SUSE-IU-2022:1145-1: Security update of sles-15-sp3-chost-byos-v20221215-x86-64
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Dec 20 10:32:13 UTC 2022
SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20221215-x86-64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2022:1145-1
Image Tags : sles-15-sp3-chost-byos-v20221215-x86-64:20221215
Image Release :
Severity : important
Type : security
References : 1163683 1179465 1179825 1181429 1182591 1182591 1184123 1184124
1184689 1186399 1186719 1186787 1187287 1187654 1187655 1187858
1187860 1187890 1188086 1188607 1189046 1189195 1189560 1191935
1192252 1192348 1192478 1192508 1192648 1192761 1192761 1193540
1194392 1195618 1197284 1197428 1197998 1198158 1198523 1198894
1199074 1199670 1199865 1199865 1200102 1200330 1200505 1200644
1200657 1200901 1201053 1201490 1201492 1201493 1201495 1201496
1201689 1202269 1202337 1202417 1202750 1202962 1203110 1203125
1203152 1203155 1203194 1203216 1203267 1203272 1203508 1203509
1203600 1203749 1203796 1203797 1203799 1203818 1203820 1203924
1204068 1204091 1204254 1204511 1204577 1204706 1204720 1204779
1204827 1205126 1205178 1205182 1205275 1206065 1206235 876845
877776 885007 896188 988954 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492
CVE-2021-3928 CVE-2022-2031 CVE-2022-23471 CVE-2022-2601 CVE-2022-27191
CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134
CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-32742 CVE-2022-32744
CVE-2022-32745 CVE-2022-32746 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297
CVE-2022-3324 CVE-2022-3352 CVE-2022-3437 CVE-2022-3705 CVE-2022-37454
CVE-2022-3775 CVE-2022-42898
-----------------------------------------------------------------
The container sles-15-sp3-chost-byos-v20221215-x86-64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1478-1
Released: Tue May 4 14:05:38 2021
Summary: Recommended update for libhugetlbfs
Type: recommended
Severity: moderate
References: 1184123
This update for libhugetlbfs fixes the following issues:
- Hardening: Link as PIE (bsc#1184123)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1920-1
Released: Wed Jun 9 17:02:54 2021
Summary: Recommended update for nvme-cli
Type: recommended
Severity: moderate
References: 1179825,1182591
This update for nvme-cli fixes the following issues:
- Add KATO fixes for NVMEoF (bsc#1182591)
- Lookup existing persistent controllers (bsc#1179825)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3043-1
Released: Wed Sep 15 10:09:30 2021
Summary: Recommended update for nvme-cli
Type: recommended
Severity: moderate
References: 1186719,1187287,1187858,1187860,1187890,1189046,1189195
nvme-cli was updated to fix the following issues:
- Do not print error message when opening controller (bsc#1186719)
- Fix failures during 'nvme list' (bsc#1186719)
- Only connect to matching controllers (bsc#1186719)
- Skip connect if transport type doesn't match (bsc#1187287 bsc#1187860)
- Ignore non live controllers when scanning subsystems (bsc#1186719 bsc#1187287)
- Remove UUID validation heuristic (bsc#1187890)
- Do not segfault when controller is not available (bsc#1189046)
- Use correct default port for discovery (bsc#1189195 bsc#1187858)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3953-1
Released: Mon Dec 6 17:44:20 2021
Summary: Recommended update for nvme-cli
Type: recommended
Severity: moderate
References: 1182591,1191935,1192348
This update for nvme-cli fixes the following issues:
- Allow -1 as ctrl_loss_tmo value (bsc#1192348)
- Fix segfauls while discovering (bsc#1191935)
- Adding missing hunk (bsc#1182591)
- Use pkg-config for libuuid dependency setup
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:780-1
Released: Wed Mar 9 14:46:12 2022
Summary: Recommended update for nvme-cli
Type: recommended
Severity: moderate
References: 1193540
This update for nvme-cli fixes the following issues:
- fabrics: fix 'nvme connect' segfault if transport type is omitted (bsc#1193540)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2528-1
Released: Fri Jul 22 12:09:44 2022
Summary: Recommended update for nvme-cli
Type: recommended
Severity: low
References: 1192761,1198158,1199670,1199865
This update for nvme-cli fixes the following issues:
- Don't print error on failed to open in nvme-topology.c (bsc#1198158)
- Allow selecting the network interface for connections (bsc#1199670)
- Support unique discovery subsystem NQN (bsc#1199865 bsc#1192761)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4048-1
Released: Thu Nov 17 14:03:36 2022
Summary: Recommended update for nvme-cli
Type: recommended
Severity: moderate
References: 1186399,1200644
This update for nvme-cli fixes the following issues:
- Fix infinite loop on invalid parameters (bsc#1200644)
- Support auto discovery, add %systemd_ordering to spec file (bsc#1186399)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4160-1
Released: Tue Nov 22 10:10:37 2022
Summary: Recommended update for nfsidmap
Type: recommended
Severity: moderate
References: 1200901
This update for nfsidmap fixes the following issues:
- Various bugfixes and improvemes from upstream In particular, fixed
a crash that can happen when a 'static' mapping is configured.
(bsc#1200901)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4163-1
Released: Tue Nov 22 10:57:10 2022
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1187654,1195618,1203267,1203749
This update for dracut fixes the following issues:
- systemd: add missing modprobe at .service (bsc#1203749)
- i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267)
- drm: consider also drm_dev_register when looking for gpu driver (bsc#1195618)
- integrity: do not display any error if there is no IMA certificate (bsc#1187654)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4198-1
Released: Wed Nov 23 13:15:04 2022
Summary: Recommended update for rpm
Type: recommended
Severity: moderate
References: 1202750
This update for rpm fixes the following issues:
- Strip critical bit in signature subpackage parsing
- No longer deadlock DNF after pubkey import (bsc#1202750)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4217-1
Released: Fri Nov 25 07:23:35 2022
Summary: Recommended update for wget
Type: recommended
Severity: moderate
References: 1204720
This update for wget fixes the following issues:
- Truncate long file names to prevent wget failures (bsc#1204720)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4219-1
Released: Fri Nov 25 09:39:49 2022
Summary: Security update for grub2
Type: security
Severity: important
References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775
This update for grub2 fixes the following issues:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4230-1
Released: Fri Nov 25 18:18:26 2022
Summary: Recommended update for google-guest-configs
Type: recommended
Severity: moderate
References: 1204068,1204091
This update for google-guest-configs fixes the following issues:
- Add nvme-cli to Requires (bsc#1204068, bsc#1204091)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4256-1
Released: Mon Nov 28 12:36:32 2022
Summary: Recommended update for gcc12
Type: recommended
Severity: moderate
References:
This update for gcc12 fixes the following issues:
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.
The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4270-1
Released: Tue Nov 29 13:20:45 2022
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1198523,1199074,1203216
This update for lvm2 fixes the following issues:
- Design changes to avoid kernel panic (bsc#1198523)
- Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074)
- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4278-1
Released: Tue Nov 29 15:43:49 2022
Summary: Security update for supportutils
Type: security
Severity: moderate
References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818
This update for supportutils fixes the following issues:
Security issues fixed:
- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
Bug fixes:
- Added lifecycle information
- Fixed KVM virtualization detection on bare metal (bsc#1184689)
- Added logging using journalctl (bsc#1200330)
- Get current sar data before collecting files (bsc#1192648)
- Collects everything in /etc/multipath/ (bsc#1192252)
- Collects power management information in hardware.txt (bsc#1197428)
- Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
- Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269)
- Update to nvme_info and block_info (bsc#1202417)
- Added includedir directories from /etc/sudoers (bsc#1188086)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4281-1
Released: Tue Nov 29 15:46:10 2022
Summary: Security update for python3
Type: security
Severity: important
References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454
This update for python3 fixes the following issues:
- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)
The following non-security bug was fixed:
- Fixed a crash in the garbage collection (bsc#1188607).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4282-1
Released: Tue Nov 29 15:50:15 2022
Summary: Security update for vim
Type: security
Severity: important
References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0814:
- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).
- CVE-2022-3235: Fixed use-after-free (bsc#1203509).
- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).
- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).
- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).
- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).
- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).
- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).
- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).
- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).
- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).
- CVE-2022-3352: Fixed use-after-free (bsc#1203924).
- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).
- CVE-2022-3037: Fixed use-after-free (bsc#1202962).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4312-1
Released: Fri Dec 2 11:16:47 2022
Summary: Recommended update for tar
Type: recommended
Severity: moderate
References: 1200657,1203600
This update for tar fixes the following issues:
- Fix unexpected inconsistency when making directory (bsc#1203600)
- Update race condition fix (bsc#1200657)
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:4341-1
Released: Wed Dec 7 12:55:26 2022
Summary: Feature update for wicked
Type: feature
Severity: moderate
References: 1181429,1184124,1186787,1187655,1189560,1192508,1194392,1198894,1200505,1201053,876845,877776,885007,896188,988954
This update for wicked fixes the following issues:
- auto6: Fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429)
- build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124)
- client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249)
- client: Fix memory access violation (SEGV) on empty xpath results
- compat-suse: Match read order of sysctl.d '/etc' vs. '/run' with systemd-sysctl and remove obsolete (sle11/sysconfig)
lines about ifup-sysctl from ifsysctl.5.
- compat-suse: Fix reading of sysctl variable 'addr_gen_mode'
- dbus: Clear string array before append
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307)
- dhcp6: Consider ppp interfaces supported
- dhcp6: Ignore lease release status
- dhcp6: Remove address before release
- firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560)
- redfish: Add initial support to decode the SMBIOS Management Controller Host Interface (Type 42)
(jsc#SLE-24286, jsc#SLE-17762)
- Removed obsolete patch included in the main sources (bsc#1194392)
- socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
- team: Fix to configure port priority in teamd (bsc#1200505)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Fix memory access violation (SEGV) on supplicant restart
- wireless: Fix to not expect colons in 64byte long wpa-psk hex hash string
- wireless: Remove libiw dependencies
- xml-schema: Reference counting fix to not crash at exit on schema errors
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4358-1
Released: Thu Dec 8 10:55:10 2022
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1205275
This update for rsyslog fixes the following issue:
- Parsing of legacy config syntax (bsc#1205275)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4381-1
Released: Fri Dec 9 03:59:58 2022
Summary: Recommended update for nvme-cli
Type: recommended
Severity: important
References: 1192761,1199865,1204827
This update for nvme-cli fixes the following issues:
- Drop support for unique discovery subsystem NQN (bsc#1199865 bsc#1192761 bsc#1204827)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4388-1
Released: Fri Dec 9 04:07:21 2022
Summary: Recommended update for gnutls
Type: recommended
Severity: moderate
References: 1204511
This update for gnutls fixes the following issues:
- Fix potential to free an invalid pointer (bsc#1204511)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4389-1
Released: Fri Dec 9 07:59:16 2022
Summary: Recommended update for avahi
Type: recommended
Severity: moderate
References: 1163683
This update for avahi fixes the following issues:
- Do not cache responses generated locally (bsc#1163683)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4395-1
Released: Fri Dec 9 11:02:36 2022
Summary: Security update for samba
Type: security
Severity: important
References: 1200102,1201490,1201492,1201493,1201495,1201496,1201689,1204254,1205126,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746,CVE-2022-3437,CVE-2022-42898
This update for samba fixes the following issues:
Version update to 4.15.12.
Security issues fixed:
- CVE-2022-2031: Fixed AD users that could have bypassed certain restrictions associated with changing passwords (bsc#1201495).
- CVE-2022-32742: Fixed SMB1 code that does not correctly verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths (bsc#1201496).
- CVE-2022-32744: Fixed AD users that could have forged password change requests for any user (bsc#1201493).
- CVE-2022-32745: Fixed AD users that could have crashed the server process with an LDAP add or modify request (bsc#1201492).
- CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490).
- CVE-2022-3437: Fixed buffer overflow in Heimdal unwrap_des3() (bsc#1204254).
- CVE-2022-42898: Fixed Samba buffer overflow vulnerabilities on 32-bit systems (bsc#1205126).
Bug fixes:
- Install a systemd drop-in file for named service to allow read/write access to the DLZ directory (bsc#1201689).
- Possible use after free of connection_struct when iterating smbd_server_connection->connections (bsc#1200102).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4412-1
Released: Tue Dec 13 04:47:03 2022
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1204706
This update for suse-build-key fixes the following issues:
- added /usr/share/pki/containers directory for container pem keys
(cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4463-1
Released: Tue Dec 13 17:04:31 2022
Summary: Security update for containerd
Type: security
Severity: important
References: 1197284,1206065,1206235,CVE-2022-23471,CVE-2022-27191
This update for containerd fixes the following issues:
Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065).
Also includes the following fix:
- CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).
- CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4470-1
Released: Wed Dec 14 06:05:48 2022
Summary: Recommended update for sudo
Type: recommended
Severity: important
References: 1197998
This update for sudo fixes the following issues:
- Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update
(bsc#1197998)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4499-1
Released: Thu Dec 15 10:48:49 2022
Summary: Recommended update for openssh
Type: recommended
Severity: moderate
References: 1179465
This update for openssh fixes the following issues:
- Make ssh connections update their dbus environment (bsc#1179465):
* Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish
The following package changes have been done:
- containerd-ctr-1.6.12-150000.79.1 updated
- containerd-1.6.12-150000.79.1 updated
- dracut-049.1+suse.247.gfb7df05c-150200.3.63.1 updated
- google-guest-configs-20220211.00-150000.1.22.1 updated
- grub2-i386-pc-2.04-150300.22.25.1 updated
- grub2-x86_64-efi-2.04-150300.22.25.1 updated
- grub2-2.04-150300.22.25.1 updated
- krb5-1.19.2-150300.7.7.1 updated
- libavahi-client3-0.7-150100.3.21.4 updated
- libavahi-common3-0.7-150100.3.21.4 updated
- libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated
- libgcc_s1-12.2.1+git416-150000.1.5.1 updated
- libgnutls30-3.6.7-150200.14.22.1 updated
- libhugetlbfs-2.20-3.3.1 added
- libpython3_6m1_0-3.6.15-150300.10.37.2 updated
- libstdc++6-12.2.1+git416-150000.1.5.1 updated
- nfsidmap-0.26-150000.3.7.1 updated
- nvme-cli-1.13-150300.3.23.2 added
- openssh-clients-8.4p1-150300.3.15.4 updated
- openssh-common-8.4p1-150300.3.15.4 updated
- openssh-server-8.4p1-150300.3.15.4 updated
- openssh-8.4p1-150300.3.15.4 updated
- python3-base-3.6.15-150300.10.37.2 updated
- python3-3.6.15-150300.10.37.2 updated
- rpm-ndb-4.14.3-150300.52.1 updated
- rsyslog-8.2106.0-150200.4.35.1 updated
- samba-client-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 updated
- sudo-1.9.5p2-150300.3.16.1 updated
- supportutils-3.1.21-150300.7.35.15.1 updated
- suse-build-key-12.0-150000.8.28.1 updated
- tar-1.34-150000.3.22.3 updated
- vim-data-common-9.0.0814-150000.5.28.1 updated
- vim-9.0.0814-150000.5.28.1 updated
- wget-1.20.3-150000.3.15.1 updated
- wicked-service-0.6.70-150300.4.8.1 updated
- wicked-0.6.70-150300.4.8.1 updated
More information about the sle-security-updates
mailing list