SUSE-CU-2022:3455-1: Security update of suse/sle15

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Dec 23 08:45:21 UTC 2022


SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:3455-1
Container Tags        : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.25 , suse/sle15:15.4 , suse/sle15:15.4.27.14.25
Container Release     : 27.14.25
Severity              : important
Type                  : security
References            : 1175622 1179584 1188882 1196205 1200581 1203274 1204867 1206308
                        1206309 944832 CVE-2022-43551 CVE-2022-43552 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4597-1
Released:    Wed Dec 21 10:13:11 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1206308,1206309,CVE-2022-43551,CVE-2022-43552
This update for curl fixes the following issues:

- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:4601-1
Released:    Wed Dec 21 12:23:59 2022
Summary:     Feature update for GNOME 41
Type:        feature
Severity:    moderate
References:  1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832
This update for GNOME 41 fixes the following issues:

atkmm1_6:

- Version update from 2.28.1 to 2.28.3 (jsc#PED-2235):
  * Meson build: Avoid unnecessary configuration warnings
  * Meson build: Perl is not required by new versions of mm-common
  * Meson build: Require meson >= 0.55.0
  * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson.
  * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build
  * Support building with Visual Studio 2022

eog:

- Version update from 41.1 to 41.2 (jsc#PED-2235):
  * eog-window: use correct type for display_profile
  * Fix discovery of Evince for multi-page images

evince:

- Version update 41.3 to 41.4 (jsc#PED-2235):
  * shell: Fix failures when thumbnail extraction takes too long
  * Fix build with meson 0.60.0 and newer

evolution:
    
- Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235)
    
evolution-data-center:

- Version update from 3.42.4 to 3.42.5 (jsc#PED-2235):
  * Google OAuth out-of-band (oob) flow will be deprecated

folks:

- Version update 0.15.3 to 0.15.5 (jsc#PED-2235):
  * vapi: Add missing generic type argument
  * Fix docs build against newer eds version
  * Fix build against newer eds version
  * Remove volatile keyword from tests

gcr:

- Version update 3.41.0 to 3.41.1 (jsc#PED-2235):
  * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands
  * Add gi-docgen dependency which is needed by the docs
  * Fix build with meson 0.60.0 and newer
  * Fix build without systemd 
  * Several CI fixes

geocode-glib:

- Version update from 3.26.2 to 3.26.4 (jsc#PED-2235):
   * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port
   * Add support for libsoup 3.x

gjs:

- Version update from 1.70.1 to 1.70.2 (jsc#PED-2235):
  * Build and compatibility fixes backported from the development branch
  * Reverse order of running-from-source checks
- Require xorg-x11-Xvfb for proper package build (bsc#1203274)


glib2:

- Version update from 2.70.4 to 2.70.5 (jsc#PED-2235):
  * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555
  * Split gtk-docs from -devel package, these are not needed during building projects using glib2


gnome-control-center:

- Fix the size of logo icon in About system (bsc#1200581)
- Version update from 41.4 to 41.7 (jsc#PED-2235):
  * Cellular: Remove duplicate line from .desktop
  * Info: Allow changing 'Device Name' by pressing 'Enter'
  * Info: Remove trailing space after CPU name
  * Keyboard: Fix crash resetting all keyboard shortcuts
  * Keyboard: Fix leaks
  * Network: Fix saving passwords for non-wifi connections
  * Network: Fix critical when opening VPN details page
  * Wacom: Fix leaks

gnome-desktop:

- Version update from 41.2 to 41.8 (jsc#PED-2235):
  * Version increase but no actual changes

gnome-music:

- Version update from 41.0 to 41.1 (jsc#PED-2235):
  * Ensure the correct album is played
  * Fix build with meson 0.61.0 and newer
  * Fix crash on empty selection
  * Fix incorrect playlist import
  * Fix time displayed in RTL languages
  * Improve async queue work
  * Make random shuffle actually random
  * Make shuffle random
  * Speed increase on first startup on larger collections
  * Time is reversed in RTL

gnome-remote-desktop:

- Version update from 41.2 to 41.3 (jsc#PED-2235):
  * Add Icelandic translation

gnome-session:

- Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867)
- Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882)
  
gnome-shell:

- Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832)
- Version update from 41.4 to 41.9 (jsc#PED-2235):
  * Allow extension updates with only Extension Manager installed
  * Allow more intermediate icon sizes in app grid
  * Disable workspace switching while in search.
  * Do not create systemd scope for D-Bus activated apps
  * Fix calendar to correctly align world clocks header in RTL
  * Fix drag placeholder position in dash in RTL locales
  * Fix edge case where windows stay dimmed after a modal is closed
  * Fix feedback when turning on a11y features by keyboard
  * Fix focus tracking in magnifier on wayland
  * Fix fractional timezone offsets in world clock
  * Fix glitches in overview transition
  * Fix logging in with realmd
  * Fix memory leak
  * Fix opening device settings for enterprise WPA networks
  * Fix programatically set scrollview fade
  * Fix regression in ibus support
  * Fix unresponsive top bar in overview when in fullscreen
  * Handle monitor changes during startup animation
  * Hide overview after 'Show Details' from app context menu
  * Improve Belgian on-screen keyboard layout
  * Improve CSS shadow appearance
  * Make sure startup animation completes
  * Misc. bug fixes and cleanups
  * Only close messages via delete key if they can be closed
  * Respect IM hint for candidates list in on-screen keyboard
    
gnome-software:

- Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832)
- Version update from 41.4 to 41.5 (jsc#PED-2235):
  * Added several appstream-related fixed
  * Disable scroll-by-mouse-wheel on featured carousel
  * Ensure details page shows app provided on command line


gnome-terminal:

- Version update from 3.42.2 to 3.42.3 (jsc#PED-2235):
  * Fix build with meson 0.61.0 and newer
  * window: Use a normal menu for the popup menu

gnome-user-docs:

- Version update from 41.1 to 41.5 (jsc#PED-2235):
  * Added missing icon for network-wired-symbolic

gspell:

- Version update from 1.8.4 to 1.10.0 (jsc#PED-2235):
  * Build: distribute more files in tarballs
  * Documentation improvements

gtkmm3:

- Version update from 3.24.5 to 3.24.6 (jsc#PED-2235):
  * Build with Meson: MSVC build: Support Visual Studio 2022
  * Check if Perl is required for building documentation
  * Don't use deprecated python3.path() and execute (..., gui_app...)
  * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler
  * Object::_release_c_instance(): Unref orphan managed widgets
  * SizeGroup demo: Set active items in the combo boxs, so something is shown
  * Specify 'check' option in run_command()

gtk-vnc:

- Version update from 1.3.0 to 1.3.1 (jsc#PED-2235):
  * Add 'check' arg to meson run_command()
  * Fix invalid use of subprojects with meson
  * Support ZRLE encoding for zero size alpha cursors

gupnp-av:

- Version update from 0.12.11 to 0.14.1 (jsc#PED-2235):
  * Add utility function to format GDateTime to the iso variant DIDL expects
  * Allow to be used as a subproject
  * Drop autotools
  * Fix stripping @refID
  * Fix unsetting subtitleFileType
  * Make Feature derivable again
  * Obsolete code removal.
  * Port to modern GObject
  * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead.
  * Switch to meson build system, following upstream
- Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library
- Conflict with the wrongly provided libgupnp-av-1_0-2
  
gvfs:

- Version update from 1.48.1 to 1.48.2 (jsc#PED-2235):
  * sftp: Adapt on new OpenSSH password prompts
  * smb: Rework anonymous handling to avoid EINVAL
  * smb: Ignore EINVAL for kerberos/ccache login

libgsf:

- Version update from 1.14.48 to 1.14.50 (jsc#PED-2235):
  * Fix error handling problem when writing ole files
  * Fix problems with non-western text in OLE properties
  * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available

libmediaart:

- Version update from 1.9.5 to 1.9.6 (jsc#PED-2235):
  * build: Add introspection/vapi/tests options
  * build: Use library() to optionally build a static library

libnma:

- Version update from 1.8.32 to 1.8.40 (jsc#PED-2235):
  * Ad-Hoc networks now default to using WPA2 instead of WEP
  * Add possibility of building libnma-gtk4 library with Gtk4 support
  * Do not allow setting empty 802.1x domain for EAP TLS
  * Fixed keyboard accelerator for certificate chooser
  * Fixed libnma-gtk4 version of mobile-wizard
  * Include OWE wireless security option
  * The GtkBuilder files for Gtk4 are now included in the release tarball
  * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status
- New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel
- Split out documentation files in own docs sub-package

libnotify:

- Version update from 0.7.10 to 0.7.12 (jsc#PED-2235):
  * Delete unused notifynotification.xml
  * Fix potential build errors with old glib version we require
  * docs/notify-send: Add --transient option to manpage
  * notification: Bookend calling NotifyActionCallback with temporary reference
  * notification: Include sender-pid hint by default if not provided
  * notify-send: Add debug message about server not supporting persistence
  * notify-send: Add explicit option to create transient notifications
  * notify-send: Add support for boolean hints
  * notify-send: Move server capabilities check to a separate function
  * notify-send: Support passing any hint value, by parsing variant strings

libpeas:

- Version update from 1.30.0 to 1.32.0 (jsc#PED-2235):
  * Icon licenses have been corrected
  * Parallel build system operation fixes
  * Use gi-docgen for documentation
  * Various build warnings squashed
  * Various GIR data that should not have been exported was removed
- Stop packaging the demo files/sub-package

librsvg:

- Version update from 2.52.6 to 2.52.9 (jsc#PED-2235):
  * Catch circular references when rendering patterns
  * Fix regressions when computing element geometries
  * Fix regression outputting all text as paths

libsecret:

- Version update from 0.20.4 to 0.20.5 (jsc#PED-2235):
  * Add bash-completion for secret-tool
  * Add locking capabilities to secret tool
  * Add support for TPM2 based secret storage
  * Create default collection after DBus.Error.UnknownObject
  * Detect local storage in snaps in the same way as flatpaks
  * Drop autotools-based build
  * GI annotation and documentation fixes
  * Port documentation to gi-docgen
  * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask
  * secret-file-backend: Avoid closing the same file descriptor twice

mutter:

- Version update from 41.5 to 41.9 (jsc#PED-2235):
  * Fix '--replace option'
  * Fix missing root window properties after XWayland start
  * Fix night light without GAMMA_LUT property
  * KMS: Survive missing GAMMA_LUT property
  * wayland: Fix rotation transform
  * Misc. bug fixes

nautilus:

- Version update from 41.2 to 41.5(jsc#PED-2235):
  * Drag-and-drop bugfixes
  * HighContrast style fixes

orca:

- Version update from 41.1 to 41.3 (jsc#PED-2235):
  * Add more event-flood detection and handling for improved performance
  * Fix bug causing accessing preferences to fail for Esperanto
  * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over
  * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant)
  * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x

python-cairo:

- Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo

python-gobject:

- Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584)
  
- Version update from 3.42.0 to 3.42.2 (jsc#PED-2235):
  * Add a workaround for a PyPy 3.9+ bug when threads are used
  * Do not error out for unknown scopes
  * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases
  * Fix a crash/refcounting error in case marshaling a hash table fails
  * Fix crashes when marshaling zero terminated arrays for certain item types
  * Implement DynamicImporter.find_spec() to silence deprecation warning
  * Make the test suite pass again with PyPy
  * Some test/CI fixes
  * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4
  * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4
  * interface: Fix leak when overriding GInterfaceInfo
  * setup.py: look up pycairo headers without importing the module

trackers-python:

- Allow system calls used by gstreamer (bsc#1196205)
- Version update from 3.2.2 to 3.2.1 (jsc#PED-2235):
  * Backport seccomp rules for rseq and mbind syscalls

vala:

- Version update from 0.54.6 to 0.54.8 (jsc#PED-2235):
  * Add missing TraverseVisitor.visit_data_type()
  * Add support for 'copy_/free_function' metadata for compact classes
  * Catch and throw possible inner error of lock statements
  * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore
  * Don't count instance-parameter when checking for backwards closure reference
  * Fix a few binding errors
  * Free empty stack list for code contexts
  * Handle duplicated and unnamed symbols.
  * Improve UI parsing and handling of nested objects and properties
  * Make sure to drop our 'trap' jump target in case of an error
  * Move dynamic property errors to semantic analyzer pass
  * Require lvalue access of delegate target/destroy 'fields'
  * Show source location when reporting deprecations
  * Transform assignment of an array element as needed
  * manual: Update from wiki.gnome.org
  * parser: Improve handling of nullable VarType in with-statement
  * parser: Reduce the source reference of main block method to its beginning

xdg-desktop-portal-gnome:

- Version update from 0.54.6 to 0.54.8 (jsc#PED-2235):
  * Properly bind property in Lockdown portal


The following package changes have been done:

- curl-7.79.1-150400.5.12.1 updated
- libcurl4-7.79.1-150400.5.12.1 updated
- libglib-2_0-0-2.70.5-150400.3.3.1 updated


More information about the sle-security-updates mailing list