SUSE-CU-2026:1222-1: Security update of suse/multi-linux-manager/5.1/x86_64/server-saline
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Feb 26 08:38:55 UTC 2026
SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-saline
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:1222-1
Container Tags : suse/multi-linux-manager/5.1/x86_64/server-saline:5.1.2 , suse/multi-linux-manager/5.1/x86_64/server-saline:5.1.2.9.13.1 , suse/multi-linux-manager/5.1/x86_64/server-saline:latest
Container Release : 9.13.1
Severity : critical
Type : security
References : 1029961 1029961 1047178 1078466 1082216 1082233 1084812 1084842
1087550 1089497 1094222 1096974 1096984 1102564 1103320 1103320
1105435 1106014 1107342 1107342 1110700 1113013 1114407 1114592
1115640 1115929 1118027 1119687 1123043 1124223 1125410 1126117
1126118 1126119 1126377 1130325 1130326 1131060 1131686 1134524
1135254 1141883 1141897 1142649 1142654 1144357 1146705 1148517
1149145 1149995 1150137 1152590 1152692 1154036 1154037 1154661
1154884 1154887 1155327 1156913 1157818 1158812 1158958 1158959
1158960 1159491 1159715 1159847 1159850 1160171 1160309 1160438
1160439 1162712 1164562 1164719 1166510 1166510 1166881 1167148
1167898 1168345 1169512 1171933 1172091 1172115 1172234 1172236
1172240 1172579 1172798 1172846 1172948 1173641 1173972 1174593
1174673 1174753 1174817 1175168 1175448 1175449 1175519 1175825
1176123 1177858 1177864 1178331 1178332 1178577 1178624 1178675
1178727 1178775 1179890 1180020 1180083 1180138 1180596 1180603
1180603 1181011 1181443 1181831 1181994 1182016 1182959 1183094
1184358 1185562 1187153 1187273 1187654 1188006 1188441 1188441
1188500 1188623 1189649 1189683 1189802 1189996 1190052 1190447
1190538 1190793 1190858 1191987 1192298 1192717 1192951 1193282
1193489 1193659 1194522 1194818 1195149 1195283 1195391 1195628
1195654 1195773 1195792 1195856 1196093 1196107 1196275 1196406
1196647 1196647 1196861 1197024 1197065 1197718 1197771 1197794
1198165 1198176 1198627 1198752 1199079 1199140 1199140 1199467
1199492 1199722 1199944 1200334 1200624 1200800 1200855 1201384
1201519 1201590 1201680 1201783 1202868 1202870 1203617 1204690
1204844 1205161 1206212 1206337 1206480 1206480 1206622 1206684
1206684 1207778 1207789 1209255 1209627 1210004 1210434 1210557
1210557 1210660 1210959 1210959 1210999 1211078 1211418 1211419
1211427 1211427 1211721 1211830 1211886 1212101 1212101 1212476
1213240 1213638 1213915 1213915 1214052 1214052 1214052 1214140
1214248 1214460 1214460 1214915 1214934 1215377 1215427 1215434
1215434 1215496 1216378 1216545 1216664 1216862 1217000 1217336
1217450 1217667 1218014 1218232 1218475 1218492 1218571 1218571
1218588 1218664 1218722 1219031 1219031 1219238 1219321 1219520
1220061 1220168 1220338 1220356 1220724 1220724 1221107 1221184
1221239 1221361 1221361 1221407 1221482 1221601 1221632 1222547
1222985 1223128 1223435 1223571 1223596 1223980 1224014 1224016
1224044 1224386 1225660 1226414 1226415 1226447 1226448 1227186
1227187 1227207 1227308 1227378 1227525 1227637 1227807 1227999
1228042 1228081 1228091 1228165 1228223 1228322 1228770 1228780
1228809 1229028 1229228 1229518 1229596 1229655 1229704 1229825
1230111 1230145 1230227 1230262 1230267 1230638 1230906 1230959
1230972 1231048 1231051 1231055 1231463 1231748 1231795 1231833
1232227 1232234 1232234 1232241 1232326 1232526 1232526 1232844
1233282 1233529 1233699 1233752 1234015 1234015 1234128 1234313
1234665 1234713 1234765 1234798 1234808 1234809 1235481 1236033
1236136 1236165 1236177 1236282 1236599 1236619 1236643 1236705
1236858 1236878 1236886 1236931 1237236 1237240 1237241 1237242
1237442 1237496 1238450 1238491 1238491 1238879 1239119 1239210
1239566 1239566 1239618 1239817 1239883 1239938 1239938 1240009
1240058 1240064 1240343 1240343 1240366 1240414 1240532 1240788
1240788 1240882 1240897 1241020 1241067 1241078 1241189 1241219
1241549 1241880 1242060 1242827 1242844 1242938 1243197 1243226
1243259 1243273 1243317 1243331 1243381 1243459 1243486 1243611
1243704 1243767 1243794 1243935 1243991 1243991 1244027 1244032
1244050 1244050 1244056 1244059 1244060 1244061 1244079 1244127
1244219 1244424 1244449 1244509 1244552 1244554 1244555 1244557
1244590 1244596 1244700 1244705 1245099 1245120 1245190 1245199
1245309 1245310 1245311 1245314 1245573 1245702 1245936 1245938
1245939 1245942 1245943 1245946 1246068 1246130 1246197 1246221
1246277 1246296 1246320 1246421 1246428 1246553 1246570 1246597
1246654 1246663 1246697 1246789 1246882 1246906 1246912 1246934
1246965 1246974 1247144 1247148 1247249 1247498 1247644 1247687
1247688 1247721 1247836 1247850 1247858 1247990 1248085 1248252
1248356 1248501 1248586 1248804 1248848 1249055 1249059 1249155
1249191 1249348 1249367 1249375 1249400 1249434 1249584 1250232
1250232 1250343 1250514 1250520 1250553 1250754 1250755 1250911
1250940 1250976 1250981 1251044 1251138 1251264 1251278 1251305
1251776 1251864 1251912 1251913 1251928 1252020 1252160 1252244
1252285 1252425 1252974 1253024 1253043 1253282 1253347 1253738
1253757 1253773 1253966 1254202 1254293 1254297 1254316 1254325
1254400 1254400 1254401 1254478 1254563 1254662 1254666 1254670
1254878 1254903 1254904 1254905 1254997 1255715 1255731 1255732
1255733 1255734 1255781 1256105 1256243 1256244 1256246 1256341
1256389 1256390 1256427 1256437 1256766 1256804 1256805 1256807
1256808 1256809 1256810 1256811 1256812 1256822 1256830 1256834
1256834 1256835 1256835 1256836 1256836 1256837 1256837 1256838
1256838 1256839 1256839 1256840 1256840 1256991 1257005 1257049
1257147 1257255 1257353 1257354 1257355 1257396 1257538 1257593
1257594 1257595 1257992 1258082 1258164 916845 928700 928701
953659 CVE-2013-4235 CVE-2013-4235 CVE-2015-3414 CVE-2015-3415
CVE-2016-9840 CVE-2017-6512 CVE-2018-1000654 CVE-2018-10360 CVE-2018-17953
CVE-2018-19211 CVE-2018-20346 CVE-2018-6798 CVE-2018-6913 CVE-2019-12290
CVE-2019-14250 CVE-2019-15847 CVE-2019-16168 CVE-2019-17594 CVE-2019-17595
CVE-2019-18218 CVE-2019-18224 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603
CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924
CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-3880
CVE-2019-5021 CVE-2019-6706 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907
CVE-2019-9936 CVE-2019-9937 CVE-2020-11501 CVE-2020-13434 CVE-2020-13435
CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-13844 CVE-2020-15358
CVE-2020-24370 CVE-2020-24371 CVE-2020-8927 CVE-2020-9327 CVE-2021-36690
CVE-2021-39537 CVE-2021-43618 CVE-2021-46828 CVE-2021-46848 CVE-2022-1664
CVE-2022-29458 CVE-2022-35737 CVE-2022-46908 CVE-2023-2137 CVE-2023-22652
CVE-2023-2602 CVE-2023-2603 CVE-2023-27043 CVE-2023-29491 CVE-2023-30078
CVE-2023-30079 CVE-2023-31484 CVE-2023-32181 CVE-2023-4039 CVE-2023-4039
CVE-2023-4039 CVE-2023-45853 CVE-2023-45918 CVE-2023-50495 CVE-2023-7207
CVE-2023-7207 CVE-2024-0397 CVE-2024-10041 CVE-2024-10041 CVE-2024-12133
CVE-2024-12718 CVE-2024-12797 CVE-2024-13176 CVE-2024-22195 CVE-2024-2236
CVE-2024-22365 CVE-2024-34064 CVE-2024-34397 CVE-2024-37370 CVE-2024-37371
CVE-2024-4032 CVE-2024-52533 CVE-2024-56201 CVE-2024-56326 CVE-2024-6232
CVE-2024-6923 CVE-2024-7592 CVE-2024-8088 CVE-2024-8176 CVE-2024-9287
CVE-2025-0395 CVE-2025-0938 CVE-2025-10148 CVE-2025-10911 CVE-2025-11563
CVE-2025-12084 CVE-2025-13151 CVE-2025-1352 CVE-2025-13601 CVE-2025-1372
CVE-2025-1376 CVE-2025-1377 CVE-2025-13836 CVE-2025-13836 CVE-2025-13837
CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524
CVE-2025-14819 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-15467
CVE-2025-1795 CVE-2025-24528 CVE-2025-27516 CVE-2025-27587 CVE-2025-27587
CVE-2025-27613 CVE-2025-27614 CVE-2025-29087 CVE-2025-29088 CVE-2025-30258
CVE-2025-31115 CVE-2025-3277 CVE-2025-3360 CVE-2025-3576 CVE-2025-40909
CVE-2025-4138 CVE-2025-4330 CVE-2025-4373 CVE-2025-4435 CVE-2025-4516
CVE-2025-4517 CVE-2025-4598 CVE-2025-46835 CVE-2025-4802 CVE-2025-48384
CVE-2025-48385 CVE-2025-4877 CVE-2025-4878 CVE-2025-49794 CVE-2025-49795
CVE-2025-49796 CVE-2025-5278 CVE-2025-5318 CVE-2025-53192 CVE-2025-5372
CVE-2025-53880 CVE-2025-59375 CVE-2025-6018 CVE-2025-6020 CVE-2025-6021
CVE-2025-6052 CVE-2025-6069 CVE-2025-6075 CVE-2025-6170 CVE-2025-61911
CVE-2025-61912 CVE-2025-62348 CVE-2025-62349 CVE-2025-6297 CVE-2025-67724
CVE-2025-67725 CVE-2025-67726 CVE-2025-68160 CVE-2025-68160 CVE-2025-68973
CVE-2025-69418 CVE-2025-69418 CVE-2025-69419 CVE-2025-69419 CVE-2025-69420
CVE-2025-69420 CVE-2025-69421 CVE-2025-69421 CVE-2025-6965 CVE-2025-7039
CVE-2025-7425 CVE-2025-7709 CVE-2025-8058 CVE-2025-8114 CVE-2025-8194
CVE-2025-8277 CVE-2025-8291 CVE-2025-8732 CVE-2025-9086 CVE-2025-9230
CVE-2025-9230 CVE-2026-0861 CVE-2026-0915 CVE-2026-0988 CVE-2026-0989
CVE-2026-0990 CVE-2026-0992 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489
CVE-2026-1757 CVE-2026-22795 CVE-2026-22795 CVE-2026-22796 CVE-2026-22796
CVE-2026-24882 SLE-6533 SLE-6536
-----------------------------------------------------------------
The container suse/multi-linux-manager/5.1/x86_64/server-saline was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2569-1
Released: Fri Nov 2 19:00:18 2018
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1110700
This update for pam fixes the following issues:
- Remove limits for nproc from /etc/security/limits.conf (bsc#1110700)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2607-1
Released: Wed Nov 7 15:42:48 2018
Summary: Optional update for gcc8
Type: recommended
Severity: low
References: 1084812,1084842,1087550,1094222,1102564
The GNU Compiler GCC 8 is being added to the Development Tools Module by this
update.
The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other
gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15.
Various optimizers have been improved in GCC 8, several of bugs fixed,
quite some new warnings added and the error pin-pointing and
fix-suggestions have been greatly improved.
The GNU Compiler page for GCC 8 contains a summary of all the changes that
have happened:
https://gcc.gnu.org/gcc-8/changes.html
Also changes needed or common pitfalls when porting software are described on:
https://gcc.gnu.org/gcc-8/porting_to.html
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2018:2825-1
Released: Mon Dec 3 15:35:02 2018
Summary: Security update for pam
Type: security
Severity: important
References: 1115640,CVE-2018-17953
This update for pam fixes the following issue:
Security issue fixed:
- CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2018:2861-1
Released: Thu Dec 6 14:32:01 2018
Summary: Security update for ncurses
Type: security
Severity: important
References: 1103320,1115929,CVE-2018-19211
This update for ncurses fixes the following issues:
Security issue fixed:
- CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).
Non-security issue fixed:
- Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:44-1
Released: Tue Jan 8 13:07:32 2019
Summary: Recommended update for acl
Type: recommended
Severity: low
References: 953659
This update for acl fixes the following issues:
- test: Add helper library to fake passwd/group files.
- quote: Escape literal backslashes. (bsc#953659)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:247-1
Released: Wed Feb 6 07:18:45 2019
Summary: Security update for lua53
Type: security
Severity: moderate
References: 1123043,CVE-2019-6706
This update for lua53 fixes the following issues:
Security issue fixed:
- CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:571-1
Released: Thu Mar 7 18:13:46 2019
Summary: Security update for file
Type: security
Severity: moderate
References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in
readelf.c, which allowed remote attackers to cause a denial of service
(application crash) via a crafted ELF file (bsc#1096974)
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
(bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
(bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
(bsc#1126117)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:788-1
Released: Thu Mar 28 11:55:06 2019
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1119687,CVE-2018-20346
This update for sqlite3 to version 3.27.2 fixes the following issue:
Security issue fixed:
- CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687).
Release notes: https://www.sqlite.org/releaselog/3_27_2.html
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1040-1
Released: Thu Apr 25 17:09:21 2019
Summary: Security update for samba
Type: security
Severity: important
References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880
This update for samba fixes the following issues:
Security issue fixed:
- CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060).
ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686):
- Out of bound read in ldb_wildcard_compare
- Hold at most 10 outstanding paged result cookies
- Put 'results_store' into a doubly linked list
- Refuse to build Samba against a newer minor version of ldb
Non-security issues fixed:
- Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377).
- Abide to the load_printers parameter in smb.conf (bsc#1124223).
- Provide the 32bit samba winbind PAM module and its dependend 32bit libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1127-1
Released: Thu May 2 09:39:24 2019
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937
This update for sqlite3 to version 3.28.0 fixes the following issues:
Security issues fixed:
- CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix
queries inside transaction (bsc#1130326).
- CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in
a single transaction with an fts5 virtual table (bsc#1130325).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1368-1
Released: Tue May 28 13:15:38 2019
Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
Type: security
Severity: important
References: 1134524,CVE-2019-5021
This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:
- CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1372-1
Released: Tue May 28 16:53:28 2019
Summary: Security update for libtasn1
Type: security
Severity: moderate
References: 1105435,CVE-2018-1000654
This update for libtasn1 fixes the following issues:
Security issue fixed:
- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2218-1
Released: Mon Aug 26 11:29:57 2019
Summary: Recommended update for pinentry
Type: recommended
Severity: moderate
References: 1141883
This update for pinentry fixes the following issues:
- Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2533-1
Released: Thu Oct 3 15:02:50 2019
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1150137,CVE-2019-16168
This update for sqlite3 fixes the following issues:
Security issue fixed:
- CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2997-1
Released: Mon Nov 18 15:16:38 2019
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).
Non-security issue fixed:
- Removed screen.xterm from terminfo database (bsc#1103320).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3061-1
Released: Mon Nov 25 17:34:22 2019
Summary: Security update for gcc9
Type: security
Severity: moderate
References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536
This update includes the GNU Compiler Collection 9.
A full changelog is provided by the GCC team on:
https://www.gnu.org/software/gcc/gcc-9/changes.html
The base system compiler libraries libgcc_s1, libstdc++6 and others are
now built by the gcc 9 packages.
To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 /
CXX=g++-9 during configuration for using it.
Security issues fixed:
- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)
Non-security issues fixed:
- Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3086-1
Released: Thu Nov 28 10:02:24 2019
Summary: Security update for libidn2
Type: security
Severity: moderate
References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224
This update for libidn2 to version 2.2.0 fixes the following issues:
- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:525-1
Released: Fri Feb 28 11:49:36 2020
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1164562
This update for pam fixes the following issues:
- Add libdb as build-time dependency to enable pam_userdb module.
Enable pam_userdb.so (jsc#sle-7258, bsc#1164562)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:689-1
Released: Fri Mar 13 17:09:01 2020
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1166510
This update for PAM fixes the following issue:
- The license of libdb linked against pam_userdb is not always wanted,
so we temporary disabled pam_userdb again. It will be published
in a different package at a later time. (bsc#1166510)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:917-1
Released: Fri Apr 3 15:02:25 2020
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1166510
This update for pam fixes the following issues:
- Moved pam_userdb into a separate package pam-extra. (bsc#1166510)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:948-1
Released: Wed Apr 8 07:44:21 2020
Summary: Security update for gmp, gnutls, libnettle
Type: security
Severity: moderate
References: 1152692,1155327,1166881,1168345,CVE-2020-11501
This update for gmp, gnutls, libnettle fixes the following issues:
Security issue fixed:
- CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345)
FIPS related bugfixes:
- FIPS: Install checksums for binary integrity verification which are
required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
- FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if
input is shorter than block size. (bsc#1166881)
- FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1226-1
Released: Fri May 8 10:51:05 2020
Summary: Recommended update for gcc9
Type: recommended
Severity: moderate
References: 1149995,1152590,1167898
This update for gcc9 fixes the following issues:
This update ships the GCC 9.3 release.
- Includes a fix for Internal compiler error when building HepMC (bsc#1167898)
- Includes fix for binutils version parsing
- Add libstdc++6-pp provides and conflicts to avoid file conflicts
with same minor version of libstdc++6-pp from gcc10.
- Add gcc9 autodetect -g at lto link (bsc#1149995)
- Install go tool buildid for bootstrapping go
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1294-1
Released: Mon May 18 07:38:36 2020
Summary: Security update for file
Type: security
Severity: moderate
References: 1154661,1169512,CVE-2019-18218
This update for file fixes the following issues:
Security issues fixed:
- CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661).
Non-security issue fixed:
- Fixed broken '--help' output (bsc#1169512).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2083-1
Released: Thu Jul 30 10:27:59 2020
Summary: Recommended update for diffutils
Type: recommended
Severity: moderate
References: 1156913
This update for diffutils fixes the following issue:
- Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2148-1
Released: Thu Aug 6 13:36:17 2020
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1174673
This update for ca-certificates-mozilla fixes the following issues:
Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
Removed CAs:
* AddTrust External CA Root
* AddTrust Class 1 CA Root
* LuxTrust Global Root 2
* Staat der Nederlanden Root CA - G2
* Symantec Class 1 Public Primary Certification Authority - G4
* Symantec Class 2 Public Primary Certification Authority - G4
* VeriSign Class 3 Public Primary Certification Authority - G3
Added CAs:
* certSIGN Root CA G2
* e-Szigno Root CA 2017
* Microsoft ECC Root Certificate Authority 2017
* Microsoft RSA Root Certificate Authority 2017
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2947-1
Released: Fri Oct 16 15:23:07 2020
Summary: Security update for gcc10, nvptx-tools
Type: security
Severity: moderate
References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844
This update for gcc10, nvptx-tools fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by
the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them
via:
CC=gcc-10
CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
Changes in nvptx-tools:
- Enable build on aarch64
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2983-1
Released: Wed Oct 21 15:03:03 2020
Summary: Recommended update for file
Type: recommended
Severity: moderate
References: 1176123
This update for file fixes the following issues:
- Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3157-1
Released: Wed Nov 4 15:37:05 2020
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1177864
This update for ca-certificates-mozilla fixes the following issues:
The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)
- Removed CAs:
- EE Certification Centre Root CA
- Taiwan GRCA
- Added CAs:
- Trustwave Global Certification Authority
- Trustwave Global ECC P256 Certification Authority
- Trustwave Global ECC P384 Certification Authority
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3462-1
Released: Fri Nov 20 13:14:35 2020
Summary: Recommended update for pam and sudo
Type: recommended
Severity: moderate
References: 1174593,1177858,1178727
This update for pam and sudo fixes the following issue:
pam:
- pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
- Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)
sudo:
- Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3620-1
Released: Thu Dec 3 17:03:55 2020
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References:
This update for pam fixes the following issues:
- Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720)
- Check whether the password contains a substring of of the user's name of at least `<N>` characters length in
some form. This is enabled by the new parameter `usersubstr=<N>`
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Type: recommended
Severity: moderate
References: 1180138
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:220-1
Released: Tue Jan 26 14:00:51 2021
Summary: Recommended update for keyutils
Type: recommended
Severity: moderate
References: 1180603
This update for keyutils fixes the following issues:
- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:293-1
Released: Wed Feb 3 12:52:34 2021
Summary: Recommended update for gmp
Type: recommended
Severity: moderate
References: 1180603
This update for gmp fixes the following issues:
- correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:339-1
Released: Mon Feb 8 13:16:07 2021
Summary: Optional update for pam
Type: optional
Severity: low
References:
This update for pam fixes the following issues:
- Added rpm macros for this package, so that other packages can make use of it
This patch is optional to be installed - it doesn't fix any bugs.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:924-1
Released: Tue Mar 23 10:00:49 2021
Summary: Recommended update for filesystem
Type: recommended
Severity: moderate
References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094
This update for filesystem the following issues:
- Remove duplicate line due to merge error
- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)
- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)
This update for systemd fixes the following issues:
- Fix for a possible memory leak. (bsc#1180020)
- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
- Don't use shell redirections when calling a rpm macro. (bsc#1183094)
- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1643-1
Released: Wed May 19 13:51:48 2021
Summary: Recommended update for pam
Type: recommended
Severity: important
References: 1181443,1184358,1185562
This update for pam fixes the following issues:
- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1861-1
Released: Fri Jun 4 09:59:40 2021
Summary: Recommended update for gcc10
Type: recommended
Severity: moderate
References: 1029961,1106014,1178577,1178624,1178675,1182016
This update for gcc10 fixes the following issues:
- Disable nvptx offloading for aarch64 again since it doesn't work
- Fixed a build failure issue. (bsc#1182016)
- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
- Fix 32bit 'libgnat.so' link. (bsc#1178675)
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
- Build complete set of multilibs for arm-none target. (bsc#1106014)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2196-1
Released: Tue Jun 29 09:41:39 2021
Summary: Security update for lua53
Type: security
Severity: moderate
References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371
This update for lua53 fixes the following issues:
Update to version 5.3.6:
- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2320-1
Released: Wed Jul 14 17:01:06 2021
Summary: Security update for sqlite3
Type: security
Severity: important
References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327
This update for sqlite3 fixes the following issues:
- Update to version 3.36.0
- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener
optimization (bsc#1173641)
- CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator (bsc#1164719)
- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
- CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference (bsc#1160309)
- CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
- CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
- CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715)
- CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference
(bsc#1159491)
- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with
a shadow table name (bsc#1158960)
- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated
columns (bsc#1158959)
- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements (bsc#1158958)
- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service (bsc#1158812)
- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3001-1
Released: Thu Sep 9 15:08:13 2021
Summary: Recommended update for netcfg
Type: recommended
Severity: moderate
References: 1189683
This update for netcfg fixes the following issues:
- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3182-1
Released: Tue Sep 21 17:04:26 2021
Summary: Recommended update for file
Type: recommended
Severity: moderate
References: 1189996
This update for file fixes the following issues:
- Fixes exception thrown by memory allocation problem (bsc#1189996)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3274-1
Released: Fri Oct 1 10:34:17 2021
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1190858
This update for ca-certificates-mozilla fixes the following issues:
- remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires
September 30th 2021 and openssl certificate chain handling does not
handle this correctly in openssl 1.0.2 and older.
(bsc#1190858)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3382-1
Released: Tue Oct 12 14:30:17 2021
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References:
This update for ca-certificates-mozilla fixes the following issues:
- A new sub-package for minimal base containers (jsc#SLE-22162)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released: Wed Oct 20 16:31:55 2021
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1190793,CVE-2021-39537
This update for ncurses fixes the following issues:
- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released: Wed Oct 20 16:48:46 2021
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1190052
This update for pam fixes the following issues:
- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released: Tue Oct 26 11:22:15 2021
Summary: Recommended update for pam
Type: recommended
Severity: important
References: 1191987
This update for pam fixes the following issues:
- Fixed a bad directive file which resulted in
the 'securetty' file to be installed as 'macros.pam'.
(bsc#1191987)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3799-1
Released: Wed Nov 24 18:07:54 2021
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1187153,1187273,1188623
This update for gcc11 fixes the following issues:
The additional GNU compiler collection GCC 11 is provided:
To select these compilers install the packages:
- gcc11
- gcc-c++11
- and others with 11 prefix.
to select them for building:
- CC='gcc-11'
- CXX='g++-11'
The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3891-1
Released: Fri Dec 3 10:21:49 2021
Summary: Recommended update for keyutils
Type: recommended
Severity: moderate
References: 1029961,1113013,1187654
This update for keyutils fixes the following issues:
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
keyutils was updated to 1.6.3 (jsc#SLE-20016):
* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow 'keyctl supports' to retrieve raw capability data.
* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
* Allow 'keyctl new_session' to name the keyring.
* Allow 'keyctl add/padd/etc.' to take hex-encoded data.
* Add 'keyctl watch*' to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes.
Updated to 1.6:
* Apply various specfile cleanups from Fedora.
* request-key: Provide a command line option to suppress helper execution.
* request-key: Find least-wildcard match rather than first match.
* Remove the dependency on MIT Kerberos.
* Fix some error messages
* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
* Fix doc and comment typos.
* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
* Add pkg-config support for finding libkeyutils.
* upstream isn't offering PGP signatures for the source tarballs anymore
Updated to 1.5.11 (bsc#1113013)
* Add keyring restriction support.
* Add KDF support to the Diffie-Helman function.
* DNS: Add support for AFS config files and SRV records
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3942-1
Released: Mon Dec 6 14:46:05 2021
Summary: Security update for brotli
Type: security
Severity: moderate
References: 1175825,CVE-2020-8927
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3946-1
Released: Mon Dec 6 14:57:42 2021
Summary: Security update for gmp
Type: security
Severity: moderate
References: 1192717,CVE-2021-43618
This update for gmp fixes the following issues:
- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:228-1
Released: Mon Jan 31 06:07:52 2022
Summary: Recommended update for boost
Type: recommended
Severity: moderate
References: 1194522
This update for boost fixes the following issues:
- Fix compilation errors (bsc#1194522)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:692-1
Released: Thu Mar 3 15:46:47 2022
Summary: Recommended update for filesystem
Type: recommended
Severity: moderate
References: 1190447
This update for filesystem fixes the following issues:
- Release ported filesystem to LTSS channels (bsc#1190447).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:789-1
Released: Thu Mar 10 11:22:05 2022
Summary: Recommended update for update-alternatives
Type: recommended
Severity: moderate
References: 1195654
This update for update-alternatives fixes the following issues:
- Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:861-1
Released: Tue Mar 15 23:30:48 2022
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1182959,1195149,1195792,1195856
This update for openssl-1_1 fixes the following issues:
openssl-1_1:
- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
glibc:
- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
linux-glibc-devel:
- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1
libxcrypt:
- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1
zlib:
- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:936-1
Released: Tue Mar 22 18:10:17 2022
Summary: Recommended update for filesystem and systemd-rpm-macros
Type: recommended
Severity: moderate
References: 1196275,1196406
This update for filesystem and systemd-rpm-macros fixes the following issues:
filesystem:
- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
systemd-rpm-macros:
- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Type: recommended
Severity: moderate
References: 1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2493-1
Released: Thu Jul 21 14:35:08 2022
Summary: Recommended update for rpm-config-SUSE
Type: recommended
Severity: moderate
References: 1193282
This update for rpm-config-SUSE fixes the following issues:
- Add SBAT values macros for other packages (bsc#1193282)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2640-1
Released: Wed Aug 3 10:43:44 2022
Summary: Recommended update for yaml-cpp
Type: recommended
Severity: moderate
References: 1160171,1178331,1178332,1200624
This update for yaml-cpp fixes the following issue:
- Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old
ABI to prevent ABI breakage and crash of applications compiled with 0.6.1
(bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2796-1
Released: Fri Aug 12 14:34:31 2022
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References:
This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,
used by other FIPS libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released: Mon Sep 19 11:43:25 2022
Summary: Recommended update for libassuan
Type: recommended
Severity: moderate
References:
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3328-1
Released: Wed Sep 21 12:48:56 2022
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1202870
This update for jitterentropy fixes the following issues:
- Hide the non-GNUC constructs that are library internal from the
exported header, to make it usable in builds with strict C99
compliance. (bsc#1202870)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3395-1
Released: Mon Sep 26 16:35:18 2022
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1181994,1188006,1199079,1202868
This update for ca-certificates-mozilla fixes the following issues:
Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
- Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Removed:
- Hellenic Academic and Research Institutions RootCA 2011
Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
- Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
- Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added:
- HARICA Client ECC Root CA 2021
- HARICA Client RSA Root CA 2021
- HARICA TLS ECC Root CA 2021
- HARICA TLS RSA Root CA 2021
- TunTrust Root CA
Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CAs:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3555-1
Released: Mon Oct 10 14:05:12 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: important
References: 1199492
This update for aaa_base fixes the following issues:
- The wrapper rootsh is not a restricted shell. (bsc#1199492)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3784-1
Released: Wed Oct 26 18:03:28 2022
Summary: Security update for libtasn1
Type: security
Severity: critical
References: 1204690,CVE-2021-46848
This update for libtasn1 fixes the following issues:
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3910-1
Released: Tue Nov 8 13:05:04 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References:
This update for pam fixes the following issue:
- Update pam_motd to the most current version. (PED-1712)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4062-1
Released: Fri Nov 18 09:05:07 2022
Summary: Recommended update for libusb-1_0
Type: recommended
Severity: moderate
References: 1201590
This update for libusb-1_0 fixes the following issues:
- Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4081-1
Released: Fri Nov 18 15:40:46 2022
Summary: Security update for dpkg
Type: security
Severity: low
References: 1199944,CVE-2022-1664
This update for dpkg fixes the following issues:
- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4135-1
Released: Mon Nov 21 00:13:40 2022
Summary: Recommended update for libeconf
Type: recommended
Severity: moderate
References: 1198165
This update for libeconf fixes the following issues:
- Update to version 0.4.6+git
- econftool:
Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter.
- libeconf:
Parse files correctly on space characters (1198165)
- Update to version 0.4.5+git
- econftool:
New call 'syntax' for checking the configuration files only. Returns an error string with line number if error.
New options '--comment' and '--delimeters'
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4256-1
Released: Mon Nov 28 12:36:32 2022
Summary: Recommended update for gcc12
Type: recommended
Severity: moderate
References:
This update for gcc12 fixes the following issues:
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.
The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4628-1
Released: Wed Dec 28 09:23:13 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1206337,CVE-2022-46908
This update for sqlite3 fixes the following issues:
- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism,
when relying on --safe for execution of an untrusted CLI script (bsc#1206337).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:37-1
Released: Fri Jan 6 15:35:49 2023
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: important
References: 1206212,1206622
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022'
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:48-1
Released: Mon Jan 9 10:37:54 2023
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1199467
This update for libtirpc fixes the following issues:
- Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:617-1
Released: Fri Mar 3 16:49:06 2023
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1207789
This update for jitterentropy fixes the following issues:
- build jitterentropy library with debuginfo (bsc#1207789)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:776-1
Released: Thu Mar 16 17:29:23 2023
Summary: Recommended update for gcc12
Type: recommended
Severity: moderate
References:
This update for gcc12 fixes the following issues:
This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products.
SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided in the SUSE Linux
Enterprise Module for Development Tools.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2111-1
Released: Fri May 5 14:34:00 2023
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1210434,CVE-2023-29491
This update for ncurses fixes the following issues:
- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2625-1
Released: Fri Jun 23 17:16:11 2023
Summary: Recommended update for gcc12
Type: recommended
Severity: moderate
References:
This update for gcc12 fixes the following issues:
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
* includes regression and other bug fixes
- Speed up builds with --enable-link-serialization.
- Update embedded newlib to version 4.2.0
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2765-1
Released: Mon Jul 3 20:28:14 2023
Summary: Security update for libcap
Type: security
Severity: moderate
References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2847-1
Released: Mon Jul 17 08:40:42 2023
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1210004
This update for audit fixes the following issues:
- Check for AF_UNIX unnamed sockets (bsc#1210004)
- Enable livepatching on main library on x86_64
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2882-1
Released: Wed Jul 19 11:49:39 2023
Summary: Security update for perl
Type: security
Severity: important
References: 1210999,CVE-2023-31484
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2918-1
Released: Thu Jul 20 12:00:17 2023
Summary: Recommended update for gpgme
Type: recommended
Severity: moderate
References: 1089497
This update for gpgme fixes the following issues:
gpgme:
- Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497)
libassuan:
- Version upgrade to 2.5.5 in LTSS to address gpgme new requirements
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3410-1
Released: Thu Aug 24 06:56:32 2023
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1201519,1204844
This update for audit fixes the following issues:
- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3454-1
Released: Mon Aug 28 13:43:18 2023
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: important
References: 1214248
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3611-1
Released: Fri Sep 15 09:28:36 2023
Summary: Recommended update for sysuser-tools
Type: recommended
Severity: moderate
References: 1195391,1205161,1207778,1213240,1214140
This update for sysuser-tools fixes the following issues:
- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391)
- Remove all systemd requires not supported on SLE15 (bsc#1214140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3661-1
Released: Mon Sep 18 21:44:09 2023
Summary: Security update for gcc12
Type: security
Severity: important
References: 1214052,CVE-2023-4039
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3954-1
Released: Tue Oct 3 20:09:47 2023
Summary: Security update for libeconf
Type: security
Severity: important
References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4154-1
Released: Fri Oct 20 19:33:25 2023
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1107342,1215434
This update for aaa_base fixes the following issues:
- Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4162-1
Released: Mon Oct 23 15:33:03 2023
Summary: Security update for gcc13
Type: security
Severity: important
References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2023:4194-1
Released: Wed Oct 25 11:01:41 2023
Summary: Feature update for python3
Type: feature
Severity: low
References:
This feature update for python3 packages adds the following:
- First batch of python3.11 modules (jsc#PED-68)
- Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate
the new 3.11 versions, this 3 packages have no code changes.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4215-1
Released: Thu Oct 26 12:19:25 2023
Summary: Security update for zlib
Type: security
Severity: moderate
References: 1216378,CVE-2023-45853
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4310-1
Released: Tue Oct 31 14:10:47 2023
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This Update for libtirpc to 1.3.4, fixing the following issues:
Update to 1.3.4 (bsc#1199467)
* binddynport.c honor ip_local_reserved_ports
- replaces: binddynport-honor-ip_local_reserved_ports.patch
* gss-api: expose gss major/minor error in authgss_refresh()
* rpcb_clnt.c: Eliminate double frees in delete_cache()
* rpcb_clnt.c: memory leak in destroy_addr
* portmapper: allow TCP-only portmapper
* getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
* clnt_raw.c: fix a possible null pointer dereference
* bindresvport.c: fix a potential resource leakage
Update to 1.3.3:
* Fix DoS vulnerability in libtirpc
- replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch
* _rpc_dtablesize: use portable system call
* libtirpc: Fix use-after-free accessing the error number
* Fix potential memory leak of parms.r_addr
- replaces 0001-fix-parms.r_addr-memory-leak.patch
* rpcb_clnt.c add mechanism to try v2 protocol first
- preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
* Eliminate deadlocks in connects with an MT environment
* clnt_dg_freeres() uncleared set active state may deadlock
* thread safe clnt destruction
* SUNRPC: mutexed access blacklist_read state variable
* SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c
Update to 1.3.2:
* Replace the final SunRPC licenses with BSD licenses
* blacklist: Add a few more well known ports
* libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
Update to 1.3.1:
* Remove AUTH_DES interfaces from auth_des.h
The unsupported AUTH_DES authentication has be
compiled out since commit d918e41d889 (Wed Oct 9 2019)
replaced by API routines that return errors.
* svc_dg: Free xp_netid during destroy
* Fix memory management issues of fd locks
* libtirpc: replace array with list for per-fd locks
* __svc_vc_dodestroy: fix double free of xp_ltaddr.buf
* __rpc_dtbsize: rlim_cur instead of rlim_max
* pkg-config: use the correct replacements for libdir/includedir
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4458-1
Released: Thu Nov 16 14:38:48 2023
Summary: Security update for gcc13
Type: security
Severity: important
References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Work around third party app crash during C++ standard library initialization. [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4619-1
Released: Thu Nov 30 10:13:52 2023
Summary: Security update for sqlite3
Type: security
Severity: important
References: 1210660,CVE-2023-2137
This update for sqlite3 fixes the following issues:
- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4671-1
Released: Wed Dec 6 14:33:41 2023
Summary: Recommended update for man
Type: recommended
Severity: moderate
References:
This update of man fixes the following problem:
- The 'man' commands is delivered to SUSE Linux Enterprise Micro
to allow browsing man pages.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4700-1
Released: Mon Dec 11 07:03:27 2023
Summary: Recommended update for p11-kit
Type: recommended
Severity: moderate
References:
This update for p11-kit fixes the following issues:
- Ensure that programs using <p11-kit/pkcs11x.h> can be compiled with CRYPTOKI_GNU.
Fixes GnuTLS builds (jsc#PED-6705).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4723-1
Released: Tue Dec 12 09:57:51 2023
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1216862
This update for libtirpc fixes the following issue:
- fix sed parsing in specfile (bsc#1216862)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4891-1
Released: Mon Dec 18 16:31:49 2023
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1201384,1218014,CVE-2023-50495
This update for ncurses fixes the following issues:
- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:62-1
Released: Mon Jan 8 11:44:47 2024
Summary: Recommended update for libxcrypt
Type: recommended
Severity: moderate
References: 1215496
This update for libxcrypt fixes the following issues:
- fix variable name for datamember [bsc#1215496]
- added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:136-1
Released: Thu Jan 18 09:53:47 2024
Summary: Security update for pam
Type: security
Severity: moderate
References: 1217000,1218475,CVE-2024-22365
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:238-1
Released: Fri Jan 26 10:56:41 2024
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1218571,CVE-2023-7207
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed a path traversal issue that could lead to an
arbitrary file write during archive extraction (bsc#1218571).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:322-1
Released: Fri Feb 2 15:13:26 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1107342,1215434
This update for aaa_base fixes the following issues:
- Set JAVA_HOME correctly (bsc#1107342, bsc#1215434)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:615-1
Released: Mon Feb 26 11:32:32 2024
Summary: Recommended update for netcfg
Type: recommended
Severity: moderate
References: 1211886
This update for netcfg fixes the following issues:
- Add krb-prop entry (bsc#1211886)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:305-1
Released: Mon Mar 11 14:15:37 2024
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1218571,1219238,CVE-2023-7207
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:861-1
Released: Wed Mar 13 09:12:30 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1218232
This update for aaa_base fixes the following issues:
- Silence the output in the case of broken symlinks (bsc#1218232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:907-1
Released: Fri Mar 15 08:57:38 2024
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1215377
This update for audit fixes the following issue:
- Fix plugin termination when using systemd service units (bsc#1215377)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:929-1
Released: Tue Mar 19 06:36:24 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1219321
This update for coreutils fixes the following issues:
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1133-1
Released: Mon Apr 8 11:29:02 2024
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1220061,CVE-2023-45918
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1253-1
Released: Fri Apr 12 08:15:18 2024
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239
This update for gcc13 fixes the following issues:
- Fix unwinding for JIT code. [bsc#1221239]
- Revert libgccjit dependency change. [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
breaks them. [bsc#1219520]
- Add support for -fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM. [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686. [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
%product_libs_llvm_ver where available and adjust tool discovery
accordingly. This should also properly trigger re-builds when
the patchlevel version of llvmVER changes, possibly changing
the binary names we link to. [bsc#1217450]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1429-1
Released: Wed Apr 24 15:13:10 2024
Summary: Recommended update for ca-certificates
Type: recommended
Severity: moderate
References: 1188500,1221184
This update for ca-certificates fixes the following issue:
- Update version (bsc#1221184)
* Use flock to serialize calls (bsc#1188500)
* Make certbundle.run container friendly
* Create /var/lib/ca-certificates if needed
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1487-1
Released: Thu May 2 10:43:53 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1211721,1221361,1221407,1222547
This update for aaa_base fixes the following issues:
- home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile
- drop the stderr redirection for csh (bsc#1221361)
- drop sysctl.d/50-default-s390.conf (bsc#1211721)
- make sure the script does not exit with 1 if a file with content is found (bsc#1222547)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1665-1
Released: Thu May 16 08:00:09 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1221632
This update for coreutils fixes the following issues:
- ls: avoid triggering automounts (bsc#1221632)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1762-1
Released: Wed May 22 16:14:17 2024
Summary: Security update for perl
Type: security
Severity: important
References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1864-1
Released: Thu May 30 14:19:13 2024
Summary: Security update for python-Jinja2
Type: security
Severity: moderate
References: 1218722,1223980,CVE-2024-22195,CVE-2024-34064
This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1876-1
Released: Fri May 31 06:47:32 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1221361
This update for aaa_base fixes the following issues:
- Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1950-1
Released: Fri Jun 7 17:20:14 2024
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1224044,CVE-2024-34397
This update for glib2 fixes the following issues:
Update to version 2.78.6:
+ Fix a regression with IBus caused by the fix for CVE-2024-34397
Changes in version 2.78.5:
+ Fix CVE-2024-34397: GDBus signal subscriptions for well-known
names are vulnerable to unicast spoofing. (bsc#1224044)
+ Bugs fixed:
- gvfs-udisks2-volume-monitor SIGSEGV in
g_content_type_guess_for_tree() due to filename with bad
encoding
- gcontenttype: Make filename valid utf-8 string before processing.
- gdbusconnection: Don't deliver signals if the sender doesn't match.
Changes in version 2.78.4:
+ Bugs fixed:
- Fix generated RST anchors for methods, signals and properties.
- docs/reference: depend on a native gtk-doc.
- gobject_gdb.py: Do not break bt on optimized build.
- gregex: clean up usage of _GRegex.jit_status.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1954-1
Released: Fri Jun 7 18:01:06 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1221482
This update for glibc fixes the following issues:
- Also include stat64 in the 32-bit libc_nonshared.a workaround
(bsc#1221482)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1997-1
Released: Tue Jun 11 17:24:32 2024
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1223596
This update for e2fsprogs fixes the following issues:
- EA Inode handling fixes:
- e2fsck: add more checks for ea inode consistency (bsc#1223596)
- e2fsck: fix golden output of several tests (bsc#1223596)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2024-1
Released: Thu Jun 13 16:15:18 2024
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1209627
This update for jitterentropy fixes the following issues:
- Fixed a stack corruption on s390x: [bsc#1209627]
* Output size of the STCKE command on s390x is 16 bytes, compared
to 8 bytes of the STCK command. Fix a stack corruption in the
s390x version of jent_get_nstime(). Add some more detailed
information on the STCKE command.
Updated to 3.4.1
* add FIPS 140 hints to man page
* simplify the test tool to search for optimal configurations
* fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0
* enhancement: add ARM64 assembler code to read high-res timer
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2086-1
Released: Wed Jun 19 11:48:24 2024
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References: 1188441
This update for gcc13 fixes the following issues:
Update to GCC 13.3 release
- Removed Fiji support from the GCN offload compiler as that is requiring
Code Object version 3 which is no longer supported by llvm18.
- Avoid combine spending too much compile-time and memory doing nothing
on s390x. [bsc#1188441]
- Make requirement to lld version specific to avoid requiring the
meta-package.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1638-1
Released: Fri Jun 21 13:09:31 2024
Summary: Recommended update for aws-cli and python311 dependencies
Type: recommended
Severity: moderate
References: 1118027,1144357,1162712,1167148,1171933,1172579,1172948,1179890,1189649,1190538,1192298,1199722,1209255,1211830,1217336,1220168
This update for aws-cli and python311 dependencies fixes the following issues:
- Upgrade aws-cli to v1.32 (jsc#PED-7487)
- This upgrade for aws-cli also provides the needed python311 dependencies.
- The bellow packages got obsoleted by the python311 counterpart:
- python3-botocore (superseded by python311-botocore)
- python3-s3transfer (superseded by python311-s3transfer)
- python3-boto (superseded by python311-boto)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2239-1
Released: Wed Jun 26 13:09:10 2024
Summary: Recommended update for systemd
Type: recommended
Severity: critical
References: 1226415
This update for systemd contains the following fixes:
- testsuite: move a misplaced %endif
- Do not remove existing configuration files in /etc. If these files were
modified on the systemd, that may cause unwanted side effects (bsc#1226415).
- Import upstream commit (merge of v254.13)
Use the pty slave fd opened from the namespace when transient service is running in a container.
This revert the backport of the broken commit until a fix is released in the v254-stable tree.
- Import upstream commit (merge of v254.11)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2307-1
Released: Fri Jul 5 12:04:34 2024
Summary: Security update for krb5
Type: security
Severity: important
References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2319-1
Released: Mon Jul 8 13:12:55 2024
Summary: Recommended update for Azure stack
Type: recommended
Severity: moderate
References: 1223435
This update ships the Python 3.11 enabled Azure stack to openSUSE Leap 15.5 and 15.6.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2630-1
Released: Tue Jul 30 09:12:44 2024
Summary: Security update for shadow
Type: security
Severity: important
References: 916845,CVE-2013-4235
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2641-1
Released: Tue Jul 30 09:29:36 2024
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References:
This update for systemd fixes the following issues:
systemd was updated from version 254.13 to version 254.15:
- Changes in version 254.15:
* boot: cover for hardware keys on phones/tablets
* Conditional PSI check to reflect changes done in 5.13
* core/dbus-manager: refuse SoftReboot() for user managers
* core/exec-invoke: reopen OpenFile= fds with O_NOCTTY
* core/exec-invoke: use sched_setattr instead of sched_setscheduler
* core/unit: follow merged units before updating SourcePath= timestamp too
* coredump: correctly take tmpfs size into account for compression
* cryptsetup: improve TPM2 blob display
* docs: Add section to HACKING.md on distribution packages
* docs: fixed dead link to GNOME documentation
* docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type
* Fixed typo in CAP_BPF description
* LICENSES/README: expand text to summarize state for binaries and libs
* man: fully adopt ~/.local/state/
* man/systemd.exec: list inaccessible files for ProtectKernelTunables
* man/tmpfiles: remove outdated behavior regarding symlink ownership
* meson: bpf: propagate 'sysroot' for cross compilation
* meson: Define __TARGET_ARCH macros required by bpf
* mkfs-util: Set sector size for btrfs as well
* mkosi: drop CentOS 8 from CI
* mkosi: Enable hyperscale-packages-experimental for CentOS
* mountpoint-util: do not assume symlinks are not mountpoints
* os-util: avoid matching on the wrong extension-release file
* README: add missing CONFIG_MEMCG kernel config option for oomd
* README: update requirements for signed dm-verity
* resolved: allow the full TTL to be used by OPT records
* resolved: correct parsing of OPT extended RCODEs
* sysusers: handle NSS errors gracefully
* TEST-58-REPART: reverse order of diff args
* TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic
* test: fixed TEST-24-CRYPTSETUP on SUSE
* test: install /etc/hosts
* Use consistent spelling of systemd.condition_first_boot argument
* util: make file_read() 64bit offset safe
* vmm: make sure we can handle smbios objects without variable part
- Changes in version 254.14:
* analyze: show pcrs also in sha384 bank
* chase: Tighten '.' and './' check
* core/service: fixed accept-socket deserialization
* efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too
* executor: check for all permission related errnos when setting up IPC namespace
* install: allow removing symlinks even for units that are gone
* json: use secure un{base64,hex}mem for sensitive variants
* man,units: drop 'temporary' from description of systemd-tmpfiles
* missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS
* repart: fixed memory leak
* repart: Use CRYPT_ACTIVATE_PRIVATE
* resolved: permit dnssec rrtype questions when we aren't validating
* rules: Limit the number of device units generated for serial ttys
* run: do not pass the pty slave fd to transient service in a machine
* sd-dhcp-server: clear buffer before receive
* strbuf: use GREEDY_REALLOC to grow the buffer
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2791-1
Released: Tue Aug 6 16:35:05 2024
Summary: Recommended update for various 32bit packages
Type: recommended
Severity: moderate
References: 1228322
This update of various packages delivers 32bit variants to allow running Wine
on SLE PackageHub 15 SP6.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2808-1
Released: Wed Aug 7 09:49:32 2024
Summary: Security update for shadow
Type: security
Severity: moderate
References: 1228770,CVE-2013-4235
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2869-1
Released: Fri Aug 9 15:59:29 2024
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: important
References: 1220356,1227525
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2912-1
Released: Wed Aug 14 20:20:12 2024
Summary: Recommended update for cloud-regionsrv-client
Type: recommended
Severity: important
References: 1222985,1223571,1224014,1224016,1227308
This update for cloud-regionsrv-client contains the following fixes:
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2967-1
Released: Mon Aug 19 15:41:29 2024
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1194818
This update for pam fixes the following issue:
- Prevent cursor escape from the login prompt (bsc#1194818).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2982-1
Released: Tue Aug 20 11:08:55 2024
Summary: Security update for python311
Type: security
Severity: important
References: 1225660,1226447,1226448,1227378,1227999,1228780,CVE-2023-27043,CVE-2024-0397,CVE-2024-4032,CVE-2024-6923
This update for python311 fixes the following issues:
Security issues fixed:
- CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780)
- CVE-2024-5642: Removed support for anything but OpenSSL 1.1.1 or newer (bsc#1227233)
- CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges (bsc#1226448)
Non-security issues fixed:
- Fixed executable bits for /usr/bin/idle* (bsc#1227378).
- Improve python reproducible builds (bsc#1227999)
- Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660)
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3166-1
Released: Mon Sep 9 12:25:30 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1228042
This update for glibc fixes the following issue:
- s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3290-1
Released: Tue Sep 17 15:24:09 2024
Summary: Recommended update for python-netaddr
Type: recommended
Severity: moderate
References:
This update for python-netaddr fixes the following issue:
New python packages:
- python311-netaddr
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3300-1
Released: Wed Sep 18 14:27:53 2024
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References: 1229028
This update for ncurses fixes the following issues:
- Allow the terminal description based on static fallback entries to be freed (bsc#1229028)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3427-1
Released: Tue Sep 24 18:42:49 2024
Summary: Security update for python311
Type: security
Severity: important
References: 1229596,1229704,1230227,CVE-2024-6232,CVE-2024-7592,CVE-2024-8088
This update for python311 fixes the following issues:
Update python311 to version 3.11.10.
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
- CVE-2024-7592: quadratic algorithm used when parsing cookies leads to excessive resource consumption. (bsc#1229596)
- CVE-2024-8088: lack of name validation when extracting a zip archive leads to infinite loops. (bsc#1229704)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3469-1
Released: Fri Sep 27 13:19:43 2024
Summary: Recommended update for python-kubernetes, python-recommonmark, python-Sphinx, python-sphinxcontrib-applehelp, python-sphinxcontrib-jquery
Type: recommended
Severity: moderate
References: 1223128
This update for python-kubernetes, python-recommonmark, python-Sphinx, python-sphinxcontrib-applehelp, python-sphinxcontrib-jquery contains the following fixes:
Changes for python-kubernetes:
- add sle15_python_module_pythons, jsc#PED-8481
Changes for python-recommonmark:
- Initial shipment for python-recommonmark.
Please check changelog for detailed infromation.
Changes for python-Sphinx:
- Add patch to fix-test-expectation-for-enum-rendering-on-python-3.12.3. (bsc#1223128)
- Disable test test_ext_imgconverter.
- Add upstream patch to make it work with python 3.11.7
- avoid xdist - not used by upstream and unstable (and not
improving the build time by more than 25%)
- remove setuptools requires
Changes for python-sphinxcontrib-applehelp:
- Add fix tests with python-Shpinx 7.2
jsc#PED-8481
Changes for python-sphinxcontrib-jquery:
- drop tests-with-sphinx-72 patch in order to
- add tests-with-sphinx-72-python312 patch to build with python 312+
- remove tests-with-sphinx-71 patch
- Add tests-with-sphinx-72 patch to fix tests with sphinx 7.2.
- add tests-with-sphinx-71 patch to fix tests with sphinx 7.1+
- Initial release of 4.1
No source changes rebuild to fulfill python-recommonmark dependencies
on 15 SP4 for the following packages:
python311-Babel
python311-CommonMark
python311-Jinja2
python311-MarkupSafe
python311-alabaster
python311-imagesize
python311-snowballstemmer
python311-sphinx_rtd_theme
python311-sphinxcontrib-devhelp
python311-sphinxcontrib-htmlhelp
python311-sphinxcontrib-jsmath
python311-sphinxcontrib-qthelp
python311-sphinxcontrib-serializinghtml
python311-sphinxcontrib-websupport
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2024:3486-1
Released: Fri Sep 27 19:55:02 2024
Summary: Feature update for python-looseversion, python-pyzmq, python-msgpack
Type: feature
Severity: low
References:
This update for python-looseversion, python-pyzmq, python-msgpack fixes the following issues:
- Add python311-looseversion, python311-pyzmq and python311-msgpack. (jsc#PED-5848)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3504-1
Released: Tue Oct 1 16:22:27 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1230638
This update for glibc fixes the following issue:
- Use nss-systemd by default also in SLE (bsc#1230638).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3512-1
Released: Wed Oct 2 18:14:56 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1226414,1228091,1228223,1228809,1229518
This update for systemd fixes the following issues:
- Determine the effective user limits in a systemd setup (jsc#PED-5659)
- Don't try to restart the udev socket units anymore. (bsc#1228809).
- Add systemd.rules rework (bsc#1229518).
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091).
- upstream commit (bsc#1226414).
- Make the 32bit version of libudev.so available again (bsc#1228223).
- policykit-1 renamed to polkitd
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3528-1
Released: Fri Oct 4 15:31:43 2024
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1230145
This update for e2fsprogs fixes the following issue:
- resize2fs: Check number of group descriptors only if meta_bg is disabled
(bsc#1230145).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3589-1
Released: Thu Oct 10 16:39:07 2024
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1230111
This update for cyrus-sasl fixes the following issues:
- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 )
RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3597-1
Released: Fri Oct 11 10:39:52 2024
Summary: Recommended update for bash
Type: recommended
Severity: moderate
References: 1227807
This update for bash fixes the following issues:
- Load completion file eveh if a brace expansion is in the
command line included (bsc#1227807).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3659-1
Released: Wed Oct 16 15:12:47 2024
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1188441,1210959,1214915,1219031,1220724,1221601
This update for gcc14 fixes the following issues:
This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 13 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc14 compilers use:
- install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
- override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.
For a full changelog with all new GCC14 features, check out
https://gcc.gnu.org/gcc-14/changes.html
- Add libquadmath0-devel-gcc14 sub-package to allow installing
quadmath.h and SO link without installing the fortran frontend
- Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441]
- Remove timezone Recommends from the libstdc++6 package. [bsc#1221601]
- Revert libgccjit dependency change. [bsc#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Re-enable AutoReqProv for cross packages but filter files processed
via __requires_exclude_from and __provides_exclude_from.
[bsc#1219031]
- Package m2rte.so plugin in the gcc14-m2 sub-package rather than
in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs
are linked against libstdc++6.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3726-1
Released: Fri Oct 18 11:56:40 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1231051
This update for glibc fixes the following issue:
- Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3865-1
Released: Fri Nov 1 16:10:37 2024
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1231833
This update for gcc14 fixes the following issues:
- Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3896-1
Released: Mon Nov 4 12:08:29 2024
Summary: Recommended update for shadow
Type: recommended
Severity: moderate
References: 1230972
This update for shadow fixes the following issues:
- Add useradd warnings when requested UID is outside the default range (bsc#1230972)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3958-1
Released: Fri Nov 8 16:25:08 2024
Summary: Security update for python311
Type: security
Severity: moderate
References: 1230906,1232241,CVE-2024-9287
This update for python311 fixes the following issues:
- CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment (bsc#1232241).
Bug fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4224-1
Released: Fri Dec 6 10:24:50 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1233699
This update for glibc fixes the following issue:
- Remove nss-systemd from default nsswitch.conf (bsc#1233699).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4254-1
Released: Fri Dec 6 18:03:05 2024
Summary: Security update for glib2
Type: security
Severity: important
References: 1231463,1233282,CVE-2024-52533
This update for glib2 fixes the following issues:
Security issues fixed:
- CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282).
Non-security issue fixed:
- Fix error when uninstalling packages (bsc#1231463).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:6-1
Released: Thu Jan 2 09:45:11 2025
Summary: Security update for python-Jinja2
Type: security
Severity: important
References: 1234808,1234809,CVE-2024-56201,CVE-2024-56326
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template (bsc#1234808)
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:401-1
Released: Mon Feb 10 10:38:28 2025
Summary: Security update for crypto-policies, krb5
Type: security
Severity: moderate
References: 1236619,CVE-2025-24528
This update for crypto-policies and krb5 fixes the following issues:
Security issue fixed:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
Feature addition:
- Add crypto-policies support; (jsc#PED-12018)
* The default krb5.conf has been updated to include config
snippets in the krb5.conf.d directory, where crypto-policies
drops its.
- Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018);
* This key derivation function is used by AES256-CTS-HMAC-SHA1-96
and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active
directory. If these encryption types are allowed or not in
FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:547-1
Released: Fri Feb 14 08:26:30 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1229228,1233752,1234313,1234765
This update for systemd fixes the following issues:
- Fix agetty failing to open credentials directory (bsc#1229228)
- stdio-bridge: fix polled fds
- hwdb: comment out the entry for Logitech MX Keys for Mac
- core/unit-serialize: fix serialization of markers
- locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged
- core: fix assert when AddDependencyUnitFiles is called with invalid parameter
- Fix systemd-network recommending libidn2-devel (bsc#1234765)
- tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:548-1
Released: Fri Feb 14 11:19:24 2025
Summary: Security update for libtasn1
Type: security
Severity: important
References: 1236878,CVE-2024-12133
This update for libtasn1 fixes the following issues:
- CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes
quadratic time to complete. (bsc#1236878)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:551-1
Released: Fri Feb 14 16:09:46 2025
Summary: Security update for python311
Type: security
Severity: moderate
References: 1228165,1231795,1236705,CVE-2025-0938
This update for python311 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
Other fixes:
- Update to version 3.11.11.
- Remove -IVendor/ from python-config. (bsc#1231795)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:582-1
Released: Tue Feb 18 15:55:29 2025
Summary: Security update for glibc
Type: security
Severity: low
References: 1236282,CVE-2025-0395
This update for glibc fixes the following issues:
- CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:626-1
Released: Fri Feb 21 12:18:09 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1236858
This update for crypto-policies fixes the following issue:
- Remove dangling symlink for the libreswan config (bsc#1236858).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:956-1
Released: Wed Mar 19 17:12:25 2025
Summary: Security update for python-Jinja2
Type: security
Severity: moderate
References: 1238879,CVE-2025-27516
This update for python-Jinja2 fixes the following issues:
- CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:969-1
Released: Thu Mar 20 14:28:47 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1227637,1236165
This update for crypto-policies fixes the following issues:
- Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637).
- tolerate fips dracut module presence w/o FIPS
* Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode
(bsc#1236165).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:982-1
Released: Fri Mar 21 15:17:03 2025
Summary: Security update for python311
Type: security
Severity: low
References: 1238450,1239210,CVE-2025-1795
This update for python311 fixes the following issues:
- CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1016-1
Released: Tue Mar 25 15:59:05 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1234015,1236643,1236886
This update for systemd fixes the following issues:
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- journald: close runtime journals before their parent directory removed
- journald: reset runtime seqnum data when flushing to system journal (bsc#1236886)
- Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643)
It is likely an oversight from when systemd-userdb was migrated from the
experimental package to the main one.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1130-1
Released: Thu Apr 3 15:08:55 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1234798,1240009,1240343
This update for ca-certificates-mozilla fixes the following issues:
Update to 2.74 state of Mozilla SSL root CAs:
- Removed:
* SwissSign Silver CA - G2
- Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798):
- Removed:
* SecureSign RootCA11
* Security Communication RootCA3
- Added:
* TWCA CYBER Root CA
* TWCA Global Root CA G2
* SecureSign Root CA12
* SecureSign Root CA14
* SecureSign Root CA15
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1137-1
Released: Thu Apr 3 17:11:02 2025
Summary: Security update for xz
Type: security
Severity: important
References: 1240414,CVE-2025-31115
This update for xz fixes the following issues:
- CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1198-1
Released: Fri Apr 11 09:46:09 2025
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1234128,1234713,1239883
This update for glibc fixes the following issues:
- Fix the lost wakeup from a bug in signal stealing (bsc#1234128)
- Mark functions in libc_nonshared.a as hidden (bsc#1239883)
- Bump minimal kernel version to 4.3 to enable use of direct socketcalls
on x86-32 and s390x (bsc#1234713)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1217-1
Released: Sun Apr 13 12:16:40 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1240343
This update for ca-certificates-mozilla fixes the following issues:
- Reenable the distrusted certs for now. as these only
distrust 'new issued' certs starting after a certain date,
while old certs should still work. (bsc#1240343)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1242-1
Released: Mon Apr 14 12:43:18 2025
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1235481,1236033
This update for aaa_base fixes the following issues:
- SP6 logrotate and rcsyslog binary (bsc#1236033)
- Update detection for systemd in rc.status
- Mountpoint for cgroup changed with cgroup2
- If a user switches the login shell respect the already set PATH
environment (bsc#1235481)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1334-1
Released: Thu Apr 17 09:03:05 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,CVE-2024-10041
This update for pam fixes the following issues:
- CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1367-1
Released: Thu Apr 24 16:38:48 2025
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1240897,CVE-2025-3360
This update for glib2 fixes the following issues:
- CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long
and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1394-1
Released: Mon Apr 28 16:15:21 2025
Summary: Recommended update for glibc
Type: recommended
Severity: important
References:
This update for glibc fixes the following issues:
- Add support for userspace livepatching for ppc64le (jsc#PED-11850)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1456-1
Released: Wed May 7 17:13:32 2025
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1241020,1241078,1241189,CVE-2025-29087,CVE-2025-29088,CVE-2025-3277
This update for sqlite3 fixes the following issues:
- CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020)
- CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)
Other fixes:
- Updated to version 3.49.1 from Factory (jsc#SLE-16032)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1557-1
Released: Thu May 15 12:23:24 2025
Summary: Recommended update for python-docopt, python-msgpack, python-redis
Type: recommended
Severity: moderate
References: 1240064
This update ships python311-docopt and python311-redis to the Public Cloud Module,
and the python311-msgpack to the Python3 module.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1702-1
Released: Sat May 24 11:50:53 2025
Summary: Security update for glibc
Type: security
Severity: important
References: 1243317,CVE-2025-4802
This update for glibc fixes the following issues:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1714-1
Released: Tue May 27 13:23:20 2025
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References:
This update for ncurses fixes the following issues:
- Backport sclp terminfo description entry if for s390 sclp terminal lines
- Add a further sclp entry for qemu s390 based systems
- Make use of dumb
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1733-1
Released: Wed May 28 17:59:52 2025
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1242060
This update for krb5 fixes the following issue:
- Remove references to the LMDB backend in the kdc.conf manpage (bsc#1242060).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1739-1
Released: Thu May 29 11:40:51 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1236177,1237496,1242938,1243259
This update for systemd fixes the following issues:
- Add missing 'systemd-journal-remote' package
to 15-SP7 (bsc#1243259)
- umount: do not move busy network mounts (bsc#1236177)
- Apply coredump sysctl settings on systemd-coredump updates/removals.
- Fix the issue with journalctl not working
for users in Container UID range (bsc#1242938)
Don't write messages sent from users with UID falling into the container UID
range to the system journal. Daemons in the container don't talk to the
outside journald as they talk to the inner one directly, which does its
journal splitting based on shifted uids.
- man/pstore.conf: pstore.conf template is not always installed in /etc
- man: coredump.conf template is not always installed in /etc (bsc#1237496)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:1827-1
Released: Thu Jun 5 18:11:15 2025
Summary: Optional update for python-six
Type: optional
Severity: low
References:
This update python-six fixes the following issue:
- Rebuild for consistency across products, no source changes.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2013-1
Released: Wed Jun 18 20:05:07 2025
Summary: Security update for pam
Type: security
Severity: important
References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020
This update for pam fixes the following issues:
- CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226).
- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2027-1
Released: Thu Jun 19 17:15:41 2025
Summary: Security update for perl
Type: security
Severity: moderate
References: 1244079,CVE-2025-40909
This update for perl fixes the following issues:
- CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2042-1
Released: Fri Jun 20 12:38:43 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1236136,1236599,1243459,CVE-2024-12797,CVE-2024-13176,CVE-2025-27587
This update for openssl-3 fixes the following issues:
- CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA (bsc#1243459).
- CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don't abort as expected. (bsc#1236599)
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2057-1
Released: Sat Jun 21 11:04:24 2025
Summary: Security update for python311
Type: security
Severity: important
References: 1241067,1243273,1244032,1244056,1244059,1244060,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4516,CVE-2025-4517
This update for python311 fixes the following issues:
python311 was updated from version 3.11.10 to 3.11.13:
- Security issues fixed:
* CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS (bsc#1243273).
* CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixed multiple issues that allowed tarfile
extraction filters to be bypassed using crafted symlinks and hard links
(bsc#1244056, bsc#1244059, bsc#1244060, bsc#1244032)
- Other changes and bugs fixed:
* Improved handling of system call failures that OpenSSL reports (bsc#1241067)
* Disable GC during thread operations to prevent deadlocks.
* Fixed a potential denial of service vulnerability in the imaplib module.
* Fixed bugs in the in the folding of rfc2047 encoded-words and in the folding of quoted strings when flattening an
email message using a modern email policy.
* Fixed parsing long IPv6 addresses with embedded IPv4 address.
* Fixed ipaddress.IPv6Address.reverse_pointer output according to RFC 3596
* Improved the textual representation of IPv4-mapped IPv6 addresses in ipaddress.
* ipaddress: fixed hash collisions for IPv4Network and IPv6Network objects
* os.path.realpath() now accepts a strict keyword-only argument.
* Stop the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor
denial-of-service.
* Updated bundled libexpat to 2.7.1
* Writers of CPython documentation can now use next as the version for the versionchanged, versionadded,
deprecated directives.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2167-1
Released: Mon Jun 30 09:14:40 2025
Summary: Security update for glib2
Type: security
Severity: important
References: 1242844,1244596,CVE-2025-4373,CVE-2025-6052
This update for glib2 fixes the following issues:
- CVE-2025-6052: Fixed integer overflow in g_string_maybe_expand() leads to potential buffer overflow in GString (bsc#1244596).
- CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function g_string_insert_unichar (bsc#1242844).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2229-1
Released: Fri Jul 4 18:02:30 2025
Summary: Security update for libssh
Type: security
Severity: important
References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372
This update for libssh fixes the following issues:
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2236-1
Released: Mon Jul 7 14:58:53 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1240366,CVE-2025-27587
This update for openssl-3 fixes the following issues:
- CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 (bsc#1240366).
- Backport mdless cms signing support [jsc#PED-12895]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2244-1
Released: Tue Jul 8 10:44:02 2025
Summary: Security update for systemd
Type: security
Severity: moderate
References: 1242827,1243935,CVE-2025-4598
This update for systemd fixes the following issues:
- CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935).
Other bugfixes:
- logs-show: get timestamp and boot ID only when necessary (bsc#1242827).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2259-1
Released: Wed Jul 9 17:18:02 2025
Summary: Recommended update for gpg2
Type: security
Severity: low
References: 1236931,1239119,1239817,CVE-2025-30258
This update for gpg2 fixes the following issues:
- CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring (bsc#1239119).
Other bugfixes:
- Do not install expired sks certificate (bsc#1243069).
- gpg hangs when importing a key (bsc#1236931).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2260-1
Released: Wed Jul 9 19:04:24 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1244554,1244555,1244557,1244590,1244700,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170
This update for libxml2 fixes the following issues:
- CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554)
- CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557)
- CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555)
- CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700)
- CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2301-1
Released: Mon Jul 14 11:48:57 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1229655
This update for cyrus-sasl fixes the following issues:
- Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097)
- Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2362-1
Released: Fri Jul 18 11:07:24 2025
Summary: Security update for coreutils
Type: security
Severity: moderate
References: 1243767,CVE-2025-5278
This update for coreutils fixes the following issues:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2536-1
Released: Thu Jul 31 16:44:39 2025
Summary: Security update for boost
Type: security
Severity: important
References: 1245936,CVE-2016-9840
This update for boost fixes the following issues:
- CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2599-1
Released: Fri Aug 1 17:35:01 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: important
References: 1230959,1231748,1232326,1246428
This update for openssl-3 fixes the following issues:
- FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2617-1
Released: Mon Aug 4 09:04:59 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1246296,CVE-2025-7425
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2672-1
Released: Mon Aug 4 15:06:13 2025
Summary: Security update for sqlite3
Type: security
Severity: important
References: 1246597,CVE-2025-6965
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2714-1
Released: Wed Aug 6 11:36:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References:
This update for systemd fixes the following issues:
- triggers.systemd: skip update of hwdb, journal-catalog if executed during
an offline update.
- systemd-repart is no more considered as experimental (jsc#PED-13213)
- Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2717-1
Released: Wed Aug 6 15:39:46 2025
Summary: Security update for python311
Type: security
Severity: important
References: 1244061,1244705,1247249,CVE-2025-4435,CVE-2025-6069,CVE-2025-8194
This update for python311 fixes the following issues:
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249).
- CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705).
- CVE-2025-4435: Fixed Tarfile extracting filtered members when errorlevel=0 (bsc#1244061).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2719-1
Released: Thu Aug 7 05:38:32 2025
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1221107,1246934,CVE-2024-2236
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2720-1
Released: Thu Aug 7 05:38:44 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References:
This update for crypto-policies fixes the following issues:
- Update the BSI policy (jsc#PED-12880)
* BSI: switch to 3072 minimum RSA key size
* BSI: Update BSI policy for new 2024 minimum
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2734-1
Released: Fri Aug 8 10:05:10 2025
Summary: Security update for dpkg
Type: security
Severity: moderate
References: 1245573,CVE-2025-6297
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:2763-1
Released: Tue Aug 12 14:45:40 2025
Summary: Optional update for libyaml
Type: optional
Severity: moderate
References: 1246570
This update for libyaml ships the missing libyaml-0-2 library package to
SUSE MicroOS 5.1 and 5.2.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2780-1
Released: Wed Aug 13 10:28:27 2025
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050
This update for gcc14 fixes the following issues:
Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Fixed libqt6webengine build.
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Allow GCC executables to be built PIE. [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set [bsc#1238491]
- Fixes reported ICE in [bsc#1237442]
- Add larchintrin.h, lasxintrin.h and lsxintrin.h
headers to gccXY main package in %files section
- libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2874-1
Released: Tue Aug 19 06:07:47 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: important
References: 1247144,1247148
This update for openssl-3 fixes the following issues:
- Increase limit for CRL download (bsc#1247148, bsc#1247144)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2890-1
Released: Tue Aug 19 09:54:32 2025
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1246697
This update for openssl-1_1 fixes the following issues:
- FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test
instead of NID_secp256k1. [bsc#1246697]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2964-1
Released: Fri Aug 22 14:52:39 2025
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1240058,1246965,CVE-2025-8058
This update for glibc fixes the following issues:
- CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2970-1
Released: Mon Aug 25 10:27:57 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,1246221,CVE-2024-10041
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3012-1
Released: Fri Aug 29 02:07:38 2025
Summary: security update for git, git-lfs, obs-scm-bridge, python-PyYAML
Type: security
Severity: important
References: 1212476,1216545,1218588,1218664,1243197,1245938,1245939,1245942,1245943,1245946,CVE-2025-27613,CVE-2025-27614,CVE-2025-46835,CVE-2025-48384,CVE-2025-48385
This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues:
git was updated from version 2.43.0 to 2.51.0 (bsc#1243197):
- Security issues fixed:
* CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938)
* CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939)
* CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942)
* CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943)
* CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946)
- Other changes and bugs fixed:
- Other changes and bugs fixed:
* Added SHA256 support (bsc#1243197)
* Git moved to /usr/libexec/git/git and updated AppArmor profile
accordingly (bsc#1218588)
* gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664)
* Do not replace apparmor configuration (bsc#1216545)
* Fixed the Python version required (bsc#1212476)
- Version Updates Release Notes:
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc
git-lfs is included in version 3.7.0.
python-PyYAML was updated from version 6.0.1 to 6.0.2:
- Added support for Cython 3.x and Python 3.13
obs-scm-bridge was updated from version 0.5.4 to 0.7.4:
- New Features and Improvements:
* Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs`
file.
* Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary
files.
* Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch
during checkout.
* Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources.
* SSH URL Support: ssh:// SCM URLs can now be used.
* Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved.
* Standardized Config Location: In project mode, the _config file is now always located in the top-level directory,
even when using subdirs.
* Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided.
* Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled.
* Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo.
- Bugs fixed:
* Syntax Fix: A syntax issue was corrected.
* Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and
tabs.
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:3134-1
Released: Wed Sep 10 14:22:55 2025
Summary: Feature update for salt and Python dependencies
Type: feature
Severity: moderate
References:
This update for salt and Python dependencies fixes the following issues:
- Implementation of python311-salt and missing required Python 3.11 dependencies on the following
SUSE Linux Enterprise 15 SP4 Products (no source changes) (jsc#PED-13283):
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4 LTSS and ESPOS
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3239-1
Released: Tue Sep 16 19:04:00 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1239618,CVE-2024-8176
This update for expat fixes the following issues:
expat was updated to version 2.7.1:
- Bug fixes:
- Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
- Other changes:
- Fix printf format specifiers for 32bit Emscripten
- docs: Promote OpenSSF Best Practices self-certification
- tests/benchmark: Resolve mistaken double close
- Address compiler warnings
- Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Version update to 2.7.0 (CVE-2024-8176, bsc#1239618, jsc#PED-12507)
* Security fixes:
- CVE-2024-8176 -- Fix crash from chaining a large number of
entities caused by stack overflow by resolving use of recursion,
for all three uses of entities: - general entities in character data
('<e>&g1;</e>') - general entities in attribute values
('<e k1='&g1;'/>') - parameter entities ('%p1;')
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
- docs: Add missing documentation of error code XML_ERROR_NOT_STARTED
that was introduced with 2.6.4
- docs: Document need for C++11 compiler for use from C++
- Address Cppcheck warnings
- Mass-migrate links from http:// to https://
- Document changes since the previous release
- Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3268-1
Released: Thu Sep 18 13:08:10 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3369-1
Released: Fri Sep 26 12:54:43 2025
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3489-1
Released: Wed Oct 8 08:23:53 2025
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: important
References: 1230267,1246912,1250343
This update for libsolv, libzypp, zypper fixes the following issues:
- fixed rare crash in the handling of allowuninstall in combination with forcebest updates
- new pool_satisfieddep_map feature to test if a set of packages satisfies a dependency
- runposttrans: strip root prefix from tmppath (bsc#1250343)
- fixup! Make ld.so ignore the subarch packages during install (bsc#1246912)
- Make ld.so ignore the subarch packages during install (bsc#1246912)
- Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines.
- Changes to support building against restructured libzypp in stack build (bsc#1230267)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3508-1
Released: Thu Oct 9 10:32:56 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1249584,CVE-2025-59375
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3546-1
Released: Sat Oct 11 03:21:33 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3596-1
Released: Wed Oct 15 09:51:21 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1251264
This update for curl fixes the following issue:
- rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3635-1
Released: Fri Oct 17 16:33:06 2025
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3699-1
Released: Tue Oct 21 12:07:47 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1241219,CVE-2025-3576
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3836-1
Released: Tue Oct 28 11:38:00 2025
Summary: Recommended update for bash
Type: recommended
Severity: important
References: 1245199
This update for bash fixes the following issues:
- Fix histfile missing timestamp for the oldest record (bsc#1245199)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3839-1
Released: Tue Oct 28 15:41:20 2025
Summary: Maintenance update for Multi-Linux Manager 5.1.1
Type: security
Severity: important
References: 1229825,1240882,1241880,1243331,1243486,1243611,1243704,1244027,1244127,1244219,1244424,1244552,1245099,1245120,1245702,1246068,1246277,1246320,1246421,1246553,1246654,1246663,1246789,1246882,1246906,1247688,1247836,1248085,1248252,1248804,1249059,1249434,1250911,1251278,CVE-2025-53192,CVE-2025-53880
Maintenance update for Multi-Linux Manager 5.1.1: Server, Proxy and Retail Branch Server
This is a codestream only update
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3847-1
Released: Wed Oct 29 06:06:00 2025
Summary: Recommended update for python-kiwi
Type: recommended
Severity: critical
References: 1243381,1245190,1250754
This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues:
python-kiwi:
- Switch to Python 3.11 based python-kiwi (jsc#PED-13168)
- Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754)
- Fixed get_partition_node_name (bsc#1245190)
- Added new eficsm type attribute (bsc#1243381)
- Included support for older schemas
- New binary packages:
* kiwi-bash-completion
* kiwi-systemdeps-containers-wsl
appx-util:
- Implementation as dependency required by kiwi-systemdeps-containers-wsl
python-docopt, python-xmltodict, libsolv:
- Implementation of Python 3.11 flavours required by python311-kiwi (no source changes)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3877-1
Released: Fri Oct 31 05:29:41 2025
Summary: Recommended update for libselinux
Type: recommended
Severity: important
References: 1252160
This update for libselinux fixes the following issues:
- Ship license file (bsc#1252160)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3930-1
Released: Tue Nov 4 09:26:22 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050
This update for gcc15 fixes the following issues:
This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 14 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc15 compilers use:
- install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages.
- override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages.
For a full changelog with all new GCC15 features, check out
https://gcc.gnu.org/gcc-15/changes.html
Update to GCC 15.2 release:
* the GCC 15.2 release contains regression fixes accumulated since
the GCC 15.1 release
- Prune the use of update-alternatives from openSUSE Factory and
SLFO.
- Adjust crosses to conflict consistently where they did not
already and make them use unsuffixed binaries.
- Tune for power10 for SLES 16. [jsc#PED-12029]
- Tune for z15 for SLES 16. [jsc#PED-253]
- Fix PR120827, ICE due to splitter emitting constant loads directly
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
- Enable C++ for offload compilers. [bsc#1243794]
- Add libgcobol and libquadmath-devel dependence to the cobol frontend
package.
Update to GCC 15 branch head, 15.1.1+git9595
* includes GCC 15.1 release
- Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs
for the AMD GCN offload compiler when llvm is new enough.
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Fix newlib libm miscompilation for GCN offloading.
Update to GCC trunk head, 15.0.1+git9001
* includes -msplit-patch-nops required for user-space livepatching
on powerpc
* includes fix for Ada build with --enable-host-pie
- Build GCC executables PIE on SLE. [bsc#1239938]
- Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF
debug info DW_AT_producer string. [bsc#1239566]
- Package GCC COBOL compiler for openSUSE Factory for supported
targets which are x86_64, aarch64 and ppc64le.
- Disable profiling during build when %want_reproducible_builds is set
[bsc#1238491]
- Includes fix for emacs JIT use
- Bumps libgo SONAME to libgo24 which should fix go1.9 build
- Adjust cross compiler requirements to use %requires_ge
- For cross compilers require the same or newer binutils, newlib
or cross-glibc that was used at build time. [bsc#1232526]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3934-1
Released: Tue Nov 4 12:23:11 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1247498
This update for cyrus-sasl fixes the following issue:
- Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4138-1
Released: Wed Nov 19 11:15:12 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1224386,1248501
This update for systemd fixes the following issues:
- systemd.spec: use %sysusers_generate_pre so that some systemd users are
already available in %pre. This is important because D-Bus automatically
reloads its configuration whenever new configuration files are installed,
i.e. between %pre and %post. (bsc#1248501)
No needs for systemd and udev packages as they are always installed during
the initial installation.
- Split systemd-network into two new sub-packages: systemd-networkd and
systemd-resolved (bsc#1224386 jsc#PED-12669)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4155-1
Released: Fri Nov 21 15:09:44 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1233529
This update for cyrus-sasl fixes the following issues:
- Python3 error log upon importing pycurl (bsc#1233529)
* Remove senceless log message.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4092-1
Released: Mon Nov 24 10:08:22 2025
Summary: Security update for elfutils
Type: security
Severity: moderate
References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377
This update for elfutils fixes the following issues:
- Fixing build/testsuite for more recent glibc and kernels.
- Fixing denial of service and general buffer overflow errors
(bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242):
- CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip
- CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip
- CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf
- CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf
- Fixing testsuite race conditions in run-debuginfod-find.sh.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4293-1
Released: Fri Nov 28 10:10:49 2025
Summary: Recommended update for gpgme
Type: recommended
Severity: important
References: 1231055,1252425
This update for gpgme fixes the following issues:
- Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055)
* To avoid gpgme constructing an invalid gpg command line when
the DISPLAY variable is empty it can be treated as unset.
* Reported upstream: dev.gnupg.org/T7919
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4297-1
Released: Fri Nov 28 11:03:19 2025
Summary: Security update for python311
Type: security
Severity: low
References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291
This update for python311 fixes the following issues:
Update to 3.11.14:
- CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974)
- CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4300-1
Released: Fri Nov 28 13:57:41 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1253757,CVE-2025-11563
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4308-1
Released: Fri Nov 28 16:38:46 2025
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1249055,CVE-2025-7039
This update for glib2 fixes the following issues:
- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4362-1
Released: Thu Dec 11 11:08:27 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1253043
This update for gcc15 fixes the following issues:
- Enable the use of _dl_find_object even when not available at build time. [bsc#1253043]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4454-1
Released: Thu Dec 18 09:51:52 2025
Summary: Maintenance update for Multi-Linux Manager 5.1.1.1: Server, Proxy and Retail Branch Server
Type: recommended
Severity: moderate
References: 1227207,1247990,1250514,1250520,1250755,1251776,1251864,1251912,1251913,1251928,1252244,1252285,1253024,CVE-2025-61911,CVE-2025-61912,CVE-2025-62348,CVE-2025-62349
Maintenance update for Multi-Linux Manager 5.1.1.1: Server, Proxy and Retail Branch Server
This is a codestream only update
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:18-1
Released: Mon Jan 5 11:52:25 2026
Summary: Security update for glib2
Type: security
Severity: important
References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:52-1
Released: Wed Jan 7 10:28:34 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1255731,1255732,1255733,1255734,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for curl fixes the following issues:
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:215-1
Released: Thu Jan 22 13:10:16 2026
Summary: Security update for gpg2
Type: security
Severity: important
References: 1255715,1256243,1256244,1256246,1256390,CVE-2025-68973
This update for gpg2 fixes the following issues:
- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix a memory leak in gpg2 agent (bsc#1256243).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:221-1
Released: Thu Jan 22 13:15:35 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1256105,CVE-2025-14017
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:224-1
Released: Thu Jan 22 13:18:20 2026
Summary: Security update for libtasn1
Type: security
Severity: moderate
References: 1256341,CVE-2025-13151
This update for libtasn1 fixes the following issues:
- CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:230-1
Released: Thu Jan 22 13:22:31 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1254666,CVE-2025-14104
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:286-1
Released: Sat Jan 24 00:35:35 2026
Summary: Security update for glib2
Type: security
Severity: low
References: 1257049,CVE-2026-0988
This update for glib2 fixes the following issues:
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:309-1
Released: Wed Jan 28 10:36:32 2026
Summary: Security update for openssl-3
Type: security
Severity: critical
References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:314-1
Released: Wed Jan 28 14:28:46 2026
Summary: Security update for python311
Type: security
Severity: moderate
References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837
This update for python311 fixes the following issues:
- CVE-2025-12084: prevent quadratic behavior in node ID cache clearing (bsc#1254997).
- CVE-2025-13836: prevent reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length (bsc#1254400).
- CVE-2025-13837: protect against OOM when loading malicious content (bsc#1254401).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:331-1
Released: Wed Jan 28 18:12:49 2026
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:371-1
Released: Tue Feb 3 19:08:49 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:
Security fixes:
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).
Other fixes:
- NPTL: Optimize trylock for high cache contention workloads (bsc#1256437).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:373-1
Released: Wed Feb 4 03:50:41 2026
Summary: Security update for glib2
Type: security
Severity: important
References: 1257353,1257354,1257355,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:407-1
Released: Mon Feb 9 07:43:45 2026
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1228081,1244449,1248356,1254202,1254293,1254563,1256427
This update for systemd fixes the following issues:
- Name libsystemd-{shared,core} based on the major version of systemd and
the package release number (bsc#1228081, bsc#1256427)
This way, both the old and new versions of the shared libraries will be
present during the update. This should prevent issues during package updates
when incompatible changes are introduced in the new versions of the shared libraries.
- detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)
- timer: rebase last_trigger timestamp if needed
- timer: rebase the next elapse timestamp only if timer didn't already run
- timer: don't run service immediately after restart of a timer (bsc#1254563)
- test: check the next elapse timer timestamp after deserialization
- test: restarting elapsed timer shouldn't trigger the corresponding service
- Reintroduce systemd-network as a transitional dummy package containing no files (bsc#1254202)
The contents of this package were split into two independent packages:
systemd-networkd and systemd-resolved. However, the initial replacement caused
both network services to be disabled. Consequently, the original package has
been restored as an empty transitional package to prevent the disabling of the services.
It can be safely removed once the update is complete.
- units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
- units: add dep on systemd-logind.service by user at .service
- detect-virt: add bare-metal support for GCE (bsc#1244449)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:432-1
Released: Wed Feb 11 10:11:56 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1248586,1254670,CVE-2025-7709
This update for sqlite3 fixes the following issues:
- Update to v3.51.2:
- CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:434-1
Released: Wed Feb 11 10:23:18 2026
Summary: Security update for gpg2
Type: security
Severity: important
References: 1256389,1257396,CVE-2026-24882
This update for gpg2 fixes the following issues:
Security fixes:
- CVE-2026-24882: Fixed stack-based buffer overflow in TPM2
PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396)
- Fixed GnuPG accepting Path Separators and Path Traversals in Literal
Data 'Filename' Field (bsc#1256389)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:605-1
Released: Tue Feb 24 12:19:11 2026
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1247850,1247858,1250553,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757
This update for libxml2 fixes the following issues:
- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
- CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858)
- CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth. (bsc#1256805, bsc#1256810)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:624-1
Released: Wed Feb 25 10:40:30 2026
Summary: Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server
Type: recommended
Severity: important
References: 1240532,1246130,1247644,1247687,1247721,1248848,1249155,1249400,1250940,1250976,1250981,1251044,1251138,1252020,1253282,1253347,1253738,1253773,1253966,1254316,1254325,1254400,1254478,1254903,1254904,1254905,1255781,1256991,1257147,1257255,1257538,1257992,1258082,1258164,CVE-2025-13836,CVE-2025-67724,CVE-2025-67725,CVE-2025-67726
Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server
This is a codestream only update
The following package changes have been done:
- cracklib-dict-small-2.9.11-150600.1.90 added
- file-magic-5.32-7.14.1 added
- libldap-data-2.4.46-150600.23.21 added
- libsemanage-conf-3.5-150600.1.48 added
- libtirpc-netconfig-1.3.4-150300.3.23.1 added
- system-user-root-20190513-3.3.1 added
- filesystem-15.0-11.8.1 added
- boost-license1_66_0-1.66.0-150200.12.7.1 added
- crypto-policies-20230920.570ea89-150600.3.12.1 added
- libssh-config-0.9.8-150600.11.6.1 added
- glibc-2.38-150600.14.40.1 added
- libuuid1-2.40.4-150700.4.3.1 added
- libsqlite3-0-3.51.2-150000.3.36.1 added
- libsmartcols1-2.40.4-150700.4.3.1 added
- libsasl2-3-2.1.28-150600.7.14.1 added
- libgcc_s1-15.2.0+git10201-150000.1.6.1 added
- libbrotlicommon1-1.0.7-150200.3.5.1 added
- libstdc++6-15.2.0+git10201-150000.1.6.1 added
- libbrotlidec1-1.0.7-150200.3.5.1 added
- libncurses6-6.1-150000.5.30.1 added
- terminfo-base-6.1-150000.5.30.1 added
- libboost_system1_66_0-1.66.0-150200.12.7.1 added
- ncurses-utils-6.1-150000.5.30.1 added
- libboost_thread1_66_0-1.66.0-150200.12.7.1 added
- libreadline7-7.0-150400.27.6.1 added
- bash-4.4-150400.27.6.1 added
- bash-sh-4.4-150400.27.6.1 added
- libzstd1-1.5.7-150700.1.2 added
- libz1-1.2.13-150500.4.3.1 added
- libverto1-0.2.6-3.20 added
- libunistring2-0.9.10-1.1 added
- libsepol2-3.5-150600.1.49 added
- libpopt0-1.16-3.22 added
- libpcre2-8-0-10.42-150600.1.26 added
- libnpth0-1.5-2.11 added
- libnghttp2-14-1.64.0-150700.1.5 added
- liblzma5-5.4.1-150600.3.3.1 added
- liblua5_3-5-5.3.6-3.6.1 added
- libkeyutils1-1.6.3-5.6.1 added
- libjitterentropy3-3.4.1-150000.1.12.1 added
- libgpg-error0-1.50-150700.1.8 added
- libgmp10-6.1.2-4.9.1 added
- libeconf0-0.5.2-150400.3.6.1 added
- libcrypt1-4.4.15-150300.4.7.1 added
- libcom_err2-1.47.0-150600.4.6.2 added
- libcap2-2.63-150400.3.3.1 added
- libcap-ng0-0.7.9-4.37 added
- libbz2-1-1.0.8-150400.1.122 added
- libaudit1-3.0.6-150400.4.16.1 added
- libattr1-2.4.47-2.19 added
- fillup-1.42-2.18 added
- libyaml-cpp0_6-0.6.3-150400.4.3.1 added
- libsigc-2_0-0-2.12.1-150600.1.2 added
- login_defs-4.8.1-150600.17.9.1 added
- cpio-2.13-150400.3.6.1 added
- libmagic1-5.32-7.14.1 added
- libcrack2-2.9.11-150600.1.90 added
- cracklib-2.9.11-150600.1.90 added
- libidn2-0-2.2.0-3.6.1 added
- libksba8-1.6.4-150600.1.2 added
- libassuan0-2.5.5-150000.4.7.1 added
- libzio1-1.06-2.20 added
- libacl1-2.2.52-4.3.1 added
- libpsl5-0.20.1-150000.3.3.1 added
- info-6.5-4.17 added
- pinentry-1.1.0-4.3.1 added
- grep-3.11-150700.1.8 added
- diffutils-3.6-4.3.1 added
- libelf1-0.185-150400.5.8.3 added
- libselinux1-3.5-150600.3.3.1 added
- libglib-2_0-0-2.78.6-150600.4.35.1 added
- libxml2-2-2.12.10-150700.4.11.1 added
- libopenssl3-3.2.3-150700.5.24.1 added
- libgcrypt20-1.11.0-150700.5.7.1 added
- libblkid1-2.40.4-150700.4.3.1 added
- perl-base-5.26.1-150300.17.20.1 added
- libudev1-254.27-150600.4.55.1 added
- libdw1-0.185-150400.5.8.3 added
- coreutils-8.32-150400.9.9.1 added
- libopenssl-3-fips-provider-3.2.3-150700.5.24.1 added
- krb5-1.20.1-150600.11.14.1 added
- libmount1-2.40.4-150700.4.3.1 added
- libfdisk1-2.40.4-150700.4.3.1 added
- libssh4-0.9.8-150600.11.6.1 added
- sed-4.9-150600.1.4 added
- libsemanage2-3.5-150600.1.48 added
- findutils-4.10.0-150700.2.6 added
- libzck1-1.5.1-150700.1.2 added
- libldap-2_4-2-2.4.46-150600.23.21 added
- libusb-1_0-0-1.0.24-150400.3.3.1 added
- sles-release-15.7-150700.28.1 added
- rpm-config-SUSE-1-150400.14.3.1 added
- permissions-20240826-150700.14.4 added
- patterns-base-fips-20200124-150700.36.1 added
- libtirpc3-1.3.4-150300.3.23.1 added
- libnsl2-1.2.0-2.44 added
- libcurl4-8.14.1-150700.7.11.1 added
- gpg2-2.4.4-150600.3.15.1 added
- libsolv-tools-base-0.7.35-150700.11.5.2 added
- pam-1.3.0-150000.6.86.1 added
- libgpgme11-1.23.0-150600.3.5.1 added
- shadow-4.8.1-150600.17.9.1 added
- sysuser-shadow-3.2-150400.3.5.3 added
- system-group-hardware-20170617-150400.24.2.1 added
- libutempter0-1.1.6-3.42 added
- util-linux-2.40.4-150700.4.3.1 added
- aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 added
- libffi7-3.2.1.git259-10.8 added
- netcfg-11.6-150000.3.6.1 added
- openssl-3.2.3-150700.1.1 added
- libp11-kit0-0.23.22-150500.8.3.1 added
- libtasn1-6-4.13-150000.4.14.1 added
- libtasn1-4.13-150000.4.14.1 added
- openssl-3-3.2.3-150700.5.24.1 added
- p11-kit-0.23.22-150500.8.3.1 added
- p11-kit-tools-0.23.22-150500.8.3.1 added
- ca-certificates-2+git20240416.98ae794-150300.4.3.3 added
- ca-certificates-mozilla-2.74-150200.41.1 added
- update-alternatives-1.19.0.4-150000.4.7.1 added
- libyaml-0-2-0.1.7-150000.3.4.1 added
- libexpat1-2.7.1-150700.3.6.1 added
- libpython3_11-1_0-3.11.14-150600.3.41.2 added
- python311-base-3.11.14-150600.3.41.2 added
- python311-MarkupSafe-2.1.3-150400.11.5.2 added
- python311-Jinja2-3.1.2-150400.12.14.1 added
- python311-packaging-23.2-150600.1.1 added
- python311-distro-1.9.0-150600.3.2.1 added
- python311-msgpack-1.0.7-150600.3.2.1 added
- python311-PyYAML-6.0.2-150600.10.3.1 added
- python311-looseversion-1.3.0-150400.10.6.1 added
- python311-six-1.16.0-150400.18.11.1 added
- python311-python-dateutil-2.8.2-150400.5.6.1 added
- python311-immutables-0.19-150400.10.5.1 added
- python311-contextvars-2.4-150400.10.5.1 added
- salt-3006.0-150700.14.12.14 added
- python311-salt-3006.0-150700.14.12.14 added
- python311-saline-2025.08.07-150700.3.3.6 added
- saline-2025.08.07-150700.3.3.6 added
- libopenssl1_1-1.1.1w-150700.11.11.1 added
- container:bci-bci-base-15.7-b5348ae5fdbf31d45ff492a751e4d0215af00ce3a6d2330478239aa70431ecf5-0 updated
More information about the sle-container-updates
mailing list