SUSE-CU-2022:64-1: Security update of caasp/v4/389-ds
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Jan 27 07:42:07 UTC 2022
SUSE Container Update Advisory: caasp/v4/389-ds
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:64-1
Container Tags : caasp/v4/389-ds:1.4.2 , caasp/v4/389-ds:1.4.2-rev5 , caasp/v4/389-ds:1.4.2-rev5-build3.5.450
Container Release : 3.5.450
Severity : critical
Type : security
References : 1027496 1029961 1029961 1029961 1040589 1047218 1050625 1078466
1084671 1102408 1106014 1113013 1122417 1125671 1125886 1134353
1138715 1138746 1140565 1141597 1146705 1153687 1154393 1154935
1155094 1157818 1158812 1158958 1158959 1158960 1159491 1159715
1159847 1159850 1160309 1160438 1160439 1161268 1162581 1164719
1167471 1169006 1171257 1171962 1172091 1172115 1172234 1172236
1172240 1172308 1172973 1172974 1173641 1174016 1174091 1174436
1174504 1174514 1174571 1174697 1174701 1174942 1175289 1175448
1175449 1175458 1175514 1175519 1175623 1176201 1176206 1176262
1176293 1176389 1176784 1176785 1176934 1177120 1177211 1177238
1177275 1177427 1177460 1177460 1177460 1177490 1177583 1177976
1178009 1178168 1178219 1178236 1178386 1178554 1178561 1178577
1178624 1178675 1178775 1178775 1178823 1178825 1178909 1178910
1178966 1179083 1179193 1179222 1179363 1179382 1179503 1179630
1179694 1179721 1179756 1179816 1179824 1179831 1179847 1179909
1180020 1180038 1180064 1180073 1180077 1180083 1180125 1180138
1180225 1180377 1180596 1180603 1180603 1180603 1180663 1180686
1180721 1180851 1180885 1180995 1181011 1181126 1181328 1181368
1181443 1181505 1181622 1181831 1181874 1181976 1182016 1182117
1182279 1182281 1182293 1182328 1182331 1182333 1182362 1182372
1182379 1182382 1182408 1182411 1182412 1182413 1182415 1182416
1182417 1182418 1182419 1182420 1182421 1182422 1182604 1182629
1182791 1182936 1183064 1183085 1183094 1183268 1183370 1183371
1183374 1183374 1183456 1183457 1183589 1183628 1183791 1183797
1183858 1183933 1183942 1184326 1184358 1184399 1184401 1184435
1184614 1184614 1184690 1184761 1184967 1184994 1184994 1184997
1184997 1185016 1185046 1185092 1185163 1185239 1185281 1185325
1185331 1185408 1185408 1185409 1185409 1185410 1185410 1185417
1185438 1185524 1185540 1185562 1185588 1185698 1185807 1185910
1185958 1186015 1186049 1186114 1186447 1186489 1186503 1186602
1186674 1186910 1187060 1187153 1187210 1187212 1187224 1187270
1187273 1187292 1187338 1187400 1187425 1187466 1187512 1187654
1187668 1187738 1187760 1187911 1187993 1188018 1188063 1188063
1188127 1188156 1188217 1188218 1188219 1188220 1188291 1188344
1188435 1188571 1188623 1188713 1188891 1188921 1189031 1189206
1189241 1189287 1189465 1189465 1189480 1189521 1189521 1189683
1189803 1189929 1189996 1190052 1190059 1190199 1190234 1190325
1190356 1190373 1190374 1190440 1190465 1190645 1190712 1190739
1190793 1190815 1190915 1190933 1190984 1191252 1191286 1191324
1191370 1191563 1191609 1191987 1192161 1192248 1192337 1192436
1192688 1192717 1192790 1193170 1193480 1193481 1193488 1193521
1193845 1194251 1194362 1194474 1194476 1194477 1194478 1194479
1194480 928700 928701 954813 CVE-2015-3414 CVE-2015-3415 CVE-2016-10228
CVE-2017-9271 CVE-2018-15750 CVE-2018-15751 CVE-2019-16935 CVE-2019-18348
CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646
CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926
CVE-2019-19959 CVE-2019-20218 CVE-2019-20838 CVE-2019-20907 CVE-2019-20916
CVE-2019-25013 CVE-2019-5010 CVE-2020-11651 CVE-2020-11652 CVE-2020-12400
CVE-2020-12401 CVE-2020-12403 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630
CVE-2020-13631 CVE-2020-13632 CVE-2020-14155 CVE-2020-14343 CVE-2020-14422
CVE-2020-15358 CVE-2020-24370 CVE-2020-24371 CVE-2020-25592 CVE-2020-25648
CVE-2020-25659 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-26137
CVE-2020-27618 CVE-2020-27619 CVE-2020-29361 CVE-2020-29562 CVE-2020-29573
CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225
CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230
CVE-2020-6829 CVE-2020-8492 CVE-2020-9327 CVE-2021-20231 CVE-2021-20232
CVE-2021-20305 CVE-2021-22876 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923
CVE-2021-22924 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-23336
CVE-2021-23840 CVE-2021-23841 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984
CVE-2021-23987 CVE-2021-24031 CVE-2021-24032 CVE-2021-25315 CVE-2021-27212
CVE-2021-27218 CVE-2021-27219 CVE-2021-31607 CVE-2021-3177 CVE-2021-3326
CVE-2021-33560 CVE-2021-33574 CVE-2021-33910 CVE-2021-33910 CVE-2021-3426
CVE-2021-3426 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517
CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541
CVE-2021-3580 CVE-2021-35942 CVE-2021-36222 CVE-2021-3712 CVE-2021-3712
CVE-2021-3733 CVE-2021-3737 CVE-2021-37600 CVE-2021-37750 CVE-2021-38185
CVE-2021-38185 CVE-2021-39537 CVE-2021-43527 CVE-2021-43618 CVE-2021-45960
CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825
CVE-2022-22826 CVE-2022-22827
-----------------------------------------------------------------
The container caasp/v4/389-ds was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3853-1
Released: Wed Dec 16 12:27:27 2020
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825
This update for util-linux fixes the following issue:
- Do not trigger the automatic close of CDROM. (bsc#1084671)
- Try to automatically configure broken serial lines. (bsc#1175514)
- Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514)
- Build with `libudev` support to support non-root users. (bsc#1169006)
- Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix warning on mounts to `CIFS` with mount âa. (bsc#1174942)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3930-1
Released: Wed Dec 23 18:19:39 2020
Summary: Security update for python3
Type: security
Severity: important
References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492
This update for python3 fixes the following issues:
- Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support
calls eval() on content retrieved via HTTP.
- Change setuptools and pip version numbers according to new wheels
- Handful of changes to make python36 compatible with SLE15 and SLE12
(jsc#ECO-2799, jsc#SLE-13738)
- add triplets for mips-r6 and riscv
- RISC-V needs CTYPES_PASS_BY_REF_HACK
Update to 3.6.12 (bsc#1179193)
* Ensure python3.dll is loaded from correct locations when Python is embedded
* The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface
incorrectly generated constant hash values of 32 and 128 respectively. This
resulted in always causing hash collisions. The fix uses hash() to generate
hash values for the tuple of (address, mask length, network address).
* Prevent http header injection by rejecting control characters in
http.client.putrequest(â¦).
* Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now
UnpicklingError instead of crashing.
* Avoid infinite loop when reading specially crafted TAR files using the tarfile
module
- This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091).
Update to 3.6.11:
- Disallow CR or LF in email.headerregistry. Address
arguments to guard against header injection attacks.
- Disallow control characters in hostnames in http.client, addressing
CVE-2019-18348. Such potentially malicious header injection URLs now
cause a InvalidURL to be raised. (bsc#1155094)
- CVE-2020-8492: The AbstractBasicAuthHandler class
of the urllib.request module uses an inefficient regular
expression which can be exploited by an attacker to cause
a denial of service. Fix the regex to prevent the
catastrophic backtracking. Vulnerability reported by Ben
Caller and Matt Schwager.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Type: recommended
Severity: moderate
References: 1180138
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3943-1
Released: Tue Dec 29 12:24:45 2020
Summary: Recommended update for libxml2
Type: recommended
Severity: moderate
References: 1178823
This update for libxml2 fixes the following issues:
Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823)
* key/unique/keyref schema attributes currently use quadratic loops
to check their various constraints (that keys are unique and that
keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3946-1
Released: Tue Dec 29 17:39:54 2020
Summary: Recommended update for python3
Type: recommended
Severity: important
References: 1180377
This update for python3 fixes the following issues:
- A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3,
which caused regressions in several applications. (bsc#1180377)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:129-1
Released: Thu Jan 14 12:26:15 2021
Summary: Security update for openldap2
Type: security
Severity: moderate
References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710
This update for openldap2 fixes the following issues:
Security issues fixed:
- CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
- CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
Non-security issue fixed:
- Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:220-1
Released: Tue Jan 26 14:00:51 2021
Summary: Recommended update for keyutils
Type: recommended
Severity: moderate
References: 1180603
This update for keyutils fixes the following issues:
- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:233-1
Released: Wed Jan 27 12:15:33 2021
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225
This update for systemd fixes the following issues:
- Added a timestamp to the output of the busctl monitor command (bsc#1180225)
- Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824)
- Improved the caching of cgroups member mask (bsc#1175458)
- Fixed the dependency definition of sound.target (bsc#1179363)
- Fixed a bug that could lead to a potential error, when daemon-reload is called between
StartTransientUnit and scope_start() (bsc#1174436)
- time-util: treat /etc/localtime missing as UTC (bsc#1141597)
- Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:265-1
Released: Mon Feb 1 15:06:45 2021
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1178775,1180885
This update for systemd fixes the following issues:
- Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998))
- Fix for an issue when container start causes interference in other containers. (bsc#1178775)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:293-1
Released: Wed Feb 3 12:52:34 2021
Summary: Recommended update for gmp
Type: recommended
Severity: moderate
References: 1180603
This update for gmp fixes the following issues:
- correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:305-1
Released: Thu Feb 4 15:00:37 2021
Summary: Recommended update for libprotobuf
Type: recommended
Severity: moderate
References:
libprotobuf was updated to fix:
- ship the libprotobuf-lite15 on the base products. (jsc#ECO-2911)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:307-1
Released: Fri Feb 5 05:30:34 2021
Summary: Recommended update for libselinux
Type: recommended
Severity: low
References: 1180603
This update for libselinux fixes the following issues:
- Corrected the license to public domain (bsc#1180603)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:339-1
Released: Mon Feb 8 13:16:07 2021
Summary: Optional update for pam
Type: optional
Severity: low
References:
This update for pam fixes the following issues:
- Added rpm macros for this package, so that other packages can make use of it
This patch is optional to be installed - it doesn't fix any bugs.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:526-1
Released: Fri Feb 19 12:46:27 2021
Summary: Recommended update for python-distro
Type: recommended
Severity: moderate
References:
This update for python-distro fixes the following issues:
Upgrade from version 1.2.0 to 1.5.0 (jsc#ECO-3212)
- Backward compatibility:
- Keep output as native string so we can compatible with python2 interface
- Prefer the `VERSION_CODENAME` field of `os-release` to parsing it from `VERSION`
- Bug Fixes:
- Fix detection of RHEL 6 `ComputeNode`
- Fix Oracle 4/5 `lsb_release` id and names
- Ignore `/etc/plesk-release` file while parsing distribution
- Return `_uname_info` from the `uname_info()` method
- Fixed `CloudLinux` id discovery
- Update Oracle matching
- Warn about wrong locale.
- Documentation:
- Distro is the recommended replacement for `platform.linux_distribution`
- Add Ansible reference implementation and fix arch-linux link
- Add facter reference implementation
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:529-1
Released: Fri Feb 19 14:53:47 2021
Summary: Security update for python3
Type: security
Severity: moderate
References: 1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177
This update for python3 fixes the following issues:
- CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126).
- Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:653-1
Released: Fri Feb 26 19:53:43 2021
Summary: Security update for glibc
Type: security
Severity: important
References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326
This update for glibc fixes the following issues:
- Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973)
- x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649)
- gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)
- iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224)
- iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923)
- Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:723-1
Released: Mon Mar 8 16:45:27 2021
Summary: Security update for openldap2
Type: security
Severity: important
References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212
This update for openldap2 fixes the following issues:
- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the
X.509 DN parsing in decode.c ber_next_element, resulting in denial
of service.
- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN
parsing in ad_keystring, resulting in denial of service.
- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash
in the Certificate List Exact Assertion processing, resulting in
denial of service.
- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the
cancel_extop Cancel operation, resulting in denial of service.
- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the
saslAuthzTo processing, resulting in denial of service.
- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash
in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd
crash in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the
saslAuthzTo validation, resulting in denial of service.
- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact
Assertion processing, resulting in denial of service (schema_init.c
serialNumberAndIssuerCheck).
- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter
control handling, resulting in denial of service (double free and
out-of-bounds read).
- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur
in the issuerAndThisUpdateCheck function via a crafted packet,
resulting in a denial of service (daemon exit) via a short timestamp.
This is related to schema_init.c and checkTime.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:753-1
Released: Tue Mar 9 17:09:57 2021
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1182331,1182333,CVE-2021-23840,CVE-2021-23841
This update for openssl-1_1 fixes the following issues:
- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:786-1
Released: Mon Mar 15 11:19:23 2021
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1176201
This update for zlib fixes the following issues:
- Fixed hw compression on z15 (bsc#1176201)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:890-1
Released: Fri Mar 19 15:51:41 2021
Summary: Security update for glib2
Type: security
Severity: important
References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219
This update for glib2 fixes the following issues:
- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328)
- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:924-1
Released: Tue Mar 23 10:00:49 2021
Summary: Recommended update for filesystem
Type: recommended
Severity: moderate
References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094
This update for filesystem the following issues:
- Remove duplicate line due to merge error
- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)
- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)
This update for systemd fixes the following issues:
- Fix for a possible memory leak. (bsc#1180020)
- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
- Don't use shell redirections when calling a rpm macro. (bsc#1183094)
- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:934-1
Released: Wed Mar 24 12:18:21 2021
Summary: Security update for gnutls
Type: security
Severity: important
References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232
This update for gnutls fixes the following issues:
- CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456).
- CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:947-1
Released: Wed Mar 24 14:30:58 2021
Summary: Security update for python3
Type: security
Severity: moderate
References: 1182379,CVE-2021-23336
This update for python3 fixes the following issues:
- python36 was updated to 3.6.13
- CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:948-1
Released: Wed Mar 24 14:31:34 2021
Summary: Security update for zstd
Type: security
Severity: moderate
References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032
This update for zstd fixes the following issues:
- CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371).
- CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:956-1
Released: Thu Mar 25 19:19:02 2021
Summary: Security update for libzypp, zypper
Type: security
Severity: moderate
References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179816,1179847,1179909,1180077,1180663,1180721,1181328,1181622,1182629,CVE-2017-9271
This update for libzypp, zypper fixes the following issues:
Update zypper to version 1.14.43:
- doc: give more details about creating versioned package locks
(bsc#1181622)
- man: Document synonymously used patch categories (bsc#1179847)
- Fix source-download commands help (bsc#1180663)
- man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816)
- Extend apt packagemap (fixes #366)
- --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077)
- Prefer /run over /var/run.
Update libzypp to 17.25.8:
- Try to provide a mounted /proc in --root installs (bsc#1181328)
Some systemd tools require /proc to be mounted and fail if it's
not there.
- Enable release packages to request a releaxed suse/opensuse
vendorcheck in dup when migrating. (bsc#1182629)
- Patch: Identify well-known category names (bsc#1179847)
This allows to use the RH and SUSE patch categrory names
synonymously:
(recommended = bugfix) and (optional = feature = enhancement).
- Add missing includes for GCC 11 compatibility.
- Fix %posttrans script execution (fixes #265)
The scripts are execuable. No need to call them through 'sh -c'.
- Commit: Fix rpmdb compat symlink in case rpm got removed.
- Repo: Allow multiple baseurls specified on one line (fixes #285)
- Regex: Fix memory leak and undefined behavior.
- Add rpm buildrequires for test suite (fixes #279)
- Use rpmdb2solv new -D switch to tell the location ob the
rpmdatabase to use.
- CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583)
- RepoManager: Force refresh if repo url has changed (bsc#1174016)
- RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966)
- RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427).
- RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat
symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910)
- Fixed update of gpg keys with elongated expire date (bsc#1179222)
- needreboot: remove udev from the list (bsc#1179083)
- Fix lsof monitoring (bsc#1179909)
- Rephrase solver problem descriptions (jsc#SLE-8482)
- Adapt to changed gpg2/libgpgme behavior (bsc#1180721)
- Multicurl backend breaks with with unknown filesize (fixes #277)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:985-1
Released: Tue Mar 30 14:43:43 2021
Summary: Recommended update for the Azure SDK and CLI
Type: recommended
Severity: moderate
References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659
This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit).
(bsc#1176784, jsc#ECO=3105)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1004-1
Released: Thu Apr 1 15:07:09 2021
Summary: Recommended update for libcap
Type: recommended
Severity: moderate
References: 1180073
This update for libcap fixes the following issues:
- Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460)
- Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1007-1
Released: Thu Apr 1 17:47:20 2021
Summary: Security update for MozillaFirefox
Type: security
Severity: important
References: 1183942,CVE-2021-23981,CVE-2021-23982,CVE-2021-23984,CVE-2021-23987
This update for MozillaFirefox fixes the following issues:
- Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942)
* CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
* CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
* CVE-2021-23984: Malicious extensions could have spoofed popup information
* CVE-2021-23987: Memory safety bugs
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1141-1
Released: Mon Apr 12 13:13:36 2021
Summary: Recommended update for openldap2
Type: recommended
Severity: low
References: 1182791
This update for openldap2 fixes the following issues:
- Improved the proxy connection timeout options to prune connections properly (bsc#1182791)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1169-1
Released: Tue Apr 13 15:01:42 2021
Summary: Recommended update for procps
Type: recommended
Severity: low
References: 1181976
This update for procps fixes the following issues:
- Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1296-1
Released: Wed Apr 21 14:09:28 2021
Summary: Optional update for e2fsprogs
Type: optional
Severity: low
References: 1183791
This update for e2fsprogs fixes the following issues:
- Fixed an issue when building e2fsprogs (bsc#1183791)
This patch does not fix any user visible issues and is therefore optional to install.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1297-1
Released: Wed Apr 21 14:10:10 2021
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1178219
This update for systemd fixes the following issues:
- Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot
be stopped properly and would leave mount points mounted.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1407-1
Released: Wed Apr 28 15:49:02 2021
Summary: Recommended update for libcap
Type: recommended
Severity: important
References: 1184690
This update for libcap fixes the following issues:
- Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1412-1
Released: Wed Apr 28 17:09:28 2021
Summary: Security update for libnettle
Type: security
Severity: important
References: 1184401,CVE-2021-20305
This update for libnettle fixes the following issues:
- CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1523-1
Released: Wed May 5 18:24:20 2021
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518
This update for libxml2 fixes the following issues:
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1527-1
Released: Thu May 6 08:58:53 2021
Summary: Recommended update for bash
Type: recommended
Severity: important
References: 1183064
This update for bash fixes the following issues:
- Fixed a segmentation fault that used to occur when bash read a history file
that was malformed in a very specific way. (bsc#1183064)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1543-1
Released: Fri May 7 15:16:32 2021
Summary: Recommended update for patterns-microos
Type: recommended
Severity: moderate
References: 1184435
This update for patterns-microos provides the following fix:
- Require the libvirt-daemon-qemu package and include the needed dependencies in the
product. (bsc#1184435)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1549-1
Released: Mon May 10 13:48:00 2021
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1185417
This update for procps fixes the following issues:
- Support up to 2048 CPU as well. (bsc#1185417)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1557-1
Released: Tue May 11 09:50:00 2021
Summary: Security update for python3
Type: security
Severity: moderate
References: 1183374,CVE-2021-3426
This update for python3 fixes the following issues:
- CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1565-1
Released: Tue May 11 14:20:04 2021
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1185163
This update for krb5 fixes the following issues:
- Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163);
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1592-1
Released: Wed May 12 13:47:41 2021
Summary: Optional update for sed
Type: optional
Severity: low
References: 1183797
This update for sed fixes the following issues:
- Fixed a building issue with glibc-2.31 (bsc#1183797).
This patch is optional to install.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1602-1
Released: Thu May 13 16:35:19 2021
Summary: Recommended update for libsolv, libzypp
Type: recommended
Severity: moderate
References: 1180851,1181874,1182936,1183628,1184997,1185239
This update for libsolv and libzypp fixes the following issues:
libsolv:
Upgrade from version 0.7.17 to version 0.7.19
- Fix rare segfault in `resolve_jobrules()` that could happen if new rules are learned.
- Fix memory leaks in error cases
- Fix error handling in `solv_xfopen_fd()`
- Fix regex code on win32
- fixed memory leak in choice rule generation
- `repo_add_conda`: add a flag to skip version 2 packages.
libzypp:
Upgrade from version 17.25.8 to version 17.25.10
- Properly handle permission denied when providing optional files. (bsc#1185239)
- Fix service detection with `cgroupv2`. (bsc#1184997)
- Add missing includes for GCC 11. (bsc#1181874)
- Fix unsafe usage of static in media verifier.
- `Solver`: Avoid segfault if no system is loaded. (bsc#1183628)
- `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851)
- Do no cleanup in custom cache dirs. (bsc#1182936)
- `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1612-1
Released: Fri May 14 17:09:39 2021
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1184614
This update for openldap2 fixes the following issue:
- Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1643-1
Released: Wed May 19 13:51:48 2021
Summary: Recommended update for pam
Type: recommended
Severity: important
References: 1181443,1184358,1185562
This update for pam fixes the following issues:
- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1647-1
Released: Wed May 19 13:59:12 2021
Summary: Security update for lz4
Type: security
Severity: important
References: 1185438,CVE-2021-3520
This update for lz4 fixes the following issues:
- CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1654-1
Released: Wed May 19 16:43:36 2021
Summary: Security update for libxml2
Type: security
Severity: important
References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537
This update for libxml2 fixes the following issues:
- CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1773-1
Released: Wed May 26 17:22:21 2021
Summary: Recommended update for python3
Type: recommended
Severity: low
References:
This update for python3 fixes the following issues:
- Make sure to close the import_failed.map file after the exception
has been raised in order to avoid ResourceWarnings when the
failing import is part of a try...except block.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1809-1
Released: Mon May 31 16:24:59 2021
Summary: Security update for curl
Type: security
Severity: moderate
References: 1177976,1183933,1186114,CVE-2021-22876,CVE-2021-22898
This update for curl fixes the following issues:
- CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials (bsc#1183933).
- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
- Fix for SFTP uploads when it results in empty uploaded files (bsc#1177976).
- Allow partial chain verification (jsc#SLE-17956).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1846-1
Released: Fri Jun 4 08:46:37 2021
Summary: Recommended update for mozilla-nss
Type: recommended
Severity: moderate
References: 1185910
This update for mozilla-nss fixes the following issue:
- Provide some missing binaries from `mozilla-nss` not added in `SLE-Module-Basesystem_15-SP3`. (bsc#1185910)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1861-1
Released: Fri Jun 4 09:59:40 2021
Summary: Recommended update for gcc10
Type: recommended
Severity: moderate
References: 1029961,1106014,1178577,1178624,1178675,1182016
This update for gcc10 fixes the following issues:
- Disable nvptx offloading for aarch64 again since it doesn't work
- Fixed a build failure issue. (bsc#1182016)
- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
- Fix 32bit 'libgnat.so' link. (bsc#1178675)
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
- Build complete set of multilibs for arm-none target. (bsc#1106014)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1917-1
Released: Wed Jun 9 14:48:05 2021
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1186015,CVE-2021-3541
This update for libxml2 fixes the following issues:
- CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1953-1
Released: Thu Jun 10 16:18:50 2021
Summary: Recommended update for gpg2
Type: recommended
Severity: moderate
References: 1161268,1172308
This update for gpg2 fixes the following issues:
- Fixed an issue where the gpg-agent's ssh-agent does not handle flags
in signing requests properly (bsc#1161268 and bsc#1172308).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2106-1
Released: Mon Jun 21 19:26:06 2021
Summary: Security update for salt
Type: security
Severity: critical
References: 1171257,1176293,1179831,1181368,1182281,1182293,1182382,1185092,1185281,1186674,CVE-2018-15750,CVE-2018-15751,CVE-2020-11651,CVE-2020-11652,CVE-2020-25592,CVE-2021-25315,CVE-2021-31607
This update for salt fixes the following issues:
Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#SLE-18028)
- Check if dpkgnotify is executable (bsc#1186674)
- Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028)
- virt module updates
* network: handle missing ipv4 netmask attribute
* more network support
* PCI/USB host devices passthrough support
- Set distro requirement to oldest supported version in requirements/base.txt
- Bring missing part of async batch implementation back (CVE-2021-25315, bsc#1182382)
- Always require `python3-distro` (bsc#1182293)
- Remove deprecated warning that breaks minion execution when 'server_id_use_crc' opts is missing
- Fix pkg states when DEB package has 'all' arch
- Do not force beacons configuration to be a list.
- Remove msgpack < 1.0.0 from base requirements (bsc#1176293)
- msgpack support for version >= 1.0.0 (bsc#1171257)
- Fix issue parsing errors in ansiblegate state module
- Prevent command injection in the snapper module (bsc#1185281, CVE-2021-31607)
- transactional_update: detect recursion in the executor
- Add subpackage salt-transactional-update (jsc#SLE-18033)
- Improvements on 'ansiblegate' module (bsc#1185092):
* New methods: ansible.targets / ansible.discover_playbooks
- Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
- Regression fix of salt-ssh on processing targets
- Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281)
- Add notify beacon for Debian/Ubuntu systems
- Fix zmq bug that causes salt-call to freeze (bsc#1181368)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2143-1
Released: Wed Jun 23 16:27:04 2021
Summary: Security update for libnettle
Type: security
Severity: important
References: 1187060,CVE-2021-3580
This update for libnettle fixes the following issues:
- CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2157-1
Released: Thu Jun 24 15:40:14 2021
Summary: Security update for libgcrypt
Type: security
Severity: important
References: 1187212,CVE-2021-33560
This update for libgcrypt fixes the following issues:
- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2173-1
Released: Mon Jun 28 14:59:45 2021
Summary: Recommended update for automake
Type: recommended
Severity: moderate
References: 1040589,1047218,1182604,1185540,1186049
This update for automake fixes the following issues:
- Implement generated autoconf makefiles reproducible (bsc#1182604)
- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
- Avoid bashisms in test-driver script. (bsc#1185540)
This update for pcre fixes the following issues:
- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)
This update for brp-check-suse fixes the following issues:
- Add fixes to support reproducible builds. (bsc#1186049)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2196-1
Released: Tue Jun 29 09:41:39 2021
Summary: Security update for lua53
Type: security
Severity: moderate
References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371
This update for lua53 fixes the following issues:
Update to version 5.3.6:
- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2205-1
Released: Wed Jun 30 09:17:41 2021
Summary: Recommended update for openldap2
Type: recommended
Severity: important
References: 1187210
This update for openldap2 fixes the following issues:
- Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2246-1
Released: Mon Jul 5 15:17:49 2021
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400
This update for systemd fixes the following issues:
cgroup: Parse infinity properly for memory protections. (bsc#1167471)
cgroup: Make empty assignments reset to default. (bsc#1167471)
cgroup: Support 0-value for memory protection directives. (bsc#1167471)
core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935)
bus-unit-util: Add proper 'MemorySwapMax' serialization.
core: Accept MemorySwapMax= properties that are scaled.
execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967)
core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331)
Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046)
rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561)
write_net_rules: Set execute bits. (bsc#1178561)
udev: Rework network device renaming.
Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available''
mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
core: fix output (logging) for mount units (#7603) (bsc#1187400)
udev requires systemd in its %post (bsc#1185958)
cgroup: Parse infinity properly for memory protections (bsc#1167471)
cgroup: Make empty assignments reset to default (bsc#1167471)
cgroup: Support 0-value for memory protection directives (bsc#1167471)
Create /run/lock/subsys again (bsc#1187292)
The creation of this directory was mistakenly dropped when
'filesystem' package took the initialization of the generic paths
over.
Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2320-1
Released: Wed Jul 14 17:01:06 2021
Summary: Security update for sqlite3
Type: security
Severity: important
References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327
This update for sqlite3 fixes the following issues:
- Update to version 3.36.0
- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener
optimization (bsc#1173641)
- CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator (bsc#1164719)
- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
- CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference (bsc#1160309)
- CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
- CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
- CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715)
- CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference
(bsc#1159491)
- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with
a shadow table name (bsc#1158960)
- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated
columns (bsc#1158959)
- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements (bsc#1158958)
- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service (bsc#1158812)
- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2404-1
Released: Tue Jul 20 14:21:30 2021
Summary: Security update for systemd
Type: security
Severity: moderate
References: 1184994,1188063,CVE-2021-33910
This update for systemd fixes the following issues:
- CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063)
- Skip udev rules if 'elevator=' is used (bsc#1184994)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2440-1
Released: Wed Jul 21 13:48:24 2021
Summary: Security update for curl
Type: security
Severity: moderate
References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925
This update for curl fixes the following issues:
- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2689-1
Released: Mon Aug 16 10:54:52 2021
Summary: Security update for cpio
Type: security
Severity: important
References: 1189206,CVE-2021-38185
This update for cpio fixes the following issues:
It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2763-1
Released: Tue Aug 17 17:16:22 2021
Summary: Recommended update for cpio
Type: recommended
Severity: critical
References: 1189465
This update for cpio fixes the following issues:
- A regression in last update would cause builds to hang on various architectures(bsc#1189465)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2780-1
Released: Thu Aug 19 16:09:15 2021
Summary: Recommended update for cpio
Type: recommended
Severity: critical
References: 1189465,CVE-2021-38185
This update for cpio fixes the following issues:
- A regression in the previous update could lead to crashes (bsc#1189465)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2800-1
Released: Fri Aug 20 10:43:04 2021
Summary: Security update for krb5
Type: security
Severity: important
References: 1188571,CVE-2021-36222
This update for krb5 fixes the following issues:
- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2817-1
Released: Mon Aug 23 15:05:36 2021
Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3
Type: security
Severity: moderate
References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137
This patch updates the Python AWS SDK stack in SLE 15:
General:
# aws-cli
- Version updated to upstream release v1.19.9
For a detailed list of all changes, please refer to the changelog file of this package.
# python-boto3
- Version updated to upstream release 1.17.9
For a detailed list of all changes, please refer to the changelog file of this package.
# python-botocore
- Version updated to upstream release 1.20.9
For a detailed list of all changes, please refer to the changelog file of this package.
# python-urllib3
- Version updated to upstream release 1.25.10
For a detailed list of all changes, please refer to the changelog file of this package.
# python-service_identity
- Added this new package to resolve runtime dependencies for other packages.
Version: 18.1.0
# python-trustme
- Added this new package to resolve runtime dependencies for other packages.
Version: 0.6.0
Security fixes:
# python-urllib3:
- CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated
by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2831-1
Released: Tue Aug 24 16:20:45 2021
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1189521,CVE-2021-3712
This update for openssl-1_1 fixes the following security issue:
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2938-1
Released: Fri Sep 3 09:19:36 2021
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1184614
This update for openldap2 fixes the following issue:
- openldap2-contrib is shipped to the Legacy Module. (bsc#1184614)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2968-1
Released: Tue Sep 7 09:53:00 2021
Summary: Security update for openssl-1_1
Type: security
Severity: low
References: 1189521,CVE-2021-3712
This update for openssl-1_1 fixes the following issues:
- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.
Read buffer overruns processing ASN.1 strings (bsc#1189521).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3001-1
Released: Thu Sep 9 15:08:13 2021
Summary: Recommended update for netcfg
Type: recommended
Severity: moderate
References: 1189683
This update for netcfg fixes the following issues:
- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3115-1
Released: Thu Sep 16 14:04:26 2021
Summary: Recommended update for mozilla-nspr, mozilla-nss
Type: recommended
Severity: moderate
References: 1029961,1174697,1176206,1176934,1179382,1188891,CVE-2020-12400,CVE-2020-12401,CVE-2020-12403,CVE-2020-25648,CVE-2020-6829
This update for mozilla-nspr fixes the following issues:
mozilla-nspr was updated to version 4.32:
* implement new socket option PR_SockOpt_DontFrag
* support larger DNS records by increasing the default buffer
size for DNS queries
* Lock access to PRCallOnceType members in PR_CallOnce* for
thread safety bmo#1686138
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
information about the operating system build version.
Mozilla NSS was updated to version 3.68:
* bmo#1713562 - Fix test leak.
* bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
* bmo#1693206 - Implement PKCS8 export of ECDSA keys.
* bmo#1712883 - DTLS 1.3 draft-43.
* bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
* bmo#1713562 - Validate ECH public names.
* bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
update to NSS 3.67
* bmo#1683710 - Add a means to disable ALPN.
* bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
* bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
* bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
* bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
update to NSS 3.66
* bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
* bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
* bmo#1708307 - Remove Trustis FPS Root CA from NSS.
* bmo#1707097 - Add Certum Trusted Root CA to NSS.
* bmo#1707097 - Add Certum EC-384 CA to NSS.
* bmo#1703942 - Add ANF Secure Server Root CA to NSS.
* bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
* bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
* bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
* bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
* bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
* bmo#1709291 - Add VerifyCodeSigningCertificateChain.
update to NSS 3.65
* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
update to NSS 3.64
* bmo#1705286 - Properly detect mips64.
* bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
disable_crypto_vsx.
* bmo#1698320 - replace __builtin_cpu_supports('vsx') with
ppc_crypto_support() for clang.
* bmo#1613235 - Add POWER ChaCha20 stream cipher vector
acceleration.
Fixed in 3.63
* bmo#1697380 - Make a clang-format run on top of helpful contributions.
* bmo#1683520 - ECCKiila P384, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
scalar multiplication.
* bmo#1683520 - ECCKiila P521, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
scalar multiplication.
* bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
* bmo#1694214 - tstclnt can't enable middlebox compat mode.
* bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
profiles.
* bmo#1685880 - Minor fix to prevent unused variable on early return.
* bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
with nss build.
* bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
of root CA changes, CA list version 2.48.
* bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
'Chambers of Commerce' and 'Global Chambersign' roots.
* bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
* bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
* bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
* bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
from NSS.
* bmo#1687822 - Turn off Websites trust bit for the âStaat der
Nederlanden Root CA - G3â root cert in NSS.
* bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
Root - 2008' and 'Global Chambersign Root - 2008â.
* bmo#1694291 - Tracing fixes for ECH.
update to NSS 3.62
* bmo#1688374 - Fix parallel build NSS-3.61 with make
* bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
can corrupt 'cachedCertTable'
* bmo#1690583 - Fix CH padding extension size calculation
* bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
* bmo#1690421 - Install packaged libabigail in docker-builds image
* bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
* bmo#1674819 - Fixup a51fae403328, enum type may be signed
* bmo#1681585 - Add ECH support to selfserv
* bmo#1681585 - Update ECH to Draft-09
* bmo#1678398 - Add Export/Import functions for HPKE context
* bmo#1678398 - Update HPKE to draft-07
update to NSS 3.61
* bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
values under certain conditions.
* bmo#1684300 - Fix default PBE iteration count when NSS is compiled
with NSS_DISABLE_DBM.
* bmo#1651411 - Improve constant-timeness in RSA operations.
* bmo#1677207 - Upgrade Google Test version to latest release.
* bmo#1654332 - Add aarch64-make target to nss-try.
Update to NSS 3.60.1:
Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
for more information.
Update to NSS 3.59.1:
* bmo#1679290 - Fix potential deadlock with certain third-party
PKCS11 modules
Update to NSS 3.59:
Notable changes:
* Exported two existing functions from libnss:
CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
Bugfixes
* bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
* bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
* bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
root certs when SHA1 signatures are disabled.
* bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
solve some test intermittents
* bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
our CVE-2020-25648 fix that broke purple-discord
(boo#1179382)
* bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
* bmo#1667989 - Fix gyp linking on Solaris
* bmo#1668123 - Export CERT_AddCertToListHeadWithData and
CERT_AddCertToListTailWithData from libnss
* bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* bmo#1663091 - Remove unnecessary assertions in the streaming
ASN.1 decoder that affected decoding certain PKCS8
private keys when using NSS debug builds
* bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
update to NSS 3.58
Bugs fixed:
* bmo#1641480 (CVE-2020-25648)
Tighten CCS handling for middlebox compatibility mode.
* bmo#1631890 - Add support for Hybrid Public Key Encryption
(draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
(draft-ietf-tls-esni).
* bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
extensions.
* bmo#1668328 - Handle spaces in the Python path name when using
gyp on Windows.
* bmo#1667153 - Add PK11_ImportDataKey for data object import.
* bmo#1665715 - Pass the embedded SCT list extension (if present)
to TrustDomain::CheckRevocation instead of the notBefore value.
update to NSS 3.57
* The following CA certificates were Added:
bmo#1663049 - CN=Trustwave Global Certification Authority
SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
* The following CA certificates were Removed:
bmo#1651211 - CN=EE Certification Centre Root CA
SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
bmo#1656077 - O=Government Root Certification Authority; C=TW
SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
* Trust settings for the following CA certificates were Modified:
bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
Websites (server authentication) trust bit removed.
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
update to NSS 3.56
Notable changes
* bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
* bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
* bmo#1654142 - Add CPU feature detection for Intel SHA extension.
* bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
* bmo#1656986 - Properly detect arm64 during GYP build architecture
detection.
* bmo#1652729 - Add build flag to disable RC2 and relocate to
lib/freebl/deprecated.
* bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
* bmo#1588941 - Send empty certificate message when scheme selection
fails.
* bmo#1652032 - Fix failure to build in Windows arm64 makefile
cross-compilation.
* bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
* bmo#1653975 - Fix 3.53 regression by setting 'all' as the default
makefile target.
* bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
* bmo#1659814 - Fix interop.sh failures with newer tls-interop
commit and dependencies.
* bmo#1656519 - NSPR dependency updated to 4.28
update to NSS 3.55
Notable changes
* P384 and P521 elliptic curve implementations are replaced with
verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
can be queried with a DER-Encoded certificate, providing performance
and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
Relevant Bugfixes
* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
ChaCha20 (which was not functioning correctly) and more strictly
enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
RSA_CheckSignRecover.
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
signature_algorithms extension.
update to NSS 3.54
Notable changes
* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
(bmo#1528113)
* The following CA certificates were Added:
bmo#1645186 - certSIGN Root CA G2.
bmo#1645174 - e-Szigno Root CA 2017.
bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
bmo#1645199 - AddTrust Class 1 CA Root.
bmo#1645199 - AddTrust External CA Root.
bmo#1641718 - LuxTrust Global Root 2.
bmo#1639987 - Staat der Nederlanden Root CA - G2.
bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
* A number of certificates had their Email trust bit disabled.
See bmo#1618402 for a complete list.
Bugs fixed
* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add 'certSIGN Root CA G2' root certificate.
* bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for 'O=Government
Root Certification Authority; C=TW' root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate.
* bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root
certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3182-1
Released: Tue Sep 21 17:04:26 2021
Summary: Recommended update for file
Type: recommended
Severity: moderate
References: 1189996
This update for file fixes the following issues:
- Fixes exception thrown by memory allocation problem (bsc#1189996)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3297-1
Released: Wed Oct 6 16:53:29 2021
Summary: Security update for curl
Type: security
Severity: moderate
References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947
This update for curl fixes the following issues:
- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3348-1
Released: Tue Oct 12 13:08:06 2021
Summary: Security update for systemd
Type: security
Severity: moderate
References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910
This update for systemd fixes the following issues:
- CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063).
- logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018).
- Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353).
- Rules weren't applied to dm devices (multipath) (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234).
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291).
- Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3385-1
Released: Tue Oct 12 15:54:31 2021
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:
- CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911)
- CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3454-1
Released: Mon Oct 18 09:29:26 2021
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1189929,CVE-2021-37750
This update for krb5 fixes the following issues:
- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3480-1
Released: Wed Oct 20 11:24:10 2021
Summary: Recommended update for yast2-network
Type: recommended
Severity: moderate
References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:
- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released: Wed Oct 20 16:31:55 2021
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1190793,CVE-2021-39537
This update for ncurses fixes the following issues:
- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released: Wed Oct 20 16:48:46 2021
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1190052
This update for pam fixes the following issues:
- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released: Tue Oct 26 11:22:15 2021
Summary: Recommended update for pam
Type: recommended
Severity: important
References: 1191987
This update for pam fixes the following issues:
- Fixed a bad directive file which resulted in
the 'securetty' file to be installed as 'macros.pam'.
(bsc#1191987)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3523-1
Released: Tue Oct 26 15:40:13 2021
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1122417,1125886,1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:
Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2:
- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921).
- agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
- mount: Fix 'mount' output for net file systems (bsc#1122417).
- ipcs: Avoid overflows (bsc#1178236)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3529-1
Released: Wed Oct 27 09:23:32 2021
Summary: Security update for pcre
Type: security
Severity: moderate
References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3781-1
Released: Tue Nov 23 23:48:43 2021
Summary: This update for libzypp, zypper and libsolv fixes the following issues:
Type: recommended
Severity: moderate
References: 1153687,1182372,1183268,1183589,1184326,1184399,1184997,1185325,1186447,1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190356,1190465,1190712,1190815,1191286,1191324,1191370,1191609,1192337,1192436
This update for zypper fixes the following issues:
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Let a patch's reboot-needed flag overrule included packages. (bsc#1183268)
- Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687)
- Protect against strict/relaxed user umask via sudo. (bsc#1183589)
- xml summary: Add solvables repository alias. (bsc#1182372)
- Allow trusted repos to add additional signing keys. (bsc#1184326)
- MediaCurl: Fix logging of redirects.
- Let negative values wait forever for the zypp lock. (bsc#1184399)
- Fix 'purge-kernels' is broken in Leap 15.3. (bsc#1185325)
- Fix service detection with cgroupv2. (bsc#1184997)
- Add hints to 'trust GPG key' prompt.
- Enhance XML output of repo GPG options
- Add optional attributes showing the raw values actually present in the '.repo' file.
- Link all executables with -pie (bsc#1186447)
- Ship an empty '/etc/zypp/needreboot' per default. (jsc#PM-2645)
- Fix solver jobs for PTFs. (bsc#1186503)
- choice rules: treat orphaned packages as newest. (bc#1190465)
- Add need reboot/restart hint to XML install summary. (bsc#1188435)
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix obs:// platform guessing for Leap. (bsc#1187425)
- Fix purge-kernels fails. (bsc#1187738)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Prompt: choose exact match if prompt options are not prefix free. (bsc#1188156)
- Do not check of signatures and keys two times(redundant). (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved. (bsc#1187760)
- Show key fpr from signature when signature check fails. (bsc#1187224)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Fix crashes in logging code when shutting down. (bsc#1189031)
- Manpage: Improve description about patch updates. (bsc#1187466)
- Avoid calling 'su' to detect a too restrictive sudo user umask. (bsc#1186602)
- Consolidate reboot-recommendations across tools and stop using /etc/zypp/needreboot (jsc#-SLE-18858)
- Disable logger in the child after fork (bsc#1192436)
- Check log writer before accessing it (bsc#1192337)
- Allow uname-r format in purge kernels keepspec
- zypper should keep cached files if transaction is aborted (bsc#1190356)
- Require a minimum number of mirrors for multicurl (bsc#1191609)
- Use procfs to detect nr of open fd's if rlimit is too high (bsc#1191324)
- Fix translations (bsc#1191370)
- RepoManager: Don't probe for plaindir repo if URL schema is plugin (bsc#1191286)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3799-1
Released: Wed Nov 24 18:07:54 2021
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1187153,1187273,1188623
This update for gcc11 fixes the following issues:
The additional GNU compiler collection GCC 11 is provided:
To select these compilers install the packages:
- gcc11
- gcc-c++11
- and others with 11 prefix.
to select them for building:
- CC='gcc-11'
- CXX='g++-11'
The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3809-1
Released: Fri Nov 26 00:31:59 2021
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1189803,1190325,1190440,1190984,1191252,1192161
This update for systemd fixes the following issues:
- Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103)
- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)
- shutdown: Reduce log level of unmounts (bsc#1191252)
- pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803)
- core: rework how we connect to the bus (bsc#1190325)
- mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
- virt: detect Amazon EC2 Nitro instance (bsc#1190440)
- Several fixes for umount
- busctl: use usec granularity for the timestamp printed by the busctl monitor command
- fix unitialized fields in MountPoint in dm_list_get()
- shutdown: explicitly set a log target
- mount-util: add mount_option_mangle()
- dissect: automatically mark partitions read-only that have a read-only file system
- build-sys: require proper libmount version
- systemd-shutdown: use log_set_prohibit_ipc(true)
- rationalize interface for opening/closing logging
- pid1: when we can't log to journal, remember our fallback log target
- log: remove LOG_TARGET_SAFE pseudo log target
- log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console()
- log: add new 'prohibit_ipc' flag to logging system
- log: make log_set_upgrade_syslog_to_journal() take effect immediately
- dbus: split up bus_done() into seperate functions
- machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
- virt: if we detect Xen by DMI, trust that over CPUID
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3830-1
Released: Wed Dec 1 13:45:46 2021
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1027496,1183085,CVE-2016-10228
This update for glibc fixes the following issues:
- libio: do not attempt to free wide buffers of legacy streams (bsc#1183085)
- CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3891-1
Released: Fri Dec 3 10:21:49 2021
Summary: Recommended update for keyutils
Type: recommended
Severity: moderate
References: 1029961,1113013,1187654
This update for keyutils fixes the following issues:
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
keyutils was updated to 1.6.3 (jsc#SLE-20016):
* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow 'keyctl supports' to retrieve raw capability data.
* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
* Allow 'keyctl new_session' to name the keyring.
* Allow 'keyctl add/padd/etc.' to take hex-encoded data.
* Add 'keyctl watch*' to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes.
Updated to 1.6:
* Apply various specfile cleanups from Fedora.
* request-key: Provide a command line option to suppress helper execution.
* request-key: Find least-wildcard match rather than first match.
* Remove the dependency on MIT Kerberos.
* Fix some error messages
* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
* Fix doc and comment typos.
* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
* Add pkg-config support for finding libkeyutils.
* upstream isn't offering PGP signatures for the source tarballs anymore
Updated to 1.5.11 (bsc#1113013)
* Add keyring restriction support.
* Add KDF support to the Diffie-Helman function.
* DNS: Add support for AFS config files and SRV records
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3899-1
Released: Fri Dec 3 11:27:41 2021
Summary: Security update for aaa_base
Type: security
Severity: moderate
References: 1162581,1174504,1191563,1192248
This update for aaa_base fixes the following issues:
- Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504).
- Add $HOME/.local/bin to PATH, if it exists (bsc#1192248).
- Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563).
- Support xz compressed kernel (bsc#1162581)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3930-1
Released: Mon Dec 6 11:16:10 2021
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1192790
This update for curl fixes the following issues:
- Fix sftp via proxy failure in curl, by preventing libssh from creating socket (bsc#1192790)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3934-1
Released: Mon Dec 6 13:22:27 2021
Summary: Security update for mozilla-nss
Type: security
Severity: important
References: 1193170,CVE-2021-43527
This update for mozilla-nss fixes the following issues:
Update to version 3.68.1:
- CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3946-1
Released: Mon Dec 6 14:57:42 2021
Summary: Security update for gmp
Type: security
Severity: moderate
References: 1192717,CVE-2021-43618
This update for gmp fixes the following issues:
- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4015-1
Released: Mon Dec 13 17:16:00 2021
Summary: Security update for python3
Type: security
Severity: moderate
References: 1180125,1183374,1183858,1185588,1187338,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737
This update for python3 fixes the following issues:
- CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241)
- CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287)
- CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374)
- Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4017-1
Released: Tue Dec 14 07:26:55 2021
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1180995
This update for openssl-1_1 fixes the following issues:
- Add RFC3526 and RFC7919 groups to 'openssl genpkey' so that it can output FIPS-appropriate parameters
consistently with our other codestreams (bsc#1180995)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4139-1
Released: Tue Dec 21 17:02:44 2021
Summary: Recommended update for systemd
Type: recommended
Severity: critical
References: 1193481,1193521
This update for systemd fixes the following issues:
- Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481)
sleep-config: partitions can't be deleted, only files can
shared/sleep-config: exclude zram devices from hibernation candidates
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4154-1
Released: Wed Dec 22 11:02:38 2021
Summary: Security update for p11-kit
Type: security
Severity: important
References: 1180064,1187993,CVE-2020-29361
This update for p11-kit fixes the following issues:
- CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064)
- Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4182-1
Released: Thu Dec 23 11:51:51 2021
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1192688
This update for zlib fixes the following issues:
- Fix hardware compression incorrect result on z15 hardware (bsc#1192688)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4-1
Released: Mon Jan 3 08:28:54 2022
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1193480
This update for libgcrypt fixes the following issues:
- Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:57-1
Released: Wed Jan 12 07:10:42 2022
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1193488,954813
This update for libzypp fixes the following issues:
- Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488)
- Fix wrong encoding of URI compontents of ISO images (bsc#954813)
- When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible
- Introduce zypp-curl as a sublibrary for CURL related code
- zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set
- Save all signatures associated with a public key in its PublicKeyData
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:72-1
Released: Thu Jan 13 16:13:36 2022
Summary: Recommended update for mozilla-nss and MozillaFirefox
Type: recommended
Severity: important
References: 1193845
This update for mozilla-nss and MozillaFirefox fix the following issues:
mozilla-nss:
- Update from version 3.68.1 to 3.68.2 (bsc#1193845)
- Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol
implementation
MozillaFirefox:
- Firefox Extended Support Release 91.4.1 ESR (bsc#1193845)
- Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol
implementation to fix frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
error messages when trying to connect to various microsoft.com domains
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:178-1
Released: Tue Jan 25 14:16:23 2022
Summary: Security update for expat
Type: security
Severity: important
References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827
This update for expat fixes the following issues:
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.52.1 updated
- bash-4.4-9.14.1 updated
- cpio-2.12-3.9.1 updated
- file-magic-5.32-7.14.1 updated
- filesystem-15.0-11.3.2 updated
- glibc-2.26-13.62.1 updated
- gpg2-2.2.5-4.19.8 updated
- krb5-client-1.16.3-3.24.1 updated
- krb5-1.16.3-3.24.1 updated
- libaugeas0-1.10.1-3.3.1 updated
- libblkid1-2.33.2-4.16.1 updated
- libbz2-1-1.0.6-5.11.1 updated
- libcap2-2.26-4.6.1 updated
- libcom_err2-1.43.8-4.26.1 updated
- libcurl4-7.60.0-28.1 updated
- libexpat1-2.2.5-3.9.1 updated
- libfdisk1-2.33.2-4.16.1 updated
- libfreebl3-3.68.2-3.64.2 updated
- libgcc_s1-11.2.1+git610-1.3.9 updated
- libgcrypt20-1.8.2-8.42.1 updated
- libglib-2_0-0-2.54.3-4.24.1 updated
- libgmp10-6.1.2-4.9.1 updated
- libgnutls30-3.6.7-6.40.2 updated
- libhogweed4-3.4.1-4.18.1 updated
- libidn2-0-2.2.0-3.6.1 updated
- libkeyutils1-1.6.3-5.6.1 updated
- libldap-2_4-2-2.4.46-9.58.1 updated
- libldap-data-2.4.46-9.58.1 updated
- liblua5_3-5-5.3.6-3.6.1 updated
- liblz4-1-1.8.0-3.8.1 updated
- libmagic1-5.32-7.14.1 updated
- libmount1-2.33.2-4.16.1 updated
- libncurses6-6.1-5.9.1 updated
- libnettle6-3.4.1-4.18.1 updated
- libnghttp2-14-1.40.0-3.11.1 updated
- libopenssl1_1-1.1.0i-14.24.3 updated
- libp11-kit0-0.23.2-4.13.1 updated
- libpcre1-8.45-20.10.1 updated
- libprocps7-3.3.15-7.19.1 updated
- libprotobuf-lite15-3.5.0-5.2.1 added
- libpython3_6m1_0-3.6.15-3.91.3 updated
- libreadline7-7.0-9.14.1 updated
- libselinux1-2.8-8.3.1 updated
- libsigc-2_0-0-2.10.0-3.7.1 updated
- libsmartcols1-2.33.2-4.16.1 updated
- libsoftokn3-3.68.2-3.64.2 updated
- libsolv-tools-0.7.20-4.3.1 updated
- libsqlite3-0-3.36.0-3.12.1 updated
- libstdc++6-11.2.1+git610-1.3.9 updated
- libsystemd0-234-24.102.1 updated
- libudev1-234-24.102.1 updated
- libuuid1-2.33.2-4.16.1 updated
- libxml2-2-2.9.7-3.37.1 updated
- libz1-1.2.11-3.24.1 updated
- libzstd1-1.4.4-1.6.1 updated
- libzypp-17.29.0-3.64.1 updated
- mozilla-nspr-4.32-3.20.1 updated
- mozilla-nss-certs-3.68.2-3.64.2 updated
- mozilla-nss-tools-3.68.2-3.64.2 updated
- mozilla-nss-3.68.2-3.64.2 updated
- ncurses-utils-6.1-5.9.1 updated
- netcfg-11.6-3.3.1 updated
- pam-1.3.0-6.50.1 updated
- procps-3.3.15-7.19.1 updated
- python3-base-3.6.15-3.91.3 updated
- python3-distro-1.5.0-3.5.1 updated
- python3-pyasn1-0.4.2-3.2.1 updated
- python3-six-1.14.0-7.3.1 updated
- python3-3.6.15-3.91.4 updated
- sed-4.4-4.3.1 updated
- sles-release-15.1-66.1 added
- terminfo-base-6.1-5.9.1 updated
- timezone-2021e-75.4.1 updated
- util-linux-2.33.2-4.16.1 updated
- zypper-1.14.50-3.46.1 updated
- container:sles15-image-15.0.0-6.2.559 updated
- ca-certificates-2+git20170807.10b2785-7.3.3 removed
- ca-certificates-mozilla-2.44-4.29.1 removed
- openssl-1.1.0i-3.3.1 removed
- openssl-1_1-1.1.0i-14.12.1 removed
- p11-kit-0.23.2-4.8.3 removed
- p11-kit-tools-0.23.2-4.8.3 removed
- python-rpm-macros-20200207.5feb6c1-3.11.1 removed
More information about the sle-security-updates
mailing list