.80.1 , bci/rust:oldstable , bci/rust:oldstable-2.4.3 Container Release : 4.3 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - libcurl4-8.6.0-150600.4.9.2 updated - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:10:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:10:50 +0200 (CEST) Subject: SUSE-CU-2024:4693-1: Recommended update of bci/rust Message-ID: <20240929091050.EBBDFFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4693-1 Container Tags : bci/rust:1.81 , bci/rust:1.81-1.4.3 , bci/rust:1.81.0 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.3 Container Release : 4.3 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - libcurl4-8.6.0-150600.4.9.2 updated - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:11:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:11:00 +0200 (CEST) Subject: SUSE-CU-2024:4694-1: Recommended update of containers/apache-tomcat Message-ID: <20240929091100.961C3FCBE@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4694-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1-openjdk21-51.5 , containers/apache-tomcat:10.1.25-openjdk21 Container Release : 51.5 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - libcurl4-8.6.0-150600.4.9.2 updated - curl-8.6.0-150600.4.9.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:11:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:11:17 +0200 (CEST) Subject: SUSE-CU-2024:4695-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240929091117.99A5AFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4695-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.26.2 , bci/bci-sle15-kernel-module-devel:latest Container Release : 26.2 Severity : important Type : security References : 1227233 1227378 1227999 1228780 1229596 1230227 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. The following package changes have been done: - python3-base-3.6.15-150300.10.72.1 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:11:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:11:30 +0200 (CEST) Subject: SUSE-CU-2024:4697-1: Recommended update of suse/sle15 Message-ID: <20240929091130.32628FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4697-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.18 , suse/sle15:15.6 , suse/sle15:15.6.47.11.18 Container Release : 47.11.18 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - curl-8.6.0-150600.4.9.2 updated - libcurl4-8.6.0-150600.4.9.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:11:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:11:40 +0200 (CEST) Subject: SUSE-CU-2024:4698-1: Security update of bci/spack Message-ID: <20240929091140.BAE8AFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4698-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-11.2 , bci/spack:0.21.2 , bci/spack:latest Container Release : 11.2 Severity : important Type : security References : 1227233 1227378 1227999 1228780 1229596 1230227 1230516 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - python3-base-3.6.15-150300.10.72.1 updated - libcurl-devel-8.6.0-150600.4.9.2 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:12:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:12:29 +0200 (CEST) Subject: SUSE-CU-2024:4700-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240929091229.3882DFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4700-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.40 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.40 Severity : important Type : security References : 1227233 1227378 1227999 1228780 1229596 1230227 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) The following package changes have been done: - python3-base-3.6.15-150300.10.72.1 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - python3-3.6.15-150300.10.72.1 updated - logrotate-3.18.1-150400.3.10.1 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:12:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:12:29 +0200 (CEST) Subject: SUSE-CU-2024:4701-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240929091229.E1151FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4701-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.41 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.41 Severity : moderate Type : recommended References : 1228647 1230267 1230516 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3485-1 Released: Fri Sep 27 19:54:13 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) - Fix wrong numbers used in CommitSummary skipped/failed messages. The following package changes have been done: - libcurl4-8.0.1-150400.5.53.2 updated - libzypp-17.35.11-150400.3.90.1 updated - zypper-1.14.77-150400.3.62.2 updated - curl-8.0.1-150400.5.53.2 updated - container:sles15-ltss-image-15.0.0-5.23 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:12:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:12:58 +0200 (CEST) Subject: SUSE-CU-2024:4702-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240929091258.35395FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4702-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.42 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.42 Severity : important Type : security References : 1148184 1199282 1227233 1227378 1227999 1228780 1229596 1230227 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3472-1 Released: Fri Sep 27 14:51:53 2024 Summary: Recommended update for libsodium Type: recommended Severity: important References: 1148184,1199282 This update for libsodium fixes the following issues: libsodium: - Version update from 1.0.16 to 1.0.18 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Emscripten: print and printErr functions are overridden to send errors to the console, if there is one * Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated * Libsodium version detection has been fixed in the CMake recipe * Generic hashing got a 10% speedup on AVX2. * New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh) * New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random() * crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication * Support for the Ristretto group has been implemented for interoperability with wasm-crypto * Improvements have been made to the test suite * Portability improvements have been made * 'randombytes_salsa20' has been 'renamed to randombytes_internal' * Support for NativeClient has been removed * Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL. * The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds * For the full list of changes please consult the packaged ChangeLog - Disable LTO to bypass build failures on Power PC architecture (bsc#1148184) The following package changes have been done: - libsodium23-1.0.18-150000.4.8.1 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - python3-base-3.6.15-150300.10.72.1 updated - python3-3.6.15-150300.10.72.1 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:12:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:12:58 +0200 (CEST) Subject: SUSE-CU-2024:4703-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240929091258.E1456FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4703-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.43 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.43 Severity : moderate Type : recommended References : 1228647 1230267 1230516 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3485-1 Released: Fri Sep 27 19:54:13 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) - Fix wrong numbers used in CommitSummary skipped/failed messages. The following package changes have been done: - libcurl4-8.0.1-150400.5.53.2 updated - libzypp-17.35.11-150400.3.90.1 updated - zypper-1.14.77-150400.3.62.2 updated - curl-8.0.1-150400.5.53.2 updated - container:sles15-ltss-image-15.0.0-5.23 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:54:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:54:38 +0200 (CEST) Subject: SUSE-CU-2024:4703-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240929095438.11278FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4703-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.43 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.43 Severity : moderate Type : recommended References : 1228647 1230267 1230516 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3485-1 Released: Fri Sep 27 19:54:13 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) - Fix wrong numbers used in CommitSummary skipped/failed messages. The following package changes have been done: - libcurl4-8.0.1-150400.5.53.2 updated - libzypp-17.35.11-150400.3.90.1 updated - zypper-1.14.77-150400.3.62.2 updated - curl-8.0.1-150400.5.53.2 updated - container:sles15-ltss-image-15.0.0-5.23 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:57:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:57:33 +0200 (CEST) Subject: SUSE-CU-2024:4707-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240929095733.B018BFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4707-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.30 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.30 Severity : important Type : security References : 1227233 1227378 1227999 1228780 1229596 1230227 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - python3-base-3.6.15-150300.10.72.1 updated From sle-container-updates at lists.suse.com Sun Sep 29 10:01:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 12:01:09 +0200 (CEST) Subject: SUSE-CU-2024:4709-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240929100109.F2B9FFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4709-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.32 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.32 Severity : important Type : security References : 1227233 1227378 1227999 1228780 1229596 1230227 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - python3-base-3.6.15-150300.10.72.1 updated From sle-container-updates at lists.suse.com Mon Sep 30 07:07:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 30 Sep 2024 09:07:23 +0200 (CEST) Subject: SUSE-CU-2024:4717-1: Recommended update of bci/php-fpm Message-ID: <20240930070723.AF0CDF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4717-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-41.3 , bci/php-fpm:8.2.20 , bci/php-fpm:latest Container Release : 41.3 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - libcurl4-8.6.0-150600.4.9.2 updated - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 updated From sle-container-updates at lists.suse.com Mon Sep 30 07:07:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 30 Sep 2024 09:07:33 +0200 (CEST) Subject: SUSE-CU-2024:4718-1: Recommended update of bci/php Message-ID: <20240930070733.1DB02F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4718-1 Container Tags : bci/php:8 , bci/php:8-41.3 , bci/php:8.2.20 , bci/php:latest Container Release : 41.3 Severity : moderate Type : recommended References : 1230516 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). The following package changes have been done: - libcurl4-8.6.0-150600.4.9.2 updated - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 updated From sle-container-updates at lists.suse.com Sun Sep 29 09:07:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 29 Sep 2024 11:07:54 +0200 (CEST) Subject: SUSE-CU-2024:4673-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240929090754.CE57CFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4673-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.25.4 Container Release : 25.4 Severity : important Type : security References : 1193629 1194111 1194765 1194869 1196261 1196516 1196894 1198017 1203329 1203330 1203360 1205462 1206006 1206258 1206843 1207158 1208783 1210644 1213580 1213632 1214285 1216834 1220428 1220877 1220962 1221269 1221326 1221630 1221645 1222335 1222350 1222372 1222387 1222634 1222808 1222967 1223074 1223191 1223508 1223720 1223742 1223777 1223803 1223807 1224105 1224415 1224496 1224510 1224542 1224578 1224639 1225162 1225352 1225428 1225524 1225578 1225582 1225773 1225814 1225827 1225832 1225903 1226168 1226530 1226613 1226742 1226765 1226798 1226801 1226874 1226885 1227079 1227233 1227378 1227623 1227761 1227830 1227863 1227867 1227929 1227937 1227958 1227999 1228020 1228065 1228114 1228410 1228426 1228427 1228429 1228446 1228447 1228449 1228450 1228452 1228456 1228463 1228466 1228467 1228469 1228480 1228481 1228482 1228483 1228484 1228485 1228487 1228489 1228491 1228493 1228494 1228495 1228496 1228501 1228503 1228509 1228513 1228515 1228516 1228526 1228531 1228563 1228564 1228567 1228576 1228579 1228584 1228588 1228590 1228615 1228616 1228635 1228636 1228654 1228656 1228658 1228660 1228662 1228667 1228673 1228677 1228687 1228706 1228708 1228710 1228718 1228720 1228721 1228722 1228724 1228726 1228727 1228733 1228748 1228766 1228779 1228780 1228801 1228850 1228857 1228959 1228964 1228966 1228967 1228979 1228988 1228989 1228991 1228992 1229042 1229054 1229086 1229136 1229154 1229187 1229188 1229190 1229287 1229290 1229292 1229296 1229297 1229301 1229303 1229304 1229305 1229307 1229309 1229312 1229314 1229315 1229317 1229318 1229319 1229327 1229341 1229345 1229346 1229347 1229349 1229350 1229351 1229354 1229356 1229357 1229358 1229359 1229360 1229366 1229370 1229373 1229374 1229381 1229382 1229383 1229386 1229388 1229391 1229392 1229395 1229398 1229399 1229400 1229407 1229409 1229410 1229411 1229413 1229414 1229417 1229418 1229444 1229453 1229454 1229481 1229482 1229488 1229489 1229490 1229493 1229495 1229497 1229500 1229503 1229506 1229507 1229508 1229509 1229510 1229512 1229516 1229521 1229522 1229523 1229524 1229525 1229526 1229527 1229528 1229529 1229531 1229533 1229535 1229536 1229537 1229540 1229544 1229545 1229546 1229547 1229548 1229554 1229557 1229558 1229559 1229560 1229562 1229564 1229565 1229566 1229568 1229569 1229572 1229573 1229576 1229581 1229588 1229596 1229598 1229603 1229604 1229605 1229608 1229611 1229612 1229613 1229614 1229615 1229616 1229617 1229620 1229622 1229623 1229624 1229625 1229626 1229628 1229629 1229630 1229631 1229632 1229635 1229636 1229637 1229638 1229639 1229641 1229642 1229643 1229645 1229657 1229658 1229662 1229664 1229707 1229739 1229743 1229746 1229754 1229755 1229756 1229759 1229761 1229767 1229768 1229781 1229784 1229787 1229788 1229789 1229792 1229820 1230227 1230413 CVE-2021-4204 CVE-2021-4441 CVE-2021-47106 CVE-2021-47517 CVE-2021-47546 CVE-2022-0500 CVE-2022-23222 CVE-2022-38457 CVE-2022-40133 CVE-2022-4382 CVE-2022-48645 CVE-2022-48706 CVE-2022-48808 CVE-2022-48865 CVE-2022-48868 CVE-2022-48869 CVE-2022-48870 CVE-2022-48871 CVE-2022-48872 CVE-2022-48873 CVE-2022-48875 CVE-2022-48878 CVE-2022-48880 CVE-2022-48881 CVE-2022-48882 CVE-2022-48883 CVE-2022-48884 CVE-2022-48885 CVE-2022-48886 CVE-2022-48887 CVE-2022-48888 CVE-2022-48889 CVE-2022-48890 CVE-2022-48891 CVE-2022-48893 CVE-2022-48896 CVE-2022-48898 CVE-2022-48899 CVE-2022-48903 CVE-2022-48904 CVE-2022-48905 CVE-2022-48906 CVE-2022-48907 CVE-2022-48909 CVE-2022-48910 CVE-2022-48912 CVE-2022-48913 CVE-2022-48914 CVE-2022-48915 CVE-2022-48916 CVE-2022-48917 CVE-2022-48918 CVE-2022-48919 CVE-2022-48920 CVE-2022-48921 CVE-2022-48923 CVE-2022-48924 CVE-2022-48925 CVE-2022-48926 CVE-2022-48927 CVE-2022-48928 CVE-2022-48929 CVE-2022-48930 CVE-2022-48931 CVE-2022-48932 CVE-2022-48934 CVE-2022-48937 CVE-2022-48938 CVE-2022-48939 CVE-2022-48940 CVE-2022-48941 CVE-2022-48942 CVE-2022-48943 CVE-2023-3610 CVE-2023-52458 CVE-2023-52489 CVE-2023-52498 CVE-2023-52581 CVE-2023-52859 CVE-2023-52887 CVE-2023-52889 CVE-2023-52893 CVE-2023-52894 CVE-2023-52896 CVE-2023-52898 CVE-2023-52899 CVE-2023-52900 CVE-2023-52901 CVE-2023-52904 CVE-2023-52905 CVE-2023-52906 CVE-2023-52907 CVE-2023-52908 CVE-2023-52909 CVE-2023-52910 CVE-2023-52911 CVE-2023-52912 CVE-2023-52913 CVE-2024-26631 CVE-2024-26668 CVE-2024-26669 CVE-2024-26677 CVE-2024-26735 CVE-2024-26808 CVE-2024-26812 CVE-2024-26835 CVE-2024-26851 CVE-2024-27010 CVE-2024-27011 CVE-2024-27016 CVE-2024-27024 CVE-2024-27079 CVE-2024-27403 CVE-2024-31076 CVE-2024-35897 CVE-2024-35902 CVE-2024-35945 CVE-2024-35971 CVE-2024-36009 CVE-2024-36013 CVE-2024-36270 CVE-2024-36286 CVE-2024-36489 CVE-2024-36929 CVE-2024-36933 CVE-2024-36936 CVE-2024-36962 CVE-2024-38554 CVE-2024-38602 CVE-2024-38662 CVE-2024-39489 CVE-2024-40905 CVE-2024-40978 CVE-2024-40980 CVE-2024-40995 CVE-2024-41000 CVE-2024-41007 CVE-2024-41009 CVE-2024-41011 CVE-2024-41016 CVE-2024-41020 CVE-2024-41022 CVE-2024-41035 CVE-2024-41036 CVE-2024-41038 CVE-2024-41039 CVE-2024-41042 CVE-2024-41045 CVE-2024-41056 CVE-2024-41060 CVE-2024-41062 CVE-2024-41065 CVE-2024-41068 CVE-2024-41073 CVE-2024-41079 CVE-2024-41080 CVE-2024-41087 CVE-2024-41088 CVE-2024-41089 CVE-2024-41092 CVE-2024-41093 CVE-2024-41095 CVE-2024-41097 CVE-2024-41098 CVE-2024-42069 CVE-2024-42074 CVE-2024-42076 CVE-2024-42077 CVE-2024-42080 CVE-2024-42082 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087 CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42095 CVE-2024-42097 CVE-2024-42098 CVE-2024-42101 CVE-2024-42104 CVE-2024-42106 CVE-2024-42107 CVE-2024-42110 CVE-2024-42114 CVE-2024-42115 CVE-2024-42119 CVE-2024-42120 CVE-2024-42121 CVE-2024-42126 CVE-2024-42127 CVE-2024-42130 CVE-2024-42137 CVE-2024-42139 CVE-2024-42142 CVE-2024-42143 CVE-2024-42148 CVE-2024-42152 CVE-2024-42155 CVE-2024-42156 CVE-2024-42157 CVE-2024-42158 CVE-2024-42162 CVE-2024-42223 CVE-2024-42225 CVE-2024-42228 CVE-2024-42229 CVE-2024-42230 CVE-2024-42232 CVE-2024-42236 CVE-2024-42237 CVE-2024-42238 CVE-2024-42239 CVE-2024-42240 CVE-2024-42244 CVE-2024-42246 CVE-2024-42247 CVE-2024-42268 CVE-2024-42271 CVE-2024-42274 CVE-2024-42276 CVE-2024-42277 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42291 CVE-2024-42292 CVE-2024-42295 CVE-2024-42301 CVE-2024-42302 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-42315 CVE-2024-42318 CVE-2024-42319 CVE-2024-42320 CVE-2024-42322 CVE-2024-43816 CVE-2024-43818 CVE-2024-43819 CVE-2024-43821 CVE-2024-43823 CVE-2024-43829 CVE-2024-43830 CVE-2024-43831 CVE-2024-43834 CVE-2024-43837 CVE-2024-43839 CVE-2024-43841 CVE-2024-43842 CVE-2024-43846 CVE-2024-43849 CVE-2024-43853 CVE-2024-43854 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43863 CVE-2024-43866 CVE-2024-43867 CVE-2024-43871 CVE-2024-43872 CVE-2024-43873 CVE-2024-43879 CVE-2024-43880 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43889 CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43895 CVE-2024-43899 CVE-2024-43900 CVE-2024-43902 CVE-2024-43903 CVE-2024-43904 CVE-2024-43905 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909 CVE-2024-44938 CVE-2024-44939 CVE-2024-44947 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3483-1 Released: Fri Sep 27 17:11:54 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1193629,1194111,1194765,1194869,1196261,1196516,1196894,1198017,1203329,1203330,1203360,1205462,1206006,1206258,1206843,1207158,1208783,1210644,1213580,1213632,1214285,1216834,1220428,1220877,1220962,1221269,1221326,1221630,1221645,1222335,1222350,1222372,1222387,1222634,1222808,1222967,1223074,1223191,1223508,1223720,1223742,1223777,1223803,1223807,1224105,1224415,1224496,1224510,1224542,1224578,1224639,1225162,1225352,1225428,1225524,1225578,1225582,1225773,1225814,1225827,1225832,1225903,1226168,1226530,1226613,1226742,1226765,1226798,1226801,1226874,1226885,1227079,1227623,1227761,1227830,1227863,1227867,1227929,1227937,1227958,1228020,1228065,1228114,1228410,1228426,1228427,1228429,1228446,1228447,1228449,1228450,1228452,1228456,1228463,1228466,1228467,1228469,1228480,1228481,1228482,1228483,1228484,1228485,1228487,1228489,1228491,1228493,1228494,1228495,1228496,1228501,1228503,1228509,1228513,1228515,1228516,1228526,1228531,1228563,1228564,1228567,1228576,1228579,1 228584,1228588,1228590,1228615,1228616,1228635,1228636,1228654,1228656,1228658,1228660,1228662,1228667,1228673,1228677,1228687,1228706,1228708,1228710,1228718,1228720,1228721,1228722,1228724,1228726,1228727,1228733,1228748,1228766,1228779,1228801,1228850,1228857,1228959,1228964,1228966,1228967,1228979,1228988,1228989,1228991,1228992,1229042,1229054,1229086,1229136,1229154,1229187,1229188,1229190,1229287,1229290,1229292,1229296,1229297,1229301,1229303,1229304,1229305,1229307,1229309,1229312,1229314,1229315,1229317,1229318,1229319,1229327,1229341,1229345,1229346,1229347,1229349,1229350,1229351,1229354,1229356,1229357,1229358,1229359,1229360,1229366,1229370,1229373,1229374,1229381,1229382,1229383,1229386,1229388,1229391,1229392,1229395,1229398,1229399,1229400,1229407,1229409,1229410,1229411,1229413,1229414,1229417,1229418,1229444,1229453,1229454,1229481,1229482,1229488,1229489,1229490,1229493,1229495,1229497,1229500,1229503,1229506,1229507,1229508,1229509,1229510,1229512,1229516,122952 1,1229522,1229523,1229524,1229525,1229526,1229527,1229528,1229529,1229531,1229533,1229535,1229536,1229537,1229540,1229544,1229545,1229546,1229547,1229548,1229554,1229557,1229558,1229559,1229560,1229562,1229564,1229565,1229566,1229568,1229569,1229572,1229573,1229576,1229581,1229588,1229598,1229603,1229604,1229605,1229608,1229611,1229612,1229613,1229614,1229615,1229616,1229617,1229620,1229622,1229623,1229624,1229625,1229626,1229628,1229629,1229630,1229631,1229632,1229635,1229636,1229637,1229638,1229639,1229641,1229642,1229643,1229645,1229657,1229658,1229662,1229664,1229707,1229739,1229743,1229746,1229754,1229755,1229756,1229759,1229761,1229767,1229768,1229781,1229784,1229787,1229788,1229789,1229792,1229820,1230413,CVE-2021-4204,CVE-2021-4441,CVE-2021-47106,CVE-2021-47517,CVE-2021-47546,CVE-2022-0500,CVE-2022-23222,CVE-2022-38457,CVE-2022-40133,CVE-2022-4382,CVE-2022-48645,CVE-2022-48706,CVE-2022-48808,CVE-2022-48865,CVE-2022-48868,CVE-2022-48869,CVE-2022-48870,CVE-2022-48871,CVE-2022- 48872,CVE-2022-48873,CVE-2022-48875,CVE-2022-48878,CVE-2022-48880,CVE-2022-48881,CVE-2022-48882,CVE-2022-48883,CVE-2022-48884,CVE-2022-48885,CVE-2022-48886,CVE-2022-48887,CVE-2022-48888,CVE-2022-48889,CVE-2022-48890,CVE-2022-48891,CVE-2022-48893,CVE-2022-48896,CVE-2022-48898,CVE-2022-48899,CVE-2022-48903,CVE-2022-48904,CVE-2022-48905,CVE-2022-48906,CVE-2022-48907,CVE-2022-48909,CVE-2022-48910,CVE-2022-48912,CVE-2022-48913,CVE-2022-48914,CVE-2022-48915,CVE-2022-48916,CVE-2022-48917,CVE-2022-48918,CVE-2022-48919,CVE-2022-48920,CVE-2022-48921,CVE-2022-48923,CVE-2022-48924,CVE-2022-48925,CVE-2022-48926,CVE-2022-48927,CVE-2022-48928,CVE-2022-48929,CVE-2022-48930,CVE-2022-48931,CVE-2022-48932,CVE-2022-48934,CVE-2022-48937,CVE-2022-48938,CVE-2022-48939,CVE-2022-48940,CVE-2022-48941,CVE-2022-48942,CVE-2022-48943,CVE-2023-3610,CVE-2023-52458,CVE-2023-52489,CVE-2023-52498,CVE-2023-52581,CVE-2023-52859,CVE-2023-52887,CVE-2023-52889,CVE-2023-52893,CVE-2023-52894,CVE-2023-52896,CVE-2023-52898,CV E-2023-52899,CVE-2023-52900,CVE-2023-52901,CVE-2023-52904,CVE-2023-52905,CVE-2023-52906,CVE-2023-52907,CVE-2023-52908,CVE-2023-52909,CVE-2023-52910,CVE-2023-52911,CVE-2023-52912,CVE-2023-52913,CVE-2024-26631,CVE-2024-26668,CVE-2024-26669,CVE-2024-26677,CVE-2024-26735,CVE-2024-26808,CVE-2024-26812,CVE-2024-26835,CVE-2024-26851,CVE-2024-27010,CVE-2024-27011,CVE-2024-27016,CVE-2024-27024,CVE-2024-27079,CVE-2024-27403,CVE-2024-31076,CVE-2024-35897,CVE-2024-35902,CVE-2024-35945,CVE-2024-35971,CVE-2024-36009,CVE-2024-36013,CVE-2024-36270,CVE-2024-36286,CVE-2024-36489,CVE-2024-36929,CVE-2024-36933,CVE-2024-36936,CVE-2024-36962,CVE-2024-38554,CVE-2024-38602,CVE-2024-38662,CVE-2024-39489,CVE-2024-40905,CVE-2024-40978,CVE-2024-40980,CVE-2024-40995,CVE-2024-41000,CVE-2024-41007,CVE-2024-41009,CVE-2024-41011,CVE-2024-41016,CVE-2024-41020,CVE-2024-41022,CVE-2024-41035,CVE-2024-41036,CVE-2024-41038,CVE-2024-41039,CVE-2024-41042,CVE-2024-41045,CVE-2024-41056,CVE-2024-41060,CVE-2024-41062,CVE-2024- 41065,CVE-2024-41068,CVE-2024-41073,CVE-2024-41079,CVE-2024-41080,CVE-2024-41087,CVE-2024-41088,CVE-2024-41089,CVE-2024-41092,CVE-2024-41093,CVE-2024-41095,CVE-2024-41097,CVE-2024-41098,CVE-2024-42069,CVE-2024-42074,CVE-2024-42076,CVE-2024-42077,CVE-2024-42080,CVE-2024-42082,CVE-2024-42085,CVE-2024-42086,CVE-2024-42087,CVE-2024-42089,CVE-2024-42090,CVE-2024-42092,CVE-2024-42095,CVE-2024-42097,CVE-2024-42098,CVE-2024-42101,CVE-2024-42104,CVE-2024-42106,CVE-2024-42107,CVE-2024-42110,CVE-2024-42114,CVE-2024-42115,CVE-2024-42119,CVE-2024-42120,CVE-2024-42121,CVE-2024-42126,CVE-2024-42127,CVE-2024-42130,CVE-2024-42137,CVE-2024-42139,CVE-2024-42142,CVE-2024-42143,CVE-2024-42148,CVE-2024-42152,CVE-2024-42155,CVE-2024-42156,CVE-2024-42157,CVE-2024-42158,CVE-2024-42162,CVE-2024-42223,CVE-2024-42225,CVE-2024-42228,CVE-2024-42229,CVE-2024-42230,CVE-2024-42232,CVE-2024-42236,CVE-2024-42237,CVE-2024-42238,CVE-2024-42239,CVE-2024-42240,CVE-2024-42244,CVE-2024-42246,CVE-2024-42247,CVE-2024-42268,C VE-2024-42271,CVE-2024-42274,CVE-2024-42276,CVE-2024-42277,CVE-2024-42280,CVE-2024-42281,CVE-2024-42283,CVE-2024-42284,CVE-2024-42285,CVE-2024-42286,CVE-2024-42287,CVE-2024-42288,CVE-2024-42289,CVE-2024-42291,CVE-2024-42292,CVE-2024-42295,CVE-2024-42301,CVE-2024-42302,CVE-2024-42308,CVE-2024-42309,CVE-2024-42310,CVE-2024-42311,CVE-2024-42312,CVE-2024-42313,CVE-2024-42315,CVE-2024-42318,CVE-2024-42319,CVE-2024-42320,CVE-2024-42322,CVE-2024-43816,CVE-2024-43818,CVE-2024-43819,CVE-2024-43821,CVE-2024-43823,CVE-2024-43829,CVE-2024-43830,CVE-2024-43831,CVE-2024-43834,CVE-2024-43837,CVE-2024-43839,CVE-2024-43841,CVE-2024-43842,CVE-2024-43846,CVE-2024-43849,CVE-2024-43853,CVE-2024-43854,CVE-2024-43856,CVE-2024-43858,CVE-2024-43860,CVE-2024-43861,CVE-2024-43863,CVE-2024-43866,CVE-2024-43867,CVE-2024-43871,CVE-2024-43872,CVE-2024-43873,CVE-2024-43879,CVE-2024-43880,CVE-2024-43882,CVE-2024-43883,CVE-2024-43884,CVE-2024-43889,CVE-2024-43892,CVE-2024-43893,CVE-2024-43894,CVE-2024-43895,CVE-2024 -43899,CVE-2024-43900,CVE-2024-43902,CVE-2024-43903,CVE-2024-43904,CVE-2024-43905,CVE-2024-43907,CVE-2024-43908,CVE-2024-43909,CVE-2024-44938,CVE-2024-44939,CVE-2024-44947 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773). - CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524). - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798) - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326). - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759). - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756). - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792). - CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820). - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466). - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-43902: Add null checker before passing variables (bsc#1229767). - CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768) - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43884: Add error handling to pair_device() (bsc#1229739) - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658). - CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808). - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641) - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605) - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569). - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488) - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962) - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428). - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742). - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803). - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes). - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-27016: Validate pppoe header (bsc#1223807). - CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639). - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578). - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes). - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542) - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388) - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42308: Update DRM patch reference (bsc#1229411) - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2024-26669: Fix chain template offload (bsc#1222350). - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,). - CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508). - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350). - CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319). - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307). - CVE-2024-43841: Do not use strlen() in const context (bsc#1229304). - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469). - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065). - CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269). - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958). - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42139: Fix improper extts handling (bsc#1228503). - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667). - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613). - CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742). - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777). The following non-security bugs were fixed: - Indicate support for IRQ ResourceSource thru _OSC (git-fixes). - Indicate support for the Generic Event Device thru _OSC (git-fixes). - Rework system-level device notification handling (git-fixes). - Drop nocrt parameter (git-fixes). - x86: s2 Post-increment variables when getting constraints (git-fixes). - Do not cross .backup mountpoint from backup volume (git-fixes). - Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - line6: Fix racy access to midibuf (stable-fixes). - Relax start tick time check for slave timer elements (git-fixes). - Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - Re-add ScratchAmp quirk entries (git-fixes). - Support Yamaha P-125 quirk entry (stable-fixes). - Fix UBSAN warning in parse_audio_unit() (stable-fixes). - arm64: initialize all values of acpi_early_node_map to (git-fixes) - arm64: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes) - arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes) - arm64: Restore spec_bar() macro (git-fixes) - arm64: Add missing .field_width for GIC system registers (git-fixes) - arm64: Fix the visibility of compat hwcaps (git-fixes) - arm64: Force HWCAP to be based on the sysreg visible to (git-fixes) - arm64: Add Cortex-A720 definitions (git-fixes) - arm64: Add Cortex-A725 definitions (git-fixes) - arm64: Add Cortex-X1C definitions (git-fixes) - arm64: Add Cortex-X3 definitions (git-fixes) - arm64: Add Cortex-X4 definitions (git-fixes) - arm64: Add Cortex-X925 definitions (git-fixes) - arm64: Add Neoverse-V3 definitions (git-fixes) - arm64: Increase VOP clk rate on RK3328 (git-fixes) - arm64: Increase VOP clk rate on RK3328 (git-fixes) - arm64: Expand speculative SSBS workaround (again) (git-fixes) - arm64: Expand speculative SSBS workaround (git-fixes) - arm64: Unify speculative SSBS errata logic (git-fixes) Also update default configuration. - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: Fix KASAN random tag seed initialization (git-fixes) - wcd938 Correct Soundwire ports mask (git-fixes). - wsa881 Correct Soundwire ports mask (git-fixes). - fix irq scheduling issue with PREEMPT_RT (git-fixes). - Introduce async_schedule_dev_nocall() (bsc#1221269). - Split async_schedule_node_domain() (bsc#1221269). - Fix usage of __hci_cmd_sync_status (git-fixes). - hci_ Fix not handling hibernation actions (git-fixes). - l2 always unlock channel in l2cap_conless_channel() (git-fixes). - L2 Fix deadlock (git-fixes). - Fix a kernel verifier crash in stacksafe() (bsc#1225903). - remove unused declaring of bpf_kprobe_override (git-fixes). - fix leak of qgroup extent records after transaction abort (git-fixes). - make btrfs_destroy_delayed_refs() return void (git-fixes). - remove unnecessary prototype declarations at disk-io.c (git-fixes). - update fs features directory asynchronously (bsc#1226168). - propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418). - issue a cap release immediately if no cap exists (bsc#1225162). - periodically flush the cap releases (bsc#1225162). - Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - cpuidle, Evaluate LPI arch_flags for broadcast timer (git-fixes). - Fix register ID of SPSR_FIQ (git-fixes). - add missing MODULE_DESCRIPTION() macros (stable-fixes). - Add labels for both Valve Steam Deck revisions (stable-fixes). - Add quirk for Aya Neo KUN (stable-fixes). - Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes). - Add quirk for Nanote UMPC-01 (stable-fixes). - Add quirk for OrangePi Neo (stable-fixes). - drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes). - Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes). - avoid using null object of framebuffer (git-fixes). - Fix && vs || typos (git-fixes). - Skip Recompute DSC Params if no Stream on Link (stable-fixes). - Validate hw_points_num before using it (stable-fixes). - Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - Actually check flags for all context ops (stable-fixes). - Add lock around VF RLCG interface (stable-fixes). - fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - Fix the null pointer dereference to ras_manager (stable-fixes). - Validate TA binary size (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - Fix the null pointer dereference for smu7 (stable-fixes). - Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - Fix the param type of set_power_profile_mode (stable-fixes). - analogix_ properly handle zero sized AUX transactions (stable-fixes). - tc358768: Attempt to fix DSI horizontal timings (stable-fixes). - fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_ Skip CSN if topology probing is not done yet (stable-fixes). - set gp bus_stop bit before hard reset (stable-fixes). - reset the link phy params before link training (git-fixes). - cleanup FB if dpu_format_populate_layout fails (git-fixes). - do not play tricks with debug macros (git-fixes). - Zero-initialize iosys_map (stable-fixes). - fix inode->i_blocks for non-512 byte sector size device (git-fixes). - fix potential deadlock on __exfat_get_dentry_set (git-fixes). - redefine DIR_DELETED as the bad cluster number (git-fixes). - support dynamic allocate bh for exfat_entry_set_cache (git-fixes). - fs/netfs/fscache_ add missing 'n_accesses' check (bsc#1229453). - Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - Add might_sleep() to disable_irq() (git-fixes). - Always limit the affinity to online CPUs (git-fixes). - Do not return error on missing optional irq_request_resources() (git-fixes). - Take the proposed affinity at face value if force==true (git-fixes). - genirq/cpuhotplug, x86 Prevent vector leak during CPU offline (git-fixes). - genirq/generic_ Make irq_remove_generic_chip() irqdomain aware (git-fixes). - Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes). - Do not try to remove non-existing sysfs files (git-fixes). - Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - Shutdown managed interrupts with unsatifiable affinities (git-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - i2 Improve handling of stuck alerts (git-fixes). - i2 Send alert notifications to all devices if source not found (git-fixes). - Convert comma to semicolon (git-fixes). - ip6_ Fix broken GRO (bsc#1229444). - ipv6: fix incorrect unregister order (git-fixes). - Drop bogus fwspec-mapping error handling (git-fixes). - Fix association race (git-fixes). - Fix disassociation race (git-fixes). - Fix domain registration race (git-fixes). - Fix mapping-creation race (git-fixes). - Fixed unbalanced fwnode get and put (git-fixes). - Look for existing mapping only once (git-fixes). - Refactor __irq_domain_alloc_irqs() (git-fixes). - Report irq number for NOMAP domains (git-fixes). - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413). - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413). - kernel/irq/irqdomain. fix memory leak with using debugfs_lookup() (git-fixes). - Fix to check symbol prefixes correctly (git-fixes). - move from strlcpy with unused retval to strscpy (git-fixes). - protect concurrent access to mem_cgroup_idr (git-fixes). - mm, fix infinite recursion due to RCU critical section (git-fixes). - prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - dw_ allow biu and ciu clocks to defer (git-fixes). - mmc_ Fix NULL dereference on allocation failure (git-fixes). - ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes). - ks8851: Fix deadlock with the SPI chip variant (git-fixes). - ks8851: Fix potential TX stall after interface reopen (git-fixes). - ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes). - Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - remove two BUG() from skb_checksum_help() (bsc#1229312). - qmi_ fix memory leak for not ip packets (git-fixes). - fix possible cp null dereference (git-fixes). - initialize noop_qdisc owner (git-fixes). - pn533: Add poll mod list filling check (git-fixes). - expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - make the rpc_stat per net namespace (git-fixes). - add posix ACLs to struct nfsd_attrs (git-fixes). - add security label to struct nfsd_attrs (git-fixes). - fix regression with setting ACLs (git-fixes). - Fix strncpy() fortify warning (git-fixes). - Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes). - introduce struct nfsd_attrs (git-fixes). - move from strlcpy with unused retval to strscpy (git-fixes). - Optimize DRC bucket pruning (git-fixes). - return error if nfs4_setacl fails (git-fixes). - set attributes when creating symlinks (git-fixes). - use locks_inode_context helper (git-fixes). - nilfs2: Remove check for PageError (git-fixes). - nvme_ scan namespaces asynchronously (bsc#1224105). - ocfs2: use coarse time for new created files (git-fixes). - Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - platform/x86 Add support for ACPI based probing (jsc#PED-8779). - platform/x86 Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86 Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86 Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86 Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86 Create static func to handle platdev (jsc#PED-8779). - platform/x86 Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86 Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86 Move hsmp_test to probe (jsc#PED-8779). - platform/x86 Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86 Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86 Restructure sysfs group creation (jsc#PED-8779). - platform/x86 switch to use device_add_groups() (jsc#PED-8779). - axp288_ Fix constant_charge_voltage writes (git-fixes). - axp288_ Round constant_charge_voltage writes down (git-fixes). - Fail build if using recordmcount with binutils v2.37 (bsc#1194869). - Mark .opd section read-only (bsc#1194869). - use generic version of arch_is_kernel_initmem_freed() (bsc#1194869). - xor_ Add '-mhard-float' to CFLAGS (bsc#1194869). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec_ fix cpus node update to FDT (bsc#1194869). - make the update_cpus_node() function public (bsc#1194869). - split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - Whitelist dtl slub object for copying to userspace (bsc#1194869). - Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - RDMA/mana_ Use virtual address in dma regions for MRs (git-fixes). - Fix incomplete state save in rxe_requester (git-fixes) - Fix rxe_modify_srq (git-fixes) - Handle zero length rdma (git-fixes) - Move work queue code to subroutines (git-fixes) - s390 get rid of register asm (git-fixes bsc#1227079 bsc#1229187). - s390 Make use of invalid opcode produce a link error (git-fixes bsc#1227079). - s390 Split and rework cpacf query functions (git-fixes bsc#1229187). - s390 fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190). - s390 fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573). - s390 Prevent release of buffer in I/O (git-fixes bsc#1229572). - s390 Panic for set and remove shared access UVC errors (git-fixes bsc#1229188). - Fix scldiv calculation (git-fixes). - add a struct rpc_stats arg to rpc_create_args (git-fixes). - Fix a race to wake a sync task (git-fixes). - fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - fix compat_sys_io_pgetevents_time64 usage (git-fixes). - Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - add check for crypto_shash_tfm_digest (git-fixes). - dbg_orphan_ Fix missed key type checking (git-fixes). - Fix adding orphan entry twice for the same inode (git-fixes). - Fix unattached xattr inode if powercut happens after deleting (git-fixes). - fix potential memory leak in vfio_intx_enable() (git-fixes). - fix wgds rev 3 exact size (git-fixes). - duplicate static structs used in driver instances (git-fixes). - x86 drop the duplicate APM_MINOR_DEV macro (git-fixes). - x86 Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes). - x86 Fix pti_clone_entry_text() for i386 (git-fixes). - x86 Check if fixed MTRRs exist before saving them (git-fixes). - x86 Work around false positive kmemleak report in msr_build_context() (git-fixes). - Fix missing interval for missing_owner in xfs fsmap (git-fixes). - Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - Fix rpcrdma_reqs_reset() (git-fixes). The following package changes have been done: - kernel-macros-5.14.21-150500.55.80.2 updated - kernel-devel-5.14.21-150500.55.80.2 updated - python3-base-3.6.15-150300.10.72.1 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - kernel-default-devel-5.14.21-150500.55.80.2 updated - kernel-syms-5.14.21-150500.55.80.1 updated - container:bci-bci-base-15.5-fb7ad4d718937947003b51413c0825e6affb5ed11784f7510b1082d92d754e88-0 updated