SUSE-CU-2022:3455-1: Security update of suse/sle15
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Dec 23 08:45:21 UTC 2022
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:3455-1
Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.25 , suse/sle15:15.4 , suse/sle15:15.4.27.14.25
Container Release : 27.14.25
Severity : important
Type : security
References : 1175622 1179584 1188882 1196205 1200581 1203274 1204867 1206308
1206309 944832 CVE-2022-43551 CVE-2022-43552
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4597-1
Released: Wed Dec 21 10:13:11 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552
This update for curl fixes the following issues:
- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:4601-1
Released: Wed Dec 21 12:23:59 2022
Summary: Feature update for GNOME 41
Type: feature
Severity: moderate
References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832
This update for GNOME 41 fixes the following issues:
atkmm1_6:
- Version update from 2.28.1 to 2.28.3 (jsc#PED-2235):
* Meson build: Avoid unnecessary configuration warnings
* Meson build: Perl is not required by new versions of mm-common
* Meson build: Require meson >= 0.55.0
* Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson.
* Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build
* Support building with Visual Studio 2022
eog:
- Version update from 41.1 to 41.2 (jsc#PED-2235):
* eog-window: use correct type for display_profile
* Fix discovery of Evince for multi-page images
evince:
- Version update 41.3 to 41.4 (jsc#PED-2235):
* shell: Fix failures when thumbnail extraction takes too long
* Fix build with meson 0.60.0 and newer
evolution:
- Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235)
evolution-data-center:
- Version update from 3.42.4 to 3.42.5 (jsc#PED-2235):
* Google OAuth out-of-band (oob) flow will be deprecated
folks:
- Version update 0.15.3 to 0.15.5 (jsc#PED-2235):
* vapi: Add missing generic type argument
* Fix docs build against newer eds version
* Fix build against newer eds version
* Remove volatile keyword from tests
gcr:
- Version update 3.41.0 to 3.41.1 (jsc#PED-2235):
* Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands
* Add gi-docgen dependency which is needed by the docs
* Fix build with meson 0.60.0 and newer
* Fix build without systemd
* Several CI fixes
geocode-glib:
- Version update from 3.26.2 to 3.26.4 (jsc#PED-2235):
* Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port
* Add support for libsoup 3.x
gjs:
- Version update from 1.70.1 to 1.70.2 (jsc#PED-2235):
* Build and compatibility fixes backported from the development branch
* Reverse order of running-from-source checks
- Require xorg-x11-Xvfb for proper package build (bsc#1203274)
glib2:
- Version update from 2.70.4 to 2.70.5 (jsc#PED-2235):
* Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555
* Split gtk-docs from -devel package, these are not needed during building projects using glib2
gnome-control-center:
- Fix the size of logo icon in About system (bsc#1200581)
- Version update from 41.4 to 41.7 (jsc#PED-2235):
* Cellular: Remove duplicate line from .desktop
* Info: Allow changing 'Device Name' by pressing 'Enter'
* Info: Remove trailing space after CPU name
* Keyboard: Fix crash resetting all keyboard shortcuts
* Keyboard: Fix leaks
* Network: Fix saving passwords for non-wifi connections
* Network: Fix critical when opening VPN details page
* Wacom: Fix leaks
gnome-desktop:
- Version update from 41.2 to 41.8 (jsc#PED-2235):
* Version increase but no actual changes
gnome-music:
- Version update from 41.0 to 41.1 (jsc#PED-2235):
* Ensure the correct album is played
* Fix build with meson 0.61.0 and newer
* Fix crash on empty selection
* Fix incorrect playlist import
* Fix time displayed in RTL languages
* Improve async queue work
* Make random shuffle actually random
* Make shuffle random
* Speed increase on first startup on larger collections
* Time is reversed in RTL
gnome-remote-desktop:
- Version update from 41.2 to 41.3 (jsc#PED-2235):
* Add Icelandic translation
gnome-session:
- Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867)
- Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882)
gnome-shell:
- Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832)
- Version update from 41.4 to 41.9 (jsc#PED-2235):
* Allow extension updates with only Extension Manager installed
* Allow more intermediate icon sizes in app grid
* Disable workspace switching while in search.
* Do not create systemd scope for D-Bus activated apps
* Fix calendar to correctly align world clocks header in RTL
* Fix drag placeholder position in dash in RTL locales
* Fix edge case where windows stay dimmed after a modal is closed
* Fix feedback when turning on a11y features by keyboard
* Fix focus tracking in magnifier on wayland
* Fix fractional timezone offsets in world clock
* Fix glitches in overview transition
* Fix logging in with realmd
* Fix memory leak
* Fix opening device settings for enterprise WPA networks
* Fix programatically set scrollview fade
* Fix regression in ibus support
* Fix unresponsive top bar in overview when in fullscreen
* Handle monitor changes during startup animation
* Hide overview after 'Show Details' from app context menu
* Improve Belgian on-screen keyboard layout
* Improve CSS shadow appearance
* Make sure startup animation completes
* Misc. bug fixes and cleanups
* Only close messages via delete key if they can be closed
* Respect IM hint for candidates list in on-screen keyboard
gnome-software:
- Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832)
- Version update from 41.4 to 41.5 (jsc#PED-2235):
* Added several appstream-related fixed
* Disable scroll-by-mouse-wheel on featured carousel
* Ensure details page shows app provided on command line
gnome-terminal:
- Version update from 3.42.2 to 3.42.3 (jsc#PED-2235):
* Fix build with meson 0.61.0 and newer
* window: Use a normal menu for the popup menu
gnome-user-docs:
- Version update from 41.1 to 41.5 (jsc#PED-2235):
* Added missing icon for network-wired-symbolic
gspell:
- Version update from 1.8.4 to 1.10.0 (jsc#PED-2235):
* Build: distribute more files in tarballs
* Documentation improvements
gtkmm3:
- Version update from 3.24.5 to 3.24.6 (jsc#PED-2235):
* Build with Meson: MSVC build: Support Visual Studio 2022
* Check if Perl is required for building documentation
* Don't use deprecated python3.path() and execute (..., gui_app...)
* GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler
* Object::_release_c_instance(): Unref orphan managed widgets
* SizeGroup demo: Set active items in the combo boxs, so something is shown
* Specify 'check' option in run_command()
gtk-vnc:
- Version update from 1.3.0 to 1.3.1 (jsc#PED-2235):
* Add 'check' arg to meson run_command()
* Fix invalid use of subprojects with meson
* Support ZRLE encoding for zero size alpha cursors
gupnp-av:
- Version update from 0.12.11 to 0.14.1 (jsc#PED-2235):
* Add utility function to format GDateTime to the iso variant DIDL expects
* Allow to be used as a subproject
* Drop autotools
* Fix stripping @refID
* Fix unsetting subtitleFileType
* Make Feature derivable again
* Obsolete code removal.
* Port to modern GObject
* Remove hand-written ref-counting, use RcBox/AtomicRcBox instead.
* Switch to meson build system, following upstream
- Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library
- Conflict with the wrongly provided libgupnp-av-1_0-2
gvfs:
- Version update from 1.48.1 to 1.48.2 (jsc#PED-2235):
* sftp: Adapt on new OpenSSH password prompts
* smb: Rework anonymous handling to avoid EINVAL
* smb: Ignore EINVAL for kerberos/ccache login
libgsf:
- Version update from 1.14.48 to 1.14.50 (jsc#PED-2235):
* Fix error handling problem when writing ole files
* Fix problems with non-western text in OLE properties
* Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available
libmediaart:
- Version update from 1.9.5 to 1.9.6 (jsc#PED-2235):
* build: Add introspection/vapi/tests options
* build: Use library() to optionally build a static library
libnma:
- Version update from 1.8.32 to 1.8.40 (jsc#PED-2235):
* Ad-Hoc networks now default to using WPA2 instead of WEP
* Add possibility of building libnma-gtk4 library with Gtk4 support
* Do not allow setting empty 802.1x domain for EAP TLS
* Fixed keyboard accelerator for certificate chooser
* Fixed libnma-gtk4 version of mobile-wizard
* Include OWE wireless security option
* The GtkBuilder files for Gtk4 are now included in the release tarball
* WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status
- New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel
- Split out documentation files in own docs sub-package
libnotify:
- Version update from 0.7.10 to 0.7.12 (jsc#PED-2235):
* Delete unused notifynotification.xml
* Fix potential build errors with old glib version we require
* docs/notify-send: Add --transient option to manpage
* notification: Bookend calling NotifyActionCallback with temporary reference
* notification: Include sender-pid hint by default if not provided
* notify-send: Add debug message about server not supporting persistence
* notify-send: Add explicit option to create transient notifications
* notify-send: Add support for boolean hints
* notify-send: Move server capabilities check to a separate function
* notify-send: Support passing any hint value, by parsing variant strings
libpeas:
- Version update from 1.30.0 to 1.32.0 (jsc#PED-2235):
* Icon licenses have been corrected
* Parallel build system operation fixes
* Use gi-docgen for documentation
* Various build warnings squashed
* Various GIR data that should not have been exported was removed
- Stop packaging the demo files/sub-package
librsvg:
- Version update from 2.52.6 to 2.52.9 (jsc#PED-2235):
* Catch circular references when rendering patterns
* Fix regressions when computing element geometries
* Fix regression outputting all text as paths
libsecret:
- Version update from 0.20.4 to 0.20.5 (jsc#PED-2235):
* Add bash-completion for secret-tool
* Add locking capabilities to secret tool
* Add support for TPM2 based secret storage
* Create default collection after DBus.Error.UnknownObject
* Detect local storage in snaps in the same way as flatpaks
* Drop autotools-based build
* GI annotation and documentation fixes
* Port documentation to gi-docgen
* Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask
* secret-file-backend: Avoid closing the same file descriptor twice
mutter:
- Version update from 41.5 to 41.9 (jsc#PED-2235):
* Fix '--replace option'
* Fix missing root window properties after XWayland start
* Fix night light without GAMMA_LUT property
* KMS: Survive missing GAMMA_LUT property
* wayland: Fix rotation transform
* Misc. bug fixes
nautilus:
- Version update from 41.2 to 41.5(jsc#PED-2235):
* Drag-and-drop bugfixes
* HighContrast style fixes
orca:
- Version update from 41.1 to 41.3 (jsc#PED-2235):
* Add more event-flood detection and handling for improved performance
* Fix bug causing accessing preferences to fail for Esperanto
* Web: Fix bug causing widgets descending from off-screen label elements to be skipped over
* Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant)
* WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x
python-cairo:
- Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo
python-gobject:
- Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584)
- Version update from 3.42.0 to 3.42.2 (jsc#PED-2235):
* Add a workaround for a PyPy 3.9+ bug when threads are used
* Do not error out for unknown scopes
* Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases
* Fix a crash/refcounting error in case marshaling a hash table fails
* Fix crashes when marshaling zero terminated arrays for certain item types
* Implement DynamicImporter.find_spec() to silence deprecation warning
* Make the test suite pass again with PyPy
* Some test/CI fixes
* gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4
* gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4
* interface: Fix leak when overriding GInterfaceInfo
* setup.py: look up pycairo headers without importing the module
trackers-python:
- Allow system calls used by gstreamer (bsc#1196205)
- Version update from 3.2.2 to 3.2.1 (jsc#PED-2235):
* Backport seccomp rules for rseq and mbind syscalls
vala:
- Version update from 0.54.6 to 0.54.8 (jsc#PED-2235):
* Add missing TraverseVisitor.visit_data_type()
* Add support for 'copy_/free_function' metadata for compact classes
* Catch and throw possible inner error of lock statements
* Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore
* Don't count instance-parameter when checking for backwards closure reference
* Fix a few binding errors
* Free empty stack list for code contexts
* Handle duplicated and unnamed symbols.
* Improve UI parsing and handling of nested objects and properties
* Make sure to drop our 'trap' jump target in case of an error
* Move dynamic property errors to semantic analyzer pass
* Require lvalue access of delegate target/destroy 'fields'
* Show source location when reporting deprecations
* Transform assignment of an array element as needed
* manual: Update from wiki.gnome.org
* parser: Improve handling of nullable VarType in with-statement
* parser: Reduce the source reference of main block method to its beginning
xdg-desktop-portal-gnome:
- Version update from 0.54.6 to 0.54.8 (jsc#PED-2235):
* Properly bind property in Lockdown portal
The following package changes have been done:
- curl-7.79.1-150400.5.12.1 updated
- libcurl4-7.79.1-150400.5.12.1 updated
- libglib-2_0-0-2.70.5-150400.3.3.1 updated
More information about the sle-security-updates
mailing list