SUSE-CU-2021:596-1: Security update of trento/trento-db
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Dec 22 08:29:43 UTC 2021
SUSE Container Update Advisory: trento/trento-db
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:596-1
Container Tags : trento/trento-db:14.1 , trento/trento-db:14.1-rev1.0.0 , trento/trento-db:14.1-rev1.0.0-build2.2.1 , trento/trento-db:latest
Container Release : 2.2.1
Severity : critical
Type : security
References : 1007715 1009532 1011548 1029961 1033084 1033085 1033086 1033087
1033088 1033089 1033090 1038194 1040589 1041090 1047218 1049382
1051143 1057452 1065270 1071321 1073299 1073313 1078466 1081947
1082318 1082318 1083473 1084812 1084842 1084934 1087550 1087982
1088279 1088524 1089640 1093392 1094222 1096191 1096974 1096984
1097073 1098449 1099521 1100369 1102046 1102310 1102564 1103320
1103320 1104531 1104700 1105166 1106014 1106390 1107066 1107067
1109160 1110304 1110700 1111019 1111388 1111973 1112310 1112500
1112723 1112726 1113554 1114592 1114845 1115408 1115640 1115929
1116658 1118364 1118367 1118368 1120402 1123043 1123685 1123919
1125007 1126117 1126118 1126119 1128220 1128246 1128383 1128828
1129576 1130557 1133297 1133808 1134193 1134217 1134353 1134524
1135123 1135254 1135709 1136234 1136717 1137624 1137832 1138793
1138869 1138939 1139083 1139083 1139937 1139939 1140016 1140647
1141059 1141897 1142614 1142649 1142654 1143194 1143273 1144047
1144793 1145716 1146705 1146866 1148517 1148643 1148987 1149145
1149429 1149995 1150451 1151023 1151023 1152101 1152590 1152692
1153943 1153946 1154036 1154037 1154295 1154661 1154884 1154887
1155141 1155199 1155271 1155327 1155337 1155338 1155339 1156205
1156913 1157051 1157278 1157794 1158095 1158095 1158921 1159928
1160571 1160735 1160970 1160979 1161168 1161215 1161216 1161218
1161219 1161220 1161239 1161276 1161517 1161521 1164562 1164950
1164950 1165539 1165780 1165780 1166028 1166260 1166510 1166510
1166748 1166881 1167674 1167898 1168345 1168699 1168771 1169357
1169512 1169569 1169582 1169944 1170527 1170667 1170713 1170771
1170964 1171313 1171656 1171740 1171762 1171872 1171883 1171924
1171962 1172021 1172055 1172396 1172442 1172505 1172566 1172698
1172704 1172798 1172846 1172958 1173026 1173027 1173307 1173311
1173404 1173409 1173410 1173470 1173471 1173972 1173983 1174079
1174154 1174465 1174551 1174593 1174736 1174753 1174817 1175109
1175110 1175168 1175193 1175194 1175443 1175448 1175449 1175519
1175568 1175811 1175830 1175831 1175844 1176092 1176123 1176179
1176201 1176547 1176674 1177047 1177460 1177460 1177460 1177460
1177460 1177479 1177533 1177658 1177695 1177858 1177955 1178346
1178350 1178353 1178387 1178512 1178577 1178624 1178666 1178666
1178667 1178667 1178668 1178668 1178675 1178680 1178727 1178775
1178807 1178823 1178909 1178943 1178944 1178961 1178961 1179025
1179203 1179398 1179399 1179431 1179491 1179503 1179593 1179691
1179691 1179738 1179765 1179945 1179945 1180020 1180073 1180083
1180138 1180596 1180603 1180603 1180713 1181011 1181122 1181319
1181358 1181443 1181644 1181831 1181872 1182016 1182039 1182040
1182279 1182331 1182333 1182408 1182411 1182412 1182413 1182415
1182416 1182417 1182418 1182419 1182420 1182604 1182790 1182791
1182899 1182959 1183012 1183064 1183094 1183118 1183118 1183118
1183154 1183168 1183370 1183371 1183791 1183852 1183933 1183934
1184124 1184136 1184358 1184435 1184614 1184687 1184690 1184994
1184994 1185163 1185190 1185408 1185408 1185409 1185409 1185410
1185410 1185438 1185540 1185562 1185698 1185807 1185828 1185924
1185925 1185926 1185952 1185958 1185972 1186015 1186049 1186071
1186114 1186411 1186489 1186561 1186642 1186642 1187091 1187093
1187105 1187154 1187196 1187210 1187212 1187292 1187751 1187751
1187911 1187937 1188063 1188063 1188127 1188217 1188218 1188219
1188220 1188287 1188291 1188348 1188571 1188588 1188713 1189206
1189441 1189446 1189465 1189465 1189480 1189537 1189550 1189748
1189841 1190190 1190401 1190440 1190598 1190984 1191019 1191200
1191260 1191480 1191532 1191592 1191690 1191690 1191782 1191804
1191804 1191922 1192104 1192161 1192516 906079 915402 918346
953659 960273 985657 CVE-2015-0247 CVE-2015-1572 CVE-2016-3189
CVE-2017-17740 CVE-2017-3136 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609
CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-10360
CVE-2018-14404 CVE-2018-14567 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403
CVE-2018-17953 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2018-19211
CVE-2018-20843 CVE-2018-5741 CVE-2018-9251 CVE-2019-12290 CVE-2019-12749
CVE-2019-12900 CVE-2019-12900 CVE-2019-12904 CVE-2019-13057 CVE-2019-13565
CVE-2019-13627 CVE-2019-14250 CVE-2019-14866 CVE-2019-14889 CVE-2019-14889
CVE-2019-15847 CVE-2019-15903 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218
CVE-2019-18224 CVE-2019-19956 CVE-2019-19956 CVE-2019-20388 CVE-2019-5021
CVE-2019-5094 CVE-2019-5188 CVE-2019-6477 CVE-2019-6706 CVE-2019-7150
CVE-2019-7665 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 CVE-2019-9893
CVE-2020-11080 CVE-2020-11501 CVE-2020-12049 CVE-2020-12243 CVE-2020-13529
CVE-2020-13844 CVE-2020-14349 CVE-2020-14350 CVE-2020-15719 CVE-2020-1730
CVE-2020-1971 CVE-2020-24370 CVE-2020-24371 CVE-2020-24977 CVE-2020-25692
CVE-2020-25694 CVE-2020-25694 CVE-2020-25695 CVE-2020-25695 CVE-2020-25696
CVE-2020-25696 CVE-2020-25709 CVE-2020-25710 CVE-2020-28196 CVE-2020-35512
CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225
CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230
CVE-2020-7595 CVE-2020-8023 CVE-2020-8025 CVE-2020-8027 CVE-2020-8169
CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286
CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620
CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2021-20229
CVE-2021-22876 CVE-2021-22890 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923
CVE-2021-22924 CVE-2021-22925 CVE-2021-23214 CVE-2021-23222 CVE-2021-23840
CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-32027
CVE-2021-32028 CVE-2021-32029 CVE-2021-33560 CVE-2021-33574 CVE-2021-33910
CVE-2021-33910 CVE-2021-3393 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516
CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520
CVE-2021-3537 CVE-2021-3541 CVE-2021-35942 CVE-2021-36222 CVE-2021-3677
CVE-2021-38185 CVE-2021-38185 SLE-5807 SLE-6533 SLE-6536 SLE-9132
-----------------------------------------------------------------
The container trento/trento-db was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2018:1353-1
Released: Thu Jul 19 09:50:32 2018
Summary: Security update for e2fsprogs
Type: security
Severity: moderate
References: 1009532,1038194,915402,918346,960273,CVE-2015-0247,CVE-2015-1572
This update for e2fsprogs fixes the following issues:
Security issues fixed:
- CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402).
- CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346).
Bug fixes:
- bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system.
- bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system.
- bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1999-1
Released: Tue Sep 25 08:20:35 2018
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1071321
This update for zlib provides the following fixes:
- Speedup zlib on power8. (fate#325307)
- Add safeguard against negative values in uInt. (bsc#1071321)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2055-1
Released: Thu Sep 27 14:30:14 2018
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1089640
This update for openldap2 provides the following fix:
- Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2018:2182-1
Released: Tue Oct 9 11:08:36 2018
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1088279,1102046,1105166,CVE-2018-14404,CVE-2018-14567,CVE-2018-9251
This update for libxml2 fixes the following security issues:
- CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a
denial of service (infinite loop) via a crafted XML file that triggers
LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279)
- CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML
file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint
(bsc#1105166)
- CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval()
function when parsing an invalid XPath expression in the XPATH_OP_AND or
XPATH_OP_OR case leading to a denial of service attack (bsc#1102046)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2370-1
Released: Mon Oct 22 14:02:01 2018
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1102310,1104531
This update for aaa_base provides the following fixes:
- Let bash.bashrc work even for (m)ksh. (bsc#1104531)
- Fix an error at login if java system directory is empty. (bsc#1102310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2569-1
Released: Fri Nov 2 19:00:18 2018
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1110700
This update for pam fixes the following issues:
- Remove limits for nproc from /etc/security/limits.conf (bsc#1110700)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2607-1
Released: Wed Nov 7 15:42:48 2018
Summary: Optional update for gcc8
Type: recommended
Severity: low
References: 1084812,1084842,1087550,1094222,1102564
The GNU Compiler GCC 8 is being added to the Development Tools Module by this
update.
The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other
gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15.
Various optimizers have been improved in GCC 8, several of bugs fixed,
quite some new warnings added and the error pin-pointing and
fix-suggestions have been greatly improved.
The GNU Compiler page for GCC 8 contains a summary of all the changes that
have happened:
https://gcc.gnu.org/gcc-8/changes.html
Also changes needed or common pitfalls when porting software are described on:
https://gcc.gnu.org/gcc-8/porting_to.html
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2018:2825-1
Released: Mon Dec 3 15:35:02 2018
Summary: Security update for pam
Type: security
Severity: important
References: 1115640,CVE-2018-17953
This update for pam fixes the following issue:
Security issue fixed:
- CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2018:2861-1
Released: Thu Dec 6 14:32:01 2018
Summary: Security update for ncurses
Type: security
Severity: important
References: 1103320,1115929,CVE-2018-19211
This update for ncurses fixes the following issues:
Security issue fixed:
- CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).
Non-security issue fixed:
- Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:44-1
Released: Tue Jan 8 13:07:32 2019
Summary: Recommended update for acl
Type: recommended
Severity: low
References: 953659
This update for acl fixes the following issues:
- test: Add helper library to fake passwd/group files.
- quote: Escape literal backslashes. (bsc#953659)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:247-1
Released: Wed Feb 6 07:18:45 2019
Summary: Security update for lua53
Type: security
Severity: moderate
References: 1123043,CVE-2019-6706
This update for lua53 fixes the following issues:
Security issue fixed:
- CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:369-1
Released: Wed Feb 13 14:01:42 2019
Summary: Recommended update for itstool
Type: recommended
Severity: moderate
References: 1065270,1111019
This update for itstool and python-libxml2-python fixes the following issues:
Package: itstool
- Updated version to support Python3. (bnc#1111019)
Package: python-libxml2-python
- Fix segfault when parsing invalid data. (bsc#1065270)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:571-1
Released: Thu Mar 7 18:13:46 2019
Summary: Security update for file
Type: security
Severity: moderate
References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in
readelf.c, which allowed remote attackers to cause a denial of service
(application crash) via a crafted ELF file (bsc#1096974)
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
(bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
(bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
(bsc#1126117)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:732-1
Released: Mon Mar 25 14:10:04 2019
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1088524,1118364,1128246
This update for aaa_base fixes the following issues:
- Restore old position of ssh/sudo source of profile (bsc#1118364).
- Update logic for JRE_HOME env variable (bsc#1128246)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1002-1
Released: Wed Apr 24 10:13:34 2019
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1110304,1129576
This update for zlib fixes the following issues:
- Fixes a segmentation fault error (bsc#1110304, bsc#1129576)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1206-1
Released: Fri May 10 14:01:55 2019
Summary: Security update for bzip2
Type: security
Severity: low
References: 985657,CVE-2016-3189
This update for bzip2 fixes the following issues:
Security issue fixed:
- CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1312-1
Released: Wed May 22 12:19:12 2019
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1096191
This update for aaa_base fixes the following issue:
* Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers
(bsc#1096191)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1368-1
Released: Tue May 28 13:15:38 2019
Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
Type: security
Severity: important
References: 1134524,CVE-2019-5021
This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:
- CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1484-1
Released: Thu Jun 13 07:46:46 2019
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1128383
This update for e2fsprogs fixes the following issues:
- Check and fix tails of all bitmap blocks (bsc#1128383)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1486-1
Released: Thu Jun 13 09:40:24 2019
Summary: Security update for elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665
This update for elfutils fixes the following issues:
Security issues fixed:
- CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084)
- CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085)
- CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088)
- CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089)
- CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090)
- CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
- CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066)
- CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726)
- CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1595-1
Released: Fri Jun 21 10:17:44 2019
Summary: Security update for dbus-1
Type: security
Severity: important
References: 1137832,CVE-2019-12749
This update for dbus-1 fixes the following issues:
Security issue fixed:
- CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which
could have allowed local attackers to bypass authentication (bsc#1137832).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1631-1
Released: Fri Jun 21 11:17:21 2019
Summary: Recommended update for xz
Type: recommended
Severity: low
References: 1135709
This update for xz fixes the following issues:
Add SUSE-Public-Domain licence as some parts of xz utils (liblzma,
xz, xzdec, lzmadec, documentation, translated messages, tests,
debug, extra directory) are in public domain licence [bsc#1135709]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1635-1
Released: Fri Jun 21 12:45:53 2019
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1134217
This update for krb5 provides the following fix:
- Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap.
(bsc#1134217)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1700-1
Released: Tue Jun 25 13:19:21 2019
Summary: Security update for libssh
Type: recommended
Severity: moderate
References: 1134193
This update for libssh fixes the following issue:
Issue addressed:
- Added support for new AES-GCM encryption types (bsc#1134193).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1808-1
Released: Wed Jul 10 13:16:29 2019
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1133808
This update for libgcrypt fixes the following issues:
- Fixed redundant fips tests in some situations causing sudo to stop
working when pam-kwallet is installed. bsc#1133808
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1835-1
Released: Fri Jul 12 18:06:31 2019
Summary: Security update for expat
Type: security
Severity: moderate
References: 1139937,CVE-2018-20843
This update for expat fixes the following issues:
Security issue fixed:
- CVE-2018-20843: Fixed a denial of service triggered by high resource consumption
in the XML parser when XML names contain a large amount of colons (bsc#1139937).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1846-1
Released: Mon Jul 15 11:36:33 2019
Summary: Security update for bzip2
Type: security
Severity: important
References: 1139083,CVE-2019-12900
This update for bzip2 fixes the following issues:
Security issue fixed:
- CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1971-1
Released: Thu Jul 25 14:58:52 2019
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1138939,CVE-2019-12904
This update for libgcrypt fixes the following issues:
Security issue fixed:
- CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1994-1
Released: Fri Jul 26 16:12:05 2019
Summary: Recommended update for libxml2
Type: recommended
Severity: moderate
References: 1135123
This update for libxml2 fixes the following issues:
- Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2004-1
Released: Mon Jul 29 13:01:59 2019
Summary: Security update for bzip2
Type: security
Severity: important
References: 1139083,CVE-2019-12900
This update for bzip2 fixes the following issues:
- Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities
with files that used many selectors (bsc#1139083).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2097-1
Released: Fri Aug 9 09:31:17 2019
Summary: Recommended update for libgcrypt
Type: recommended
Severity: important
References: 1097073
This update for libgcrypt fixes the following issues:
- Fixed a regression where system were unable to boot in fips mode, caused by an
incomplete implementation of previous change (bsc#1097073).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2134-1
Released: Wed Aug 14 11:54:56 2019
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1136717,1137624,1141059,SLE-5807
This update for zlib fixes the following issues:
- Update the s390 patchset. (bsc#1137624)
- Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059)
- Use FAT LTO objects in order to provide proper static library.
- Do not enable the previous patchset on s390 but just s390x. (bsc#1137624)
- Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2188-1
Released: Wed Aug 21 10:10:29 2019
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1140647
This update for aaa_base fixes the following issues:
- Make systemd detection cgroup oblivious. (bsc#1140647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2361-1
Released: Thu Sep 12 07:54:54 2019
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1081947,1144047
This update for krb5 contains the following fixes:
- Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2395-1
Released: Wed Sep 18 08:31:38 2019
Summary: Security update for openldap2
Type: security
Severity: moderate
References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565
This update for openldap2 fixes the following issues:
Security issue fixed:
- CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194).
- CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273).
- CVE-2017-17740: When both the nops module and the member of overlay
are enabled, attempts to free a buffer that was allocated on the stack,
which allows remote attackers to cause a denial of service (slapd crash)
via a member MODDN operation. (bsc#1073313)
Non-security issues fixed:
- Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845).
- Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388)
- Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2423-1
Released: Fri Sep 20 16:41:45 2019
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1146866,SLE-9132
This update for aaa_base fixes the following issues:
Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132)
Following settings have been tightened (and set to 0):
- net.ipv4.conf.all.accept_redirects
- net.ipv4.conf.default.accept_redirects
- net.ipv4.conf.default.accept_source_route
- net.ipv6.conf.all.accept_redirects
- net.ipv6.conf.default.accept_redirects
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2429-1
Released: Mon Sep 23 09:28:40 2019
Summary: Security update for expat
Type: security
Severity: moderate
References: 1149429,CVE-2019-15903
This update for expat fixes the following issues:
Security issues fixed:
- CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2517-1
Released: Wed Oct 2 10:49:20 2019
Summary: Security update for libseccomp
Type: security
Severity: moderate
References: 1082318,1128828,1142614,CVE-2019-9893
This update for libseccomp fixes the following issues:
Security issues fixed:
- CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828)
libseccomp was updated to new upstream release 2.4.1:
- Fix a BPF generation bug where the optimizer mistakenly
identified duplicate BPF code blocks.
libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893):
- Update the syscall table for Linux v5.0-rc5
- Added support for the SCMP_ACT_KILL_PROCESS action
- Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute
- Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension
- Added support for the parisc and parisc64 architectures
- Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3)
- Return -EDOM on an endian mismatch when adding an architecture to a filter
- Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run()
- Fix PFC generation when a syscall is prioritized, but no rule exists
- Numerous fixes to the seccomp-bpf filter generation code
- Switch our internal hashing function to jhash/Lookup3 to MurmurHash3
- Numerous tests added to the included test suite, coverage now at ~92%
- Update our Travis CI configuration to use Ubuntu 16.04
- Numerous documentation fixes and updates
libseccomp was updated to release 2.3.3:
- Updated the syscall table for Linux v4.15-rc7
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2676-1
Released: Tue Oct 15 21:06:54 2019
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1145716,1152101,CVE-2019-5094
This update for e2fsprogs fixes the following issues:
Security issue fixed:
- CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101)
Non-security issue fixed:
- libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2870-1
Released: Thu Oct 31 08:09:14 2019
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1051143,1138869,1151023
This update for aaa_base provides the following fixes:
- Check if variables can be set before modifying them to avoid warnings on login with a
restricted shell. (bsc#1138869)
- Add s390x compressed kernel support. (bsc#1151023)
- service: Check if there is a second argument before using it. (bsc#1051143)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2997-1
Released: Mon Nov 18 15:16:38 2019
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).
Non-security issue fixed:
- Removed screen.xterm from terminfo database (bsc#1103320).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3059-1
Released: Mon Nov 25 17:33:07 2019
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1155199,CVE-2019-14866
This update for cpio fixes the following issues:
- CVE-2019-14866: Fixed an improper validation of the values written
in the header of a TAR file through the to_oct() function which could
have led to unexpected TAR generation (bsc#1155199).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3061-1
Released: Mon Nov 25 17:34:22 2019
Summary: Security update for gcc9
Type: security
Severity: moderate
References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536
This update includes the GNU Compiler Collection 9.
A full changelog is provided by the GCC team on:
https://www.gnu.org/software/gcc/gcc-9/changes.html
The base system compiler libraries libgcc_s1, libstdc++6 and others are
now built by the gcc 9 packages.
To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 /
CXX=g++-9 during configuration for using it.
Security issues fixed:
- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)
Non-security issues fixed:
- Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3086-1
Released: Thu Nov 28 10:02:24 2019
Summary: Security update for libidn2
Type: security
Severity: moderate
References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224
This update for libidn2 to version 2.2.0 fixes the following issues:
- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3087-1
Released: Thu Nov 28 10:03:00 2019
Summary: Security update for libxml2
Type: security
Severity: low
References: 1123919
This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect
all CVEs that have been fixed over the past.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3118-1
Released: Fri Nov 29 14:41:35 2019
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1154295
This update for e2fsprogs fixes the following issues:
- Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3166-1
Released: Wed Dec 4 11:24:42 2019
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1007715,1084934,1157278
This update for aaa_base fixes the following issues:
- Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934)
- Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715)
- Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3267-1
Released: Wed Dec 11 11:19:53 2019
Summary: Security update for libssh
Type: security
Severity: important
References: 1158095,CVE-2019-14889
This update for libssh fixes the following issues:
- CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3392-1
Released: Fri Dec 27 13:33:29 2019
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1148987,1155338,1155339,CVE-2019-13627
This update for libgcrypt fixes the following issues:
Security issues fixed:
- CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987).
Bug fixes:
- Added CMAC AES self test (bsc#1155339).
- Added CMAC TDES self test missing (bsc#1155338).
- Fix test dsa-rfc6979 in FIPS mode.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:129-1
Released: Mon Jan 20 09:21:13 2020
Summary: Security update for libssh
Type: security
Severity: important
References: 1158095,CVE-2019-14889
This update for libssh fixes the following issues:
- CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:256-1
Released: Wed Jan 29 09:39:17 2020
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1157794,1160970
This update for aaa_base fixes the following issues:
- Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794)
- Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:265-1
Released: Thu Jan 30 14:05:34 2020
Summary: Security update for e2fsprogs
Type: security
Severity: moderate
References: 1160571,CVE-2019-5188
This update for e2fsprogs fixes the following issues:
- CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:339-1
Released: Thu Feb 6 13:03:22 2020
Summary: Recommended update for openldap2
Type: recommended
Severity: low
References: 1158921
This update for openldap2 provides the following fix:
- Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:451-1
Released: Tue Feb 25 10:50:35 2020
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1155337,1161215,1161216,1161218,1161219,1161220
This update for libgcrypt fixes the following issues:
- ECDSA: Check range of coordinates (bsc#1161216)
- FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219]
- FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215]
- FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220]
- FIPS: keywrap gives incorrect results [bsc#1161218]
- FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:480-1
Released: Tue Feb 25 17:38:22 2020
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1160735
This update for aaa_base fixes the following issues:
- Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:525-1
Released: Fri Feb 28 11:49:36 2020
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1164562
This update for pam fixes the following issues:
- Add libdb as build-time dependency to enable pam_userdb module.
Enable pam_userdb.so (jsc#sle-7258, bsc#1164562)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:597-1
Released: Thu Mar 5 15:24:09 2020
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1164950
This update for libgcrypt fixes the following issues:
- FIPS: Run the self-tests from the constructor [bsc#1164950]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:633-1
Released: Tue Mar 10 16:23:08 2020
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1139939,1151023
This update for aaa_base fixes the following issues:
- get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939)
- added '-h'/'--help' to the command old
- change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:689-1
Released: Fri Mar 13 17:09:01 2020
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1166510
This update for PAM fixes the following issue:
- The license of libdb linked against pam_userdb is not always wanted,
so we temporary disabled pam_userdb again. It will be published
in a different package at a later time. (bsc#1166510)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:846-1
Released: Thu Apr 2 07:24:07 2020
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1164950,1166748,1167674
This update for libgcrypt fixes the following issues:
- FIPS: Remove an unneeded check in _gcry_global_constructor (bsc#1164950)
- FIPS: Fix drbg to be threadsafe (bsc#1167674)
- FIPS: Run self-tests from constructor during power-on [bsc#1166748]
* Set up global_init as the constructor function:
* Relax the entropy requirements on selftest. This is especially
important for virtual machines to boot properly before the RNG
is available:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:917-1
Released: Fri Apr 3 15:02:25 2020
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1166510
This update for pam fixes the following issues:
- Moved pam_userdb into a separate package pam-extra. (bsc#1166510)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:948-1
Released: Wed Apr 8 07:44:21 2020
Summary: Security update for gmp, gnutls, libnettle
Type: security
Severity: moderate
References: 1152692,1155327,1166881,1168345,CVE-2020-11501
This update for gmp, gnutls, libnettle fixes the following issues:
Security issue fixed:
- CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345)
FIPS related bugfixes:
- FIPS: Install checksums for binary integrity verification which are
required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
- FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if
input is shorter than block size. (bsc#1166881)
- FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:961-1
Released: Wed Apr 8 13:34:06 2020
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1160979
This update for e2fsprogs fixes the following issues:
- e2fsck: clarify overflow link count error message (bsc#1160979)
- ext2fs: update allocation info earlier in ext2fs_mkdir() (bsc#1160979)
- ext2fs: implement dir entry creation in htree directories (bsc#1160979)
- tests: add test to excercise indexed directories with metadata_csum (bsc#1160979)
- tune2fs: update dir checksums when clearing dir_index feature (bsc#1160979)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:967-1
Released: Thu Apr 9 11:41:53 2020
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1168699,CVE-2020-1730
This update for libssh fixes the following issues:
- CVE-2020-1730: Fixed a possible denial of service when using AES-CTR (bsc#1168699).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1063-1
Released: Wed Apr 22 10:46:50 2020
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1165539,1169569
This update for libgcrypt fixes the following issues:
This update for libgcrypt fixes the following issues:
- FIPS: Switch the PCT to use the new signature operation (bsc#1165539)
- FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC (bsc#1165539)
- Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates.
- Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1214-1
Released: Thu May 7 11:20:34 2020
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1169944
This update for libgcrypt fixes the following issues:
- FIPS: libgcrypt: Fixed a double free in test_keys() on failed signature verification (bsc#1169944)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1219-1
Released: Thu May 7 17:10:42 2020
Summary: Security update for openldap2
Type: security
Severity: important
References: 1170771,CVE-2020-12243
This update for openldap2 fixes the following issues:
- CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1226-1
Released: Fri May 8 10:51:05 2020
Summary: Recommended update for gcc9
Type: recommended
Severity: moderate
References: 1149995,1152590,1167898
This update for gcc9 fixes the following issues:
This update ships the GCC 9.3 release.
- Includes a fix for Internal compiler error when building HepMC (bsc#1167898)
- Includes fix for binutils version parsing
- Add libstdc++6-pp provides and conflicts to avoid file conflicts
with same minor version of libstdc++6-pp from gcc10.
- Add gcc9 autodetect -g at lto link (bsc#1149995)
- Install go tool buildid for bootstrapping go
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1294-1
Released: Mon May 18 07:38:36 2020
Summary: Security update for file
Type: security
Severity: moderate
References: 1154661,1169512,CVE-2019-18218
This update for file fixes the following issues:
Security issues fixed:
- CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661).
Non-security issue fixed:
- Fixed broken '--help' output (bsc#1169512).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1299-1
Released: Mon May 18 07:43:21 2020
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1159928,1161517,1161521,CVE-2019-19956,CVE-2019-20388,CVE-2020-7595
This update for libxml2 fixes the following issues:
- CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521).
- CVE-2019-19956: Fixed a memory leak (bsc#1159928).
- CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1328-1
Released: Mon May 18 17:16:04 2020
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1155271
This update for grep fixes the following issues:
- Update testsuite expectations, no functional changes (bsc#1155271)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1361-1
Released: Thu May 21 09:31:18 2020
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1171872
This update for libgcrypt fixes the following issues:
- FIPS: RSA/DSA/ECC test_keys() print out debug messages only in debug mode (bsc#1171872)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1370-1
Released: Thu May 21 19:06:00 2020
Summary: Recommended update for systemd-presets-branding-SLE
Type: recommended
Severity: moderate
References: 1171656
This update for systemd-presets-branding-SLE fixes the following issues:
Cleanup of outdated autostart services (bsc#1171656):
- Remove acpid.service. acpid is only available on SLE via openSUSE
backports. In openSUSE acpid.service is *not* autostarted. I see no
reason why it should be on SLE.
- Remove spamassassin.timer. This timer never seems to have existed.
Instead spamassassin ships a 'sa-update.timer'. But it is not
default-enabled and nobody ever complained about this.
- Remove snapd.apparmor.service: This service was proactively added a year
ago, but snapd didn't even make it into openSUSE yet. There's no reason
to keep this entry unless snapd actually enters SLE which is not
foreseeable.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1404-1
Released: Mon May 25 15:32:34 2020
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1138793,1166260
This update for zlib fixes the following issues:
- Including the latest fixes from IBM (bsc#1166260)
IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements
deflate algorithm in hardware with estimated compression and decompression performance
orders of magnitude faster than the current zlib and ratio comparable with that of level 1.
- Add SUSE specific fix to solve bsc#1138793.
The fix will avoid to test if the app was linked with exactly same version of zlib
like the one that is present on the runtime.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1506-1
Released: Fri May 29 17:22:11 2020
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1087982,1170527
This update for aaa_base fixes the following issues:
- Not all XTerm based emulators do have a terminfo entry. (bsc#1087982)
- Better support of Midnight Commander. (bsc#1170527)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1532-1
Released: Thu Jun 4 10:16:12 2020
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1172021,CVE-2019-19956
This update for libxml2 fixes the following issues:
- CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1733-1
Released: Wed Jun 24 09:43:36 2020
Summary: Security update for curl
Type: security
Severity: important
References: 1173026,1173027,CVE-2020-8169,CVE-2020-8177
This update for curl fixes the following issues:
- CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious
server to overwrite a local file when using the -J option (bsc#1173027).
- CVE-2020-8169: Fixed an issue where could have led to partial password leak
over DNS on HTTP redirect (bsc#1173026).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1759-1
Released: Thu Jun 25 18:44:37 2020
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1169357
This update for krb5 fixes the following issue:
- Call systemd to reload the services instead of init-scripts. (bsc#1169357)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1795-1
Released: Mon Jun 29 11:22:45 2020
Summary: Recommended update for lvm2
Type: recommended
Severity: important
References: 1172566
This update for lvm2 fixes the following issues:
- Fix potential data loss problem with LVM cache (bsc#1172566)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1396-1
Released: Fri Jul 3 12:33:05 2020
Summary: Security update for zstd
Type: security
Severity: moderate
References: 1082318,1133297
This update for zstd fixes the following issues:
- Fix for build error caused by wrong static libraries. (bsc#1133297)
- Correction in spec file marking the license as documentation. (bsc#1082318)
- Add new package for SLE-15. (jsc#ECO-1886)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1856-1
Released: Mon Jul 6 17:05:51 2020
Summary: Security update for openldap2
Type: security
Severity: important
References: 1172698,1172704,CVE-2020-8023
This update for openldap2 fixes the following issues:
- CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698).
- Changed DB_CONFIG to root:ldap permissions (bsc#1172704).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1954-1
Released: Sat Jul 18 03:07:15 2020
Summary: Recommended update for cracklib
Type: recommended
Severity: moderate
References: 1172396
This update for cracklib fixes the following issues:
- Fixed a buffer overflow when processing long words.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2006-1
Released: Wed Jul 22 16:00:52 2020
Summary: Recommended update for postgresql, postgresql12
Type: recommended
Severity: moderate
References: 1148643,1171924
This update for postgresql, postgresql12 fixes the following issues:
Postgresql12 was updated to 12.3 (bsc#1171924).
- https://www.postgresql.org/about/news/2038/
- https://www.postgresql.org/docs/12/release-12-3.html
- Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get
a clean and complete cutover to the new packaging schema.
Also changed in the postgresql wrapper package:
- Bump version to 12.0.1, so that the binary packages also have
a cut-point to conflict with.
- Conflict with versions of the binary packages prior to the
May 2020 update, because we changed the package layout at that
point and need a clean cutover.
- Bump package version to 12, but leave default at 10 for
SLE-15 and SLE-15-SP1.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2083-1
Released: Thu Jul 30 10:27:59 2020
Summary: Recommended update for diffutils
Type: recommended
Severity: moderate
References: 1156913
This update for diffutils fixes the following issue:
- Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2265-1
Released: Tue Aug 18 12:08:55 2020
Summary: Security update for postgresql12
Type: security
Severity: important
References: 1175193,1175194,CVE-2020-14349,CVE-2020-14350
This update for postgresql12 fixes the following issues:
- update to 12.4:
* CVE-2020-14349, bsc#1175193: Set a secure search_path in
logical replication walsenders and apply workers
* CVE-2020-14350, bsc#1175194: Make contrib modules' installation
scripts more secure.
* https://www.postgresql.org/docs/12/release-12-4.html
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2384-1
Released: Sat Aug 29 00:57:13 2020
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: low
References: 1170964
This update for e2fsprogs fixes the following issues:
- Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2420-1
Released: Tue Sep 1 13:48:35 2020
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1174551,1174736
This update for zlib provides the following fixes:
- Permit a deflateParams() parameter change as soon as possible. (bsc#1174736)
- Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2445-1
Released: Wed Sep 2 09:33:02 2020
Summary: Security update for curl
Type: security
Severity: moderate
References: 1175109,CVE-2020-8231
This update for curl fixes the following issues:
- An application that performs multiple requests with libcurl's
multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in
rare circumstances experience that when subsequently using the
setup connect-only transfer, libcurl will pick and use the wrong
connection and instead pick another one the application has
created since then. [bsc#1175109, CVE-2020-8231]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2581-1
Released: Wed Sep 9 13:07:07 2020
Summary: Security update for openldap2
Type: security
Severity: moderate
References: 1174154,CVE-2020-15719
This update for openldap2 fixes the following issues:
- bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509
SAN's falling back to CN validation in violation of rfc6125.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2612-1
Released: Fri Sep 11 11:18:01 2020
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1176179,CVE-2020-24977
This update for libxml2 fixes the following issues:
- CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2651-1
Released: Wed Sep 16 14:42:55 2020
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1175811,1175830,1175831
This update for zlib fixes the following issues:
- Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831)
- Enable hardware compression on s390/s390x (jsc#SLE-13776)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2704-1
Released: Tue Sep 22 15:06:36 2020
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1174079
This update for krb5 fixes the following issue:
- Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2712-1
Released: Tue Sep 22 17:08:03 2020
Summary: Security update for openldap2
Type: security
Severity: moderate
References: 1175568,CVE-2020-8027
This update for openldap2 fixes the following issues:
- CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2850-1
Released: Fri Oct 2 12:26:03 2020
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1175110
This update for lvm2 fixes the following issues:
- Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2852-1
Released: Fri Oct 2 16:55:39 2020
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1173470,1175844
This update for openssl-1_1 fixes the following issues:
FIPS:
* Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470).
* Add shared secret KAT to FIPS DH selftest (bsc#1175844).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2869-1
Released: Tue Oct 6 16:13:20 2020
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1011548,1153943,1153946,1161239,1171762
This update for aaa_base fixes the following issues:
- DIR_COLORS (bug#1006973):
- add screen.xterm-256color
- add TERM rxvt-unicode-256color
- sort and merge TERM entries in etc/DIR_COLORS
- check for Packages.db and use this instead of Packages. (bsc#1171762)
- Rename path() to _path() to avoid using a general name.
- refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548)
- etc/profile add some missing ;; in case esac statements
- profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946)
- backup-rpmdb: exit if zypper is running (bsc#1161239)
- Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2893-1
Released: Mon Oct 12 14:14:55 2020
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1177479
This update for openssl-1_1 fixes the following issues:
- Restore private key check in EC_KEY_check_key (bsc#1177479)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2914-1
Released: Tue Oct 13 17:25:20 2020
Summary: Security update for bind
Type: security
Severity: moderate
References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624
This update for bind fixes the following issues:
BIND was upgraded to version 9.16.6:
Note:
- bind is now more strict in regards to DNSSEC. If queries are not working,
check for DNSSEC issues. For instance, if bind is used in a namserver
forwarder chain, the forwarding DNS servers must support DNSSEC.
Fixing security issues:
- CVE-2020-8616: Further limit the number of queries that can be triggered from
a request. Root and TLD servers are no longer exempt
from max-recursion-queries. Fetches for missing name server. (bsc#1171740)
Address records are limited to 4 for any domain.
- CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an
assertion failure. (bsc#1171740)
- CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass
the tcp-clients limit (bsc#1157051).
- CVE-2018-5741: Fixed the documentation (bsc#1109160).
- CVE-2020-8618: It was possible to trigger an INSIST when determining
whether a record would fit into a TCP message buffer (bsc#1172958).
- CVE-2020-8619: It was possible to trigger an INSIST in
lib/dns/rbtdb.c:new_reference() with a particular zone content
and query patterns (bsc#1172958).
- CVE-2020-8624: 'update-policy' rules of type 'subdomain' were
incorrectly treated as 'zonesub' rules, which allowed
keys used in 'subdomain' rules to update names outside
of the specified subdomains. The problem was fixed by
making sure 'subdomain' rules are again processed as
described in the ARM (bsc#1175443).
- CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code
determining the number of bits in the PKCS#11 RSA public
key with a specially crafted packet (bsc#1175443).
- CVE-2020-8621: named could crash in certain query resolution scenarios
where QNAME minimization and forwarding were both
enabled (bsc#1175443).
- CVE-2020-8620: It was possible to trigger an assertion failure by
sending a specially crafted large TCP DNS message (bsc#1175443).
- CVE-2020-8622: It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request (bsc#1175443).
Other issues fixed:
- Add engine support to OpenSSL EdDSA implementation.
- Add engine support to OpenSSL ECDSA implementation.
- Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.
- Warn about AXFR streams with inconsistent message IDs.
- Make ISC rwlock implementation the default again.
- Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168)
- Installed the default files in /var/lib/named and created
chroot environment on systems using transactional-updates (bsc#1100369, fate#325524)
- Fixed an issue where bind was not working in FIPS mode (bsc#906079).
- Fixed dependency issues (bsc#1118367 and bsc#1118368).
- GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205).
- Fixed an issue with FIPS (bsc#1128220).
- The liblwres library is discontinued upstream and is no longer included.
- Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713).
- Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE.
- The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours.
- Zone timers are now exported via statistics channel.
- The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored.
- 'rndc dnstap -roll <value>' did not limit the number of saved files to <value>.
- Add 'rndc dnssec -status' command.
- Addressed a couple of situations where named could crash.
- Changed /var/lib/named to owner root:named and perms rwxrwxr-t
so that named, being a/the only member of the 'named' group
has full r/w access yet cannot change directories owned by root
in the case of a compromized named.
[bsc#1173307, bind-chrootenv.conf]
- Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983).
- Removed '-r /dev/urandom' from all invocations of rndc-confgen
(init/named system/lwresd.init system/named.init in vendor-files)
as this option is deprecated and causes rndc-confgen to fail.
(bsc#1173311, bsc#1176674, bsc#1170713)
- /usr/bin/genDDNSkey: Removing the use of the -r option in the call
of /usr/sbin/dnssec-keygen as BIND now uses the random number
functions provided by the crypto library (i.e., OpenSSL or a
PKCS#11 provider) as a source of randomness rather than /dev/random.
Therefore the -r command line option no longer has any effect on
dnssec-keygen. Leaving the option in genDDNSkey as to not break
compatibility. Patch provided by Stefan Eisenwiener.
[bsc#1171313]
- Put libns into a separate subpackage to avoid file conflicts
in the libisc subpackage due to different sonums (bsc#1176092).
- Require /sbin/start_daemon: both init scripts, the one used in
systemd context as well as legacy sysv, make use of start_daemon.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2947-1
Released: Fri Oct 16 15:23:07 2020
Summary: Security update for gcc10, nvptx-tools
Type: security
Severity: moderate
References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844
This update for gcc10, nvptx-tools fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by
the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them
via:
CC=gcc-10
CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
Changes in nvptx-tools:
- Enable build on aarch64
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2983-1
Released: Wed Oct 21 15:03:03 2020
Summary: Recommended update for file
Type: recommended
Severity: moderate
References: 1176123
This update for file fixes the following issues:
- Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3313-1
Released: Thu Nov 12 16:07:37 2020
Summary: Security update for openldap2
Type: security
Severity: important
References: 1178387,CVE-2020-25692
This update for openldap2 fixes the following issues:
- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3377-1
Released: Thu Nov 19 09:29:32 2020
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1178512,CVE-2020-28196
This update for krb5 fixes the following security issue:
- CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3462-1
Released: Fri Nov 20 13:14:35 2020
Summary: Recommended update for pam and sudo
Type: recommended
Severity: moderate
References: 1174593,1177858,1178727
This update for pam and sudo fixes the following issue:
pam:
- pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
- Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)
sudo:
- Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3463-1
Released: Fri Nov 20 13:49:58 2020
Summary: Security update for postgresql12
Type: security
Severity: important
References: 1178666,1178667,1178668,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696
This update for postgresql12 fixes the following issues:
- Upgrade to version 12.5:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/12/release-12-5.html
- Stop building the mini and lib packages as they are now coming
from postgresql13.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3620-1
Released: Thu Dec 3 17:03:55 2020
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References:
This update for pam fixes the following issues:
- Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720)
- Check whether the password contains a substring of of the user's name of at least `<N>` characters length in
some form. This is enabled by the new parameter `usersubstr=<N>`
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3703-1
Released: Mon Dec 7 20:17:32 2020
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1179431
This update for aaa_base fixes the following issue:
- Avoid semicolon within (t)csh login script on S/390. (bsc#1179431)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3721-1
Released: Wed Dec 9 13:36:46 2020
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1179491,CVE-2020-1971
This update for openssl-1_1 fixes the following issues:
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3735-1
Released: Wed Dec 9 18:19:24 2020
Summary: Security update for curl
Type: security
Severity: moderate
References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286
This update for curl fixes the following issues:
- CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593).
- CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399).
- CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3791-1
Released: Mon Dec 14 17:39:19 2020
Summary: Recommended update for gzip
Type: recommended
Severity: moderate
References:
This update for gzip fixes the following issue:
- Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775)
Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Type: recommended
Severity: moderate
References: 1180138
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3943-1
Released: Tue Dec 29 12:24:45 2020
Summary: Recommended update for libxml2
Type: recommended
Severity: moderate
References: 1178823
This update for libxml2 fixes the following issues:
Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823)
* key/unique/keyref schema attributes currently use quadratic loops
to check their various constraints (that keys are unique and that
keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:6-1
Released: Mon Jan 4 07:05:06 2021
Summary: Recommended update for libdlm
Type: recommended
Severity: moderate
References: 1098449,1144793,1168771,1177533,1177658
This update for libdlm fixes the following issues:
- Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449)
- Add support for type 'uint64_t' to corosync ringid. (bsc#1168771)
- Include some fixes/enhancements for dlm_controld. (bsc#1144793)
- Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:105-1
Released: Tue Jan 12 19:50:06 2021
Summary: Recommended update for postgresql12
Type: recommended
Severity: low
References: 1178961
This update for postgresql12 fixes the following issues:
- Marked symlinks to pg_config and ecpg as ghost files, so that rpm doesn't complain
when they are not there (bsc#1178961)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:129-1
Released: Thu Jan 14 12:26:15 2021
Summary: Security update for openldap2
Type: security
Severity: moderate
References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710
This update for openldap2 fixes the following issues:
Security issues fixed:
- CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
- CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
Non-security issue fixed:
- Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:152-1
Released: Fri Jan 15 17:04:47 2021
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1179691,1179738
This update for lvm2 fixes the following issues:
- Fix for lvm2 to use udev as external device by default. (bsc#1179691)
- Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:175-1
Released: Wed Jan 20 09:23:50 2021
Summary: Security update for postgresql, postgresql13
Type: security
Severity: moderate
References: 1178666,1178667,1178668,1178961,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696
This update for postgresql, postgresql13 fixes the following issues:
This update ships postgresql13.
Upgrade to version 13.1:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
(obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/13/release-13-1.html
Initial packaging of PostgreSQL 13:
* https://www.postgresql.org/about/news/2077/
* https://www.postgresql.org/docs/13/release-13.html
- bsc#1178961: %ghost the symlinks to pg_config and ecpg.
Changes in postgresql wrapper package:
- Bump major version to 13.
- We also transfer PostgreSQL 9.4.26 to the new package layout in
SLE12-SP2 and newer. Reflect this in the conflict with
postgresql94.
- Also conflict with PostgreSQL versions before 9.
- Conflicting with older versions is not limited to SLE.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:197-1
Released: Fri Jan 22 15:17:42 2021
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1171883,CVE-2020-8025
This update for permissions fixes the following issues:
- Update to version 20181224:
* pcp: remove no longer needed / conflicting entries
(bsc#1171883, CVE-2020-8025)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:220-1
Released: Tue Jan 26 14:00:51 2021
Summary: Recommended update for keyutils
Type: recommended
Severity: moderate
References: 1180603
This update for keyutils fixes the following issues:
- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:278-1
Released: Tue Feb 2 09:43:08 2021
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1181319
This update for lvm2 fixes the following issues:
- Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:293-1
Released: Wed Feb 3 12:52:34 2021
Summary: Recommended update for gmp
Type: recommended
Severity: moderate
References: 1180603
This update for gmp fixes the following issues:
- correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:302-1
Released: Thu Feb 4 13:18:35 2021
Summary: Recommended update for lvm2
Type: recommended
Severity: important
References: 1179691
This update for lvm2 fixes the following issues:
- lvm2 will no longer use external_device_info_source='udev' as default because it introduced a
regression (bsc#1179691).
If this behavior is still wanted, please change this manually in the lvm.conf
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:339-1
Released: Mon Feb 8 13:16:07 2021
Summary: Optional update for pam
Type: optional
Severity: low
References:
This update for pam fixes the following issues:
- Added rpm macros for this package, so that other packages can make use of it
This patch is optional to be installed - it doesn't fix any bugs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:543-1
Released: Mon Feb 22 13:54:49 2021
Summary: Security update for postgresql13
Type: security
Severity: moderate
References: 1179765,1182039,1182040,CVE-2021-20229,CVE-2021-3393
This update for postgresql13 fixes the following issues:
Upgrade to version 13.2:
* Updating stored views and reindexing might be needed after applying this update.
* CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages.
* CVE-2021-20229, bsc#1182039: Fix failure to check per-column SELECT privileges in some join queries.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:723-1
Released: Mon Mar 8 16:45:27 2021
Summary: Security update for openldap2
Type: security
Severity: important
References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212
This update for openldap2 fixes the following issues:
- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the
X.509 DN parsing in decode.c ber_next_element, resulting in denial
of service.
- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN
parsing in ad_keystring, resulting in denial of service.
- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash
in the Certificate List Exact Assertion processing, resulting in
denial of service.
- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the
cancel_extop Cancel operation, resulting in denial of service.
- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the
saslAuthzTo processing, resulting in denial of service.
- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash
in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd
crash in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the
saslAuthzTo validation, resulting in denial of service.
- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact
Assertion processing, resulting in denial of service (schema_init.c
serialNumberAndIssuerCheck).
- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter
control handling, resulting in denial of service (double free and
out-of-bounds read).
- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur
in the issuerAndThisUpdateCheck function via a crafted packet,
resulting in a denial of service (daemon exit) via a short timestamp.
This is related to schema_init.c and checkTime.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:754-1
Released: Tue Mar 9 17:10:49 2021
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841
This update for openssl-1_1 fixes the following issues:
- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
- Fixed unresolved error codes in FIPS (bsc#1182959).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:786-1
Released: Mon Mar 15 11:19:23 2021
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1176201
This update for zlib fixes the following issues:
- Fixed hw compression on z15 (bsc#1176201)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:924-1
Released: Tue Mar 23 10:00:49 2021
Summary: Recommended update for filesystem
Type: recommended
Severity: moderate
References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094
This update for filesystem the following issues:
- Remove duplicate line due to merge error
- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)
- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)
This update for systemd fixes the following issues:
- Fix for a possible memory leak. (bsc#1180020)
- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
- Don't use shell redirections when calling a rpm macro. (bsc#1183094)
- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:926-1
Released: Tue Mar 23 13:20:24 2021
Summary: Recommended update for systemd-presets-common-SUSE
Type: recommended
Severity: moderate
References: 1083473,1112500,1115408,1165780,1183012
This update for systemd-presets-common-SUSE fixes the following issues:
- Add default user preset containing:
- enable `pulseaudio.socket` (bsc#1083473)
- enable `pipewire.socket` (bsc#1183012)
- enable `pipewire-pulse.socket` (bsc#1183012)
- enable `pipewire-media-session.service` (used with pipewire >= 0.3.23)
- Changes to the default preset:
- enable `btrfsmaintenance-refresh.path`.
- disable `btrfsmaintenance-refresh.service`.
- enable `dnf-makecache.timer`.
- enable `ignition-firstboot-complete.service`.
- enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500)
- enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408)
- remove enable `updatedb.timer`
- Avoid needless refresh on boot. (bsc#1165780)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:927-1
Released: Tue Mar 23 14:07:05 2021
Summary: Recommended update for libreoffice
Type: recommended
Severity: moderate
References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790
This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790)
libreoffice:
- Image shown with different aspect ratio (bsc#1176547)
- Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644)
- Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375)
- Wrong bullet points in Impress (bsc#1174465)
- SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955)
- Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471)
- SUSE Mint
- SUSE Midnight Blue
- SUSE Waterhole Blue
- SUSE Persimmon
- Fix a crash opening a PPTX. (bsc#1179025)
- Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807)
- Shadow effects for table completely missing (bsc#1178944, bsc#1178943)
- Disable firebird integration for the time being (bsc#1179203)
- Fixes hang on Writer on scrolling/saving of a document (bsc#1136234)
- Wrong rendering of bulleted lists in PPTX document (bsc#1155141)
- Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404)
- Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658)
libixion:
Update to 0.16.1:
- fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values.
- worked around floating point rounding errors which prevented two theoretically-equal numeric values from being
evaluated as equal in test code.
- added new function to allow printing of single formula tokens.
- added method for setting cached results on formula cells in model_context.
- changed the model_context design to ensure that all sheets are of the same size.
- added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns
a string value from cell.
- added cell_access class for querying of cell states without knowing its type ahead of time.
- added document class which provides a layer on top of model_context, to abstract away the handling of formula
calculations.
- deprecated model_context::erase_cell() in favor of empty_cell().
- added support for 3D references - references that contain multiple sheets.
- added support for the exponent (^) and concatenation (&) operators.
- fixed incorrect handling of range references containing whole columns such as A:A.
- added support for unordered range references - range references whose start row or column is greater than
their end position counterparts, such as A3:A1.
- fixed a bug that prevented nested formula functions from working properly.
- implemented Calc A1 style reference resolver.
- formula results now directly store the string values when the results are of string type.
They previously stored string ID values after interning the original strings.
- Removed build-time dependency on spdlog.
libmwaw:
Update to 0.3.17:
- add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file
still contains its resource fork
- add a parser for Canvas 3 and 3.5 files
- AppleWorks parser: try to retrieve more Windows presentation
- add a parser for Drawing Table files
- add a parser for Canvas 2 files
- API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29`
and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined
- remove the QuarkXPress parser (must be in libqxp)
- retrieve the annotation in MsWord 5 document
- try to better understand RagTime 5-6 document
libnumbertext:
Update to 1.0.6
liborcus:
Update to 0.16.1
- Add upstream changes to fix build with GCC 11 (bsc#1181872)
libstaroffice:
Update to 0.0.7:
- fix `text:sender-lastname` when creating meta-data
libwps:
Update to 0.4.11:
- XYWrite: add a parser to .fil v2 and v4 files
- wks,wk1: correct some problems when retrieving cell's reference.
glfw:
New package provided on version 3.3.2:
- See also: https://www.glfw.org/changelog.html
- Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090)
* Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h
* glfwFocusWindow could terminate on older WMs or without a WM
* Creating an undecorated window could fail with BadMatch
* Querying a disconnected monitor could segfault
* Video modes with a duplicate screen area were discarded
* The CMake files did not check for the XInput headers
* Key names were not updated when the keyboard layout changed
* Decorations could not be enabled after window creation
* Content scale fallback value could be inconsistent
* Disabled cursor mode was interrupted by indicator windows
* Monitor physical dimensions could be reported as zero mm
* Window position events were not emitted during resizing
* Added on-demand loading of Vulkan and context creation API libraries
* [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was
set to `GLFW_DONT_CARE`
* [X11] Bugfix: Input focus was set before window was visible,
causing BadMatch on some non-reparenting WMs
* [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on
the window frame instead of the client area
* [WGL] Added reporting of errors from `WGL_ARB_create_context` extension
* [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries
* [EGL] Bugfix: Dynamically loaded entry points were not verified
- Made build of geany-tags optional.
Box2D:
New package provided on version 2.4.1:
* Extended distance joint to have a minimum and maximum limit.
* `B2_USER_SETTINGS` and `b2_user_settings.h` can control user
data, length units, and maximum polygon vertices.
* Default user data is now uintptr_t instead of void*
* b2FixtureDef::restitutionThreshold lets you set the
restitution velocity threshold per fixture.
* Collision
* Chain and edge shape must now be one-sided to eliminate ghost
collisions
* Broad-phase optimizations
* Added b2ShapeCast for linear shape casting
* Dynamics
* Joint limits are now predictive and not stateful
* Experimental 2D cloth (rope)
* b2Body::SetActive -> b2Body::SetEnabled
* Better support for running multiple worlds
* Handle zero density better
* The body behaves like a static body
* The body is drawn with a red color
* Added translation limit to wheel joint
* World dump now writes to box2d_dump.inl
* Static bodies are never awake
* All joints with spring-dampers now use stiffness and damping
* Added utility functions to convert frequency and damping
ratio to stiffness and damping
* Polygon creation now computes the convex hull.
* The convex hull code will merge vertices closer than dm_linearSlop.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:930-1
Released: Wed Mar 24 12:09:23 2021
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1172442,1181358,CVE-2020-11080
This update for nghttp2 fixes the following issues:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:948-1
Released: Wed Mar 24 14:31:34 2021
Summary: Security update for zstd
Type: security
Severity: moderate
References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032
This update for zstd fixes the following issues:
- CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371).
- CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:955-1
Released: Thu Mar 25 16:11:48 2021
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1183852,CVE-2021-3449
This update for openssl-1_1 fixes the security issue:
* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted
renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation
ClientHello omits the signature_algorithms extension but includes a
signature_algorithms_cert extension, then a NULL pointer dereference will
result, leading to a crash and a denial of service attack. OpenSSL TLS
clients are not impacted by this issue. [bsc#1183852]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1004-1
Released: Thu Apr 1 15:07:09 2021
Summary: Recommended update for libcap
Type: recommended
Severity: moderate
References: 1180073
This update for libcap fixes the following issues:
- Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460)
- Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1006-1
Released: Thu Apr 1 17:44:57 2021
Summary: Security update for curl
Type: security
Severity: moderate
References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890
This update for curl fixes the following issues:
- CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934)
- CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1018-1
Released: Tue Apr 6 14:29:13 2021
Summary: Recommended update for gzip
Type: recommended
Severity: moderate
References: 1180713
This update for gzip fixes the following issues:
- Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1141-1
Released: Mon Apr 12 13:13:36 2021
Summary: Recommended update for openldap2
Type: recommended
Severity: low
References: 1182791
This update for openldap2 fixes the following issues:
- Improved the proxy connection timeout options to prune connections properly (bsc#1182791)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1289-1
Released: Wed Apr 21 14:02:46 2021
Summary: Recommended update for gzip
Type: recommended
Severity: moderate
References: 1177047
This update for gzip fixes the following issues:
- Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1295-1
Released: Wed Apr 21 14:08:19 2021
Summary: Recommended update for systemd-presets-common-SUSE
Type: recommended
Severity: moderate
References: 1184136
This update for systemd-presets-common-SUSE fixes the following issues:
- Enabled hcn-init.service for HNV on POWER (bsc#1184136)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1296-1
Released: Wed Apr 21 14:09:28 2021
Summary: Optional update for e2fsprogs
Type: optional
Severity: low
References: 1183791
This update for e2fsprogs fixes the following issues:
- Fixed an issue when building e2fsprogs (bsc#1183791)
This patch does not fix any user visible issues and is therefore optional to install.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1407-1
Released: Wed Apr 28 15:49:02 2021
Summary: Recommended update for libcap
Type: recommended
Severity: important
References: 1184690
This update for libcap fixes the following issues:
- Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1449-1
Released: Fri Apr 30 08:08:25 2021
Summary: Recommended update for systemd-presets-branding-SLE
Type: recommended
Severity: moderate
References: 1165780
This update for systemd-presets-branding-SLE fixes the following issues:
- Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1466-1
Released: Tue May 4 08:30:57 2021
Summary: Security update for permissions
Type: security
Severity: important
References: 1182899
This update for permissions fixes the following issues:
- etc/permissions: remove unnecessary entries (bsc#1182899)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1481-1
Released: Tue May 4 14:18:32 2021
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1178680
This update for lvm2 fixes the following issues:
- Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1523-1
Released: Wed May 5 18:24:20 2021
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518
This update for libxml2 fixes the following issues:
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1526-1
Released: Thu May 6 08:57:30 2021
Summary: Recommended update for bash
Type: recommended
Severity: important
References: 1183064
This update for bash fixes the following issues:
- Fixed a segmentation fault that used to occur when bash read a history file
that was malformed in a very specific way. (bsc#1183064)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1528-1
Released: Thu May 6 15:31:23 2021
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1161276
This update for openssl-1_1 fixes the following issues:
- Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1543-1
Released: Fri May 7 15:16:32 2021
Summary: Recommended update for patterns-microos
Type: recommended
Severity: moderate
References: 1184435
This update for patterns-microos provides the following fix:
- Require the libvirt-daemon-qemu package and include the needed dependencies in the
product. (bsc#1184435)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1565-1
Released: Tue May 11 14:20:04 2021
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1185163
This update for krb5 fixes the following issues:
- Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163);
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1582-1
Released: Wed May 12 13:40:03 2021
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1184687,1185190
This update for lvm2 fixes the following issues:
- Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190)
- Fixed and issue when LVM can't be disabled on boot. (bsc#1184687)
- Update patch for avoiding apply warning messages. (bsc#1012973)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1612-1
Released: Fri May 14 17:09:39 2021
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1184614
This update for openldap2 fixes the following issue:
- Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1643-1
Released: Wed May 19 13:51:48 2021
Summary: Recommended update for pam
Type: recommended
Severity: important
References: 1181443,1184358,1185562
This update for pam fixes the following issues:
- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1654-1
Released: Wed May 19 16:43:36 2021
Summary: Security update for libxml2
Type: security
Severity: important
References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537
This update for libxml2 fixes the following issues:
- CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1762-1
Released: Wed May 26 12:30:01 2021
Summary: Security update for curl
Type: security
Severity: moderate
References: 1186114,CVE-2021-22898
This update for curl fixes the following issues:
- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
- Allow partial chain verification [jsc#SLE-17956]
* Have intermediate certificates in the trust store be treated
as trust-anchors, in the same way as self-signed root CA
certificates are. This allows users to verify servers using
the intermediate cert only, instead of needing the whole chain.
* Set FLAG_TRUSTED_FIRST unconditionally.
* Do not check partial chains with CRL check.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1785-1
Released: Thu May 27 16:44:19 2021
Summary: Security update for postgresql13
Type: security
Severity: moderate
References: 1179945,1183118,1183168,1185924,1185925,1185926,CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
This update for postgresql13 fixes the following issues:
- Upgrade to version 13.3:
- CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924).
- CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925).
- CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (bsc#1185926).
- Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).
- Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118).
- Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1825-1
Released: Tue Jun 1 16:24:01 2021
Summary: Security update for lz4
Type: security
Severity: important
References: 1185438,CVE-2021-3520
This update for lz4 fixes the following issues:
- CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1861-1
Released: Fri Jun 4 09:59:40 2021
Summary: Recommended update for gcc10
Type: recommended
Severity: moderate
References: 1029961,1106014,1178577,1178624,1178675,1182016
This update for gcc10 fixes the following issues:
- Disable nvptx offloading for aarch64 again since it doesn't work
- Fixed a build failure issue. (bsc#1182016)
- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
- Fix 32bit 'libgnat.so' link. (bsc#1178675)
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
- Build complete set of multilibs for arm-none target. (bsc#1106014)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1917-1
Released: Wed Jun 9 14:48:05 2021
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1186015,CVE-2021-3541
This update for libxml2 fixes the following issues:
- CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1935-1
Released: Thu Jun 10 10:45:09 2021
Summary: Recommended update for gzip
Type: recommended
Severity: moderate
References: 1186642
This update for gzip fixes the following issue:
- gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead
to migration issues. (bsc#1186642)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1937-1
Released: Thu Jun 10 10:47:09 2021
Summary: Recommended update for nghttp2
Type: recommended
Severity: moderate
References: 1186642
This update for nghttp2 fixes the following issue:
- The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead
to migration issues. (bsc#1186642)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1972-1
Released: Tue Jun 15 09:04:10 2021
Summary: Recommended update for sles15-image
Type: recommended
Severity: moderate
References:
This update for sles15-image fixes the following issues:
- Add SLE_BCI repository (jsc#SLE-18095)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2157-1
Released: Thu Jun 24 15:40:14 2021
Summary: Security update for libgcrypt
Type: security
Severity: important
References: 1187212,CVE-2021-33560
This update for libgcrypt fixes the following issues:
- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2173-1
Released: Mon Jun 28 14:59:45 2021
Summary: Recommended update for automake
Type: recommended
Severity: moderate
References: 1040589,1047218,1182604,1185540,1186049
This update for automake fixes the following issues:
- Implement generated autoconf makefiles reproducible (bsc#1182604)
- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
- Avoid bashisms in test-driver script. (bsc#1185540)
This update for pcre fixes the following issues:
- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)
This update for brp-check-suse fixes the following issues:
- Add fixes to support reproducible builds. (bsc#1186049)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2178-1
Released: Mon Jun 28 15:56:15 2021
Summary: Recommended update for systemd-presets-common-SUSE
Type: recommended
Severity: moderate
References: 1186561
This update for systemd-presets-common-SUSE fixes the following issues:
When installing the systemd-presets-common-SUSE package for the
first time in a new system, it might happen that some services
are installed before systemd so the %systemd_pre/post macros
would not work. This is handled by enabling all preset services
in this package's %posttrans section but it wasn't enabling
user services, just system services. Now it enables also the
user services installed before this package (bsc#1186561)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2196-1
Released: Tue Jun 29 09:41:39 2021
Summary: Security update for lua53
Type: security
Severity: moderate
References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371
This update for lua53 fixes the following issues:
Update to version 5.3.6:
- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2205-1
Released: Wed Jun 30 09:17:41 2021
Summary: Recommended update for openldap2
Type: recommended
Severity: important
References: 1187210
This update for openldap2 fixes the following issues:
- Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2210-1
Released: Wed Jun 30 13:00:09 2021
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1184124
This update for lvm2 fixes the following issues:
- Link test as position independent executable and update packages with non-PIE binaries. (bsc#1184124)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2228-1
Released: Thu Jul 1 20:40:10 2021
Summary: Recommended update for postgresql
Type: recommended
Severity: moderate
References: 1183118
This update for postgresql fixes the following issues:
- Re-enable build of the 'llvmjit' subpackage on SLE. (bsc#1183118)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2290-1
Released: Fri Jul 9 19:03:39 2021
Summary: Recommended update for postgresql13
Type: recommended
Severity: moderate
References: 1183118,1187751
This update for postgresql13 fixes the following issue:
- reduce requirement of clang and llvm to recommends in 'postgresql13-server-devel'.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2292-1
Released: Mon Jul 12 08:25:20 2021
Summary: Security update for dbus-1
Type: security
Severity: important
References: 1187105,CVE-2020-35512
This update for dbus-1 fixes the following issues:
- CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2316-1
Released: Wed Jul 14 13:49:55 2021
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1185807,1185828,1185958,1186411,1187154,1187292
This update for systemd fixes the following issues:
- Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154)
- Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292)
- 'udev' requires systemd in its %post (bsc#1185958)
nspawn: turn on higher optimization level in seccomp
nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411)
shared/seccomp-util: added functionality to make list of filtred syscalls
hared/syscall-list: filter out some obviously platform-specific syscalls
shared/seccomp: reduce scope of indexing variables
generate-syscall-list: require python3
shared: add @known syscall list
meson: add syscall-names-update target
shared/seccomp: use _cleanup_ in one more place
home: fix homed.conf install location
- We need to make sure that the creation of the symlinks is done after updating udev DB so if worker A is preempted by worker B before A updates the DB but after it creates the symlinks, worker B won't
manage to overwrite the freshly created symlinks (by A) because A
has still yet not registered the symlinks in the DB. (bsc#1185828)
- Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2394-1
Released: Mon Jul 19 12:06:53 2021
Summary: Recommended update for suse-module-tools
Type: recommended
Severity: moderate
References: 1177695,1187093
This update for suse-module-tools provides the following fixes:
- Fix treatment of compressed modules. (bsc#1187093)
- modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2399-1
Released: Mon Jul 19 19:06:22 2021
Summary: Recommended update for release packages
Type: recommended
Severity: moderate
References: 1099521
This update for the release packages provides the following fix:
- Fix grub menu entries after migration from SLE-12*. (bsc#1099521)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2410-1
Released: Tue Jul 20 14:41:26 2021
Summary: Security update for systemd
Type: security
Severity: important
References: 1188063,CVE-2021-33910
This update for systemd fixes the following issues:
- CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2439-1
Released: Wed Jul 21 13:46:48 2021
Summary: Security update for curl
Type: security
Severity: moderate
References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925
This update for curl fixes the following issues:
- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2456-1
Released: Thu Jul 22 15:28:39 2021
Summary: Recommended update for pam-config
Type: recommended
Severity: moderate
References: 1187091
This update for pam-config fixes the following issues:
- Add 'revoke' to the option list for 'pam_keyinit'.
- Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2627-1
Released: Thu Aug 5 12:10:46 2021
Summary: Recommended maintenance update for systemd-default-settings
Type: recommended
Severity: moderate
References: 1188348
This update for systemd-default-settings fixes the following issue:
- Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2689-1
Released: Mon Aug 16 10:54:52 2021
Summary: Security update for cpio
Type: security
Severity: important
References: 1189206,CVE-2021-38185
This update for cpio fixes the following issues:
It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2763-1
Released: Tue Aug 17 17:16:22 2021
Summary: Recommended update for cpio
Type: recommended
Severity: critical
References: 1189465
This update for cpio fixes the following issues:
- A regression in last update would cause builds to hang on various architectures(bsc#1189465)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2780-1
Released: Thu Aug 19 16:09:15 2021
Summary: Recommended update for cpio
Type: recommended
Severity: critical
References: 1189465,CVE-2021-38185
This update for cpio fixes the following issues:
- A regression in the previous update could lead to crashes (bsc#1189465)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2786-1
Released: Fri Aug 20 02:02:23 2021
Summary: Recommended update for bash
Type: recommended
Severity: important
References: 1057452,1188287
This update for bash fixes the following issues:
- Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2800-1
Released: Fri Aug 20 10:43:04 2021
Summary: Security update for krb5
Type: security
Severity: important
References: 1188571,CVE-2021-36222
This update for krb5 fixes the following issues:
- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2809-1
Released: Mon Aug 23 12:12:31 2021
Summary: Security update for systemd
Type: security
Severity: moderate
References: 1166028,1171962,1184994,1185972,1188063,CVE-2020-13529,CVE-2021-33910
This update for systemd fixes the following issues:
- Updated to version 246.15
- CVE-2021-33910: Fixed a denial of service issue in systemd. (bsc#1188063)
- CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. (bsc#1185972)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2810-1
Released: Mon Aug 23 12:14:30 2021
Summary: Security update for dbus-1
Type: security
Severity: moderate
References: 1172505,CVE-2020-12049
This update for dbus-1 fixes the following issues:
- CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2950-1
Released: Fri Sep 3 11:59:19 2021
Summary: Recommended update for pcre2
Type: recommended
Severity: moderate
References: 1187937
This update for pcre2 fixes the following issue:
- Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937)
PHP versions.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3013-1
Released: Thu Sep 9 16:55:40 2021
Summary: Recommended update for patterns-base, patterns-server-enterprise, sles15-image
Type: recommended
Severity: moderate
References: 1183154,1189550
This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues:
- Add pattern to install necessary packages for FIPS (bsc#1183154)
- Add patterns-base-fips to work also in FIPS environments (bsc#1183154)
- Use the same icon in the fips pattern as the previous pattern had (bsc#1189550)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3203-1
Released: Thu Sep 23 14:41:35 2021
Summary: Recommended update for kmod
Type: recommended
Severity: moderate
References: 1189537,1190190
This update for kmod fixes the following issues:
- Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190).
- Enable support for ZSTD compressed modules
- Display module information even for modules built into the running kernel (bsc#1189537)
- '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well.
- Remove test patches included in release 29
- Update to release 29
* Fix `modinfo -F` not working for built-in modules and certain fields.
* Fix a memory leak, overflow and double free on error path.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3255-1
Released: Wed Sep 29 16:29:48 2021
Summary: Security update for postgresql13
Type: security
Severity: moderate
References: 1179945,1185952,1187751,1189748,CVE-2021-3677
This update for postgresql13 fixes the following issues:
- CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748).
- Fixed build with llvm12 on s390x (bsc#1185952).
- Re-enabled icu for PostgreSQL 10 (bsc#1179945).
- Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751).
- llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3291-1
Released: Wed Oct 6 16:45:36 2021
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:
- CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
- CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3310-1
Released: Wed Oct 6 18:12:41 2021
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1134353,1184994,1188291,1188588,1188713,1189446,1189480
This update for systemd fixes the following issues:
- Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353).
- Multipath: Rules weren't applied to dm devices (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994).
- Remove kernel unsupported single-queue block I/O.
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when updating active udev on sockets restart (bsc#1188291).
- Merge of v246.16, for a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d
- Drop 1007-tmpfiles-follow-SUSE-policies.patch:
Since most of the tmpfiles config files shipped by upstream are
ignored (see previous commit 'Drop most of the tmpfiles that deal
with generic paths'), this patch is no more relevant.
Additional fixes:
- core: make sure cgroup_oom_queue is flushed on manager exit.
- cgroup: do 'catchup' for unit cgroup inotify watch files.
- journalctl: never fail at flushing when the flushed flag is set (bsc#1188588).
- manager: reexecute on SIGRTMIN+25, user instances only.
- manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446).
- pid1: watchdog modernizations.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3411-1
Released: Wed Oct 13 10:42:25 2021
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1191019
This update for lvm2 fixes the following issues:
- Do not crash vgextend when extending VG with missing PV. (bsc#1191019)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3413-1
Released: Wed Oct 13 10:50:45 2021
Summary: Recommended update for suse-module-tools
Type: recommended
Severity: important
References: 1189441,1189841,1190598
This update for suse-module-tools fixes the following issues:
- Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598)
- Fixed an issue where initrd was not always rebuilding after installing
any kernel-*-extra package (bsc#1189441)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3509-1
Released: Tue Oct 26 09:47:40 2021
Summary: Recommended update for suse-module-tools
Type: recommended
Severity: important
References: 1191200,1191260,1191480,1191804,1191922
This update for suse-module-tools fixes the following issues:
Update to version 15.3.13:
- Fix bad exit status in openQA. (bsc#1191922)
- Ignore kernel keyring for kernel certificates. (bsc#1191480)
- Deal with existing certificates that should be de-enrolled. (bsc#1191804)
- Don't pass existing files to weak-modules2. (bsc#1191200)
- Skip certificate scriptlet on non-UEFI systems. (bsc#1191260)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3589-1
Released: Mon Nov 1 19:27:52 2021
Summary: Recommended update for apparmor
Type: recommended
Severity: moderate
References: 1191690
This update for apparmor fixes the following issues:
- Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3599-1
Released: Wed Nov 3 10:29:54 2021
Summary: Recommended update for postgresql, postgresql13, postgresql14
Type: recommended
Severity: moderate
References:
This update for postgresql, postgresql13, postgresql14 fixes the following issues:
This update ships postgresql14. (jsc#SLE-20675 jsc#SLE-20676)
Feature changes in postgresql14:
- https://www.postgresql.org/about/news/postgresql-14-released-2318/
- https://www.postgresql.org/docs/14/release-14.html
Changes in postgresql13:
- Stop building the mini and lib packages as they are now coming
from postgresql14.
Changes in postgresql:
- Bump version to 14, leave default at 12.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3600-1
Released: Wed Nov 3 10:31:11 2021
Summary: Recommended update for postgresql
Type: recommended
Severity: moderate
References:
This update for postgresql fixes the following issues:
- Bump version to 14, leave default at 13.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3663-1
Released: Mon Nov 15 19:14:32 2021
Summary: Recommended update for suse-module-tools
Type: recommended
Severity: moderate
References: 1191804
This update for suse-module-tools fixes the following issues:
- Update to version 15.3.14:
* more fixes for updates under secure boot
* cert-script: Deal with existing $cert.delete file (bsc#1191804).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3759-1
Released: Mon Nov 22 09:40:19 2021
Summary: Security update for postgresql14
Type: security
Severity: important
References: 1191782,1192516,CVE-2021-23214,CVE-2021-23222
This update for postgresql14 fixes the following issues:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- Let rpmlint ignore shlib-policy-name-error (boo#1191782).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3792-1
Released: Wed Nov 24 06:12:09 2021
Summary: Recommended update for kmod
Type: recommended
Severity: moderate
References: 1192104
This update for kmod fixes the following issues:
- Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3808-1
Released: Fri Nov 26 00:30:54 2021
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1186071,1190440,1190984,1192161
This update for systemd fixes the following issues:
- Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798)
- Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984)
- Support detection for ARM64 Hyper-V guests (bsc#1186071)
- Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440)
- Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694)
- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3963-1
Released: Mon Dec 6 19:57:39 2021
Summary: Recommended update for system-users
Type: recommended
Severity: moderate
References: 1190401
This update for system-users fixes the following issues:
- system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3980-1
Released: Thu Dec 9 16:42:19 2021
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1191592
glibc was updated to fix the following issue:
- Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3985-1
Released: Fri Dec 10 06:08:24 2021
Summary: Recommended update for suse-module-tools
Type: recommended
Severity: moderate
References: 1187196
This update for suse-module-tools fixes the following issues:
- Blacklist isst_if_mbox_msr driver because uses hardware information based on
CPU family and model, which is too unspecific. On large systems, this causes a lot of
failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4014-1
Released: Mon Dec 13 13:57:39 2021
Summary: Recommended update for apparmor
Type: recommended
Severity: moderate
References: 1191532,1191690
This update for apparmor fixes the following issues:
Changes in apparmor:
- Add a profile for 'samba-bgqd'. (bsc#1191532)
- Fix 'Requires' of python3 module. (bsc#1191690)
The following package changes have been done:
- file-magic-5.32-7.11.2 added
- libldap-data-2.4.46-9.56.1 added
- system-user-root-20190513-3.3.1 added
- filesystem-15.0-11.3.2 added
- libtirpc-netconfig-1.2.6-1.131 added
- glibc-2.31-7.30 added
- libuuid1-2.36.2-2.29 added
- libunistring2-0.9.10-1.1 added
- libsmartcols1-2.36.2-2.29 added
- libsasl2-3-2.1.27-2.2 added
- libcrypt1-4.4.15-2.51 added
- libblkid1-2.36.2-2.29 added
- libaudit1-2.8.5-3.43 added
- perl-base-5.26.1-15.87 added
- libfdisk1-2.36.2-2.29 added
- libsepol1-3.0-1.31 added
- cracklib-dict-small-2.9.7-11.3.1 added
- libopenssl1_1-1.1.1d-11.23.1 added
- libnghttp2-14-1.40.0-6.1 added
- libopenssl1_1-hmac-1.1.1d-11.23.1 added
- liblz4-1-1.9.2-3.3.1 added
- libcap-ng0-0.7.9-4.37 added
- libzstd1-1.4.4-1.6.1 added
- libz1-1.2.11-3.21.1 added
- libpcre1-8.41-6.4.2 added
- liblzma5-5.2.3-4.3.1 added
- liblua5_3-5-5.3.6-3.6.1 added
- libkeyutils1-1.5.10-5.3.1 added
- libgmp10-6.1.2-4.6.1 added
- libgcc_s1-10.3.0+git1587-1.6.4 added
- libcom_err2-1.43.8-4.26.1 added
- libcap2-2.26-4.6.1 added
- libbz2-1-1.0.6-5.11.1 added
- libidn2-0-2.2.0-3.6.1 added
- libldap-2_4-2-2.4.46-9.56.1 added
- libmagic1-5.32-7.11.2 added
- libxml2-2-2.9.7-3.37.1 added
- libstdc++6-10.3.0+git1587-1.6.4 added
- libdw1-0.168-4.5.3 added
- libncurses6-6.1-5.6.2 added
- libebl-plugins-0.168-4.5.3 added
- terminfo-base-6.1-5.6.2 added
- libelf1-0.168-4.5.3 added
- ncurses-utils-6.1-5.6.2 added
- libverto1-0.2.6-3.20 added
- libpopt0-1.16-3.22 added
- libgpg-error0-1.29-1.8 added
- libattr1-2.4.47-2.19 added
- fillup-1.42-2.18 added
- libzio1-1.06-2.20 added
- libpsl5-0.20.1-1.20 added
- libselinux1-3.0-1.31 added
- libsemanage1-3.0-1.27 added
- libreadline7-7.0-19.6.1 added
- libudev1-246.13-7.8.1 added
- bash-4.4-19.6.1 added
- libgcrypt20-1.8.2-8.39.1 added
- krb5-1.16.3-3.21.1 added
- libgcrypt20-hmac-1.8.2-8.39.1 added
- libssh4-0.8.7-10.12.1 added
- libacl1-2.2.52-4.3.1 added
- libmount1-2.36.2-2.29 added
- findutils-4.8.0-1.20 added
- login_defs-4.8.1-2.43 added
- libtirpc3-1.2.6-1.131 added
- coreutils-8.32-1.2 added
- libcrack2-2.9.7-11.3.1 added
- libcurl4-7.66.0-4.22.1 added
- cracklib-2.9.7-11.3.1 added
- info-6.5-4.17 added
- libnsl2-1.2.0-2.44 added
- libsystemd0-246.13-7.8.1 added
- sles-release-15.3-55.4.1 added
- patterns-base-fips-20200124-10.5.1 added
- sed-4.4-11.6 added
- grep-3.1-4.3.12 added
- diffutils-3.6-4.3.1 added
- cpio-2.12-3.9.1 added
- rpm-config-SUSE-1-3.61 added
- permissions-20181225-23.6.1 added
- pam-1.3.0-6.38.1 added
- shadow-4.8.1-2.43 added
- sysuser-shadow-2.0-4.2.8 added
- system-group-hardware-20170617-15.86 added
- libutempter0-1.1.6-3.42 added
- util-linux-2.36.2-2.29 added
- aaa_base-84.87+git20180409.04c9dae-3.45.1 added
- netcfg-11.6-1.11 added
- glibc-locale-base-2.31-9.6.1 added
- gzip-1.10-7.1 added
- kbd-legacy-2.0.4-14.38 added
- libapparmor1-2.13.6-3.8.1 added
- libargon2-1-0.0+git20171227.670229c-2.14 added
- libdbus-1-3-1.12.2-8.11.2 added
- libdevmapper1_03-1.02.163-8.36.1 added
- libexpat1-2.2.5-3.6.1 added
- libicu65_1-ledata-65.1-4.2.1 added
- libjson-c3-0.13-1.19 added
- libkmod2-29-4.12.1 added
- libpcre2-8-0-10.31-3.3.1 added
- libpq5-14.1-5.6.1 added
- libqrencode4-4.0.0-1.17 added
- libseccomp2-2.4.1-3.3.1 added
- pam-config-1.1-3.3.1 added
- pkg-config-0.29.2-1.436 added
- system-group-kvm-20170617-17.3.1 added
- systemd-default-settings-branding-SLE-0.7-3.2.1 added
- systemd-presets-common-SUSE-15-8.9.1 added
- timezone-2021e-75.4.1 added
- update-alternatives-1.19.0.4-2.48 added
- glibc-locale-2.31-9.6.1 added
- suse-module-tools-15.3.15-3.17.1 added
- kbd-2.0.4-14.38 added
- libcryptsetup12-2.3.4-1.34 added
- systemd-default-settings-0.7-3.2.1 added
- systemd-presets-branding-SLE-15.1-20.8.1 added
- libicu-suse65_1-65.1-4.2.1 added
- postgresql-14-10.6.2 added
- dbus-1-1.12.2-8.11.2 added
- kmod-29-4.12.1 added
- libcryptsetup12-hmac-2.3.4-1.34 added
- postgresql14-14.1-5.6.1 added
- systemd-246.16-7.21.1 added
- udev-246.16-7.21.1 added
- postgresql-server-14-10.6.2 added
- postgresql14-server-14.1-5.6.1 added
- container:sles15-image-15.0.0-17.6.3 added
More information about the sle-security-updates
mailing list