SUSE-CU-2023:1283-1: Security update of rancher/elemental-operator/5.3

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Apr 27 07:02:30 UTC 2023


SUSE Container Update Advisory: rancher/elemental-operator/5.3
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:1283-1
Container Tags        : rancher/elemental-operator/5.3:1.2.2 , rancher/elemental-operator/5.3:1.2.2-3.2.5 , rancher/elemental-operator/5.3:latest
Container Release     : 3.2.5
Severity              : critical
Type                  : security
References            : 1119687 1130325 1130326 1141883 1150137 1157818 1158812 1158958
                        1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438
                        1160439 1164719 1172091 1172115 1172234 1172236 1172240 1173641
                        1175622 1179584 1188882 1189683 1189802 1195773 1196125 1196205
                        1200581 1201225 1201590 1201783 1203274 1204357 1204867 1206337
                        1206579 928700 928701 944832 CVE-2015-3414 CVE-2015-3415 CVE-2018-20346
                        CVE-2019-16168 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645
                        CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925
                        CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-9936 CVE-2019-9937
                        CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632
                        CVE-2020-15358 CVE-2020-9327 CVE-2021-36690 CVE-2022-34903 CVE-2022-3515
                        CVE-2022-35737 CVE-2022-46908 CVE-2022-47629 
-----------------------------------------------------------------

The container rancher/elemental-operator/5.3 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:788-1
Released:    Thu Mar 28 11:55:06 2019
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1119687,CVE-2018-20346
This update for sqlite3 to version 3.27.2 fixes the following issue:

Security issue fixed: 

- CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687).

Release notes: https://www.sqlite.org/releaselog/3_27_2.html

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1127-1
Released:    Thu May  2 09:39:24 2019
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1130325,1130326,CVE-2019-9936,CVE-2019-9937
This update for sqlite3 to version 3.28.0 fixes the following issues:

Security issues fixed:

- CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix
  queries inside transaction (bsc#1130326).
- CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in
  a single transaction with an fts5 virtual table (bsc#1130325).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2218-1
Released:    Mon Aug 26 11:29:57 2019
Summary:     Recommended update for pinentry
Type:        recommended
Severity:    moderate
References:  1141883
This update for pinentry fixes the following issues:

- Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2533-1
Released:    Thu Oct  3 15:02:50 2019
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1150137,CVE-2019-16168
This update for sqlite3 fixes the following issues:

Security issue fixed:

- CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2320-1
Released:    Wed Jul 14 17:01:06 2021
Summary:     Security update for sqlite3
Type:        security
Severity:    important
References:  1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327
This update for sqlite3 fixes the following issues:

- Update to version 3.36.0
- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener
  optimization (bsc#1173641)
- CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in
  isAuxiliaryVtabOperator (bsc#1164719)
- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
- CVE-2019-19923: improper handling  of  certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer
  dereference (bsc#1160309)
- CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
- CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
- CVE-2019-19926: improper handling  of certain errors during parsing  multiSelect in select.c (bsc#1159715)
- CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference
  (bsc#1159491)
- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with
  a shadow table name (bsc#1158960)
- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated
  columns (bsc#1158959)
- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views
  in conjunction with ALTER TABLE statements (bsc#1158958)
- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column,
  which allows attackers to cause a denial of service (bsc#1158812)
- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a
  sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3001-1
Released:    Thu Sep  9 15:08:13 2021
Summary:     Recommended update for netcfg
Type:        recommended
Severity:    moderate
References:  1189683
This update for netcfg fixes the following issues:

- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released:    Mon Jul 25 14:43:22 2022
Summary:     Security update for gpg2
Type:        security
Severity:    important
References:  1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:

- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released:    Mon Sep 19 11:43:25 2022
Summary:     Recommended update for libassuan
Type:        recommended
Severity:    moderate
References:  
This update for libassuan fixes the following issues:

- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released:    Mon Sep 19 13:26:51 2022
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:

- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
  
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3683-1
Released:    Fri Oct 21 11:48:39 2022
Summary:     Security update for libksba
Type:        security
Severity:    critical
References:  1204357,CVE-2022-3515
This update for libksba fixes the following issues:

  - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4062-1
Released:    Fri Nov 18 09:05:07 2022
Summary:     Recommended update for libusb-1_0
Type:        recommended
Severity:    moderate
References:  1201590
This update for libusb-1_0 fixes the following issues:

- Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590)

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:4601-1
Released:    Wed Dec 21 12:23:59 2022
Summary:     Feature update for GNOME 41
Type:        feature
Severity:    moderate
References:  1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832
This update for GNOME 41 fixes the following issues:

atkmm1_6:

- Version update from 2.28.1 to 2.28.3 (jsc#PED-2235):
  * Meson build: Avoid unnecessary configuration warnings
  * Meson build: Perl is not required by new versions of mm-common
  * Meson build: Require meson >= 0.55.0
  * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson.
  * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build
  * Support building with Visual Studio 2022

eog:

- Version update from 41.1 to 41.2 (jsc#PED-2235):
  * eog-window: use correct type for display_profile
  * Fix discovery of Evince for multi-page images

evince:

- Version update 41.3 to 41.4 (jsc#PED-2235):
  * shell: Fix failures when thumbnail extraction takes too long
  * Fix build with meson 0.60.0 and newer

evolution:
    
- Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235)
    
evolution-data-center:

- Version update from 3.42.4 to 3.42.5 (jsc#PED-2235):
  * Google OAuth out-of-band (oob) flow will be deprecated

folks:

- Version update 0.15.3 to 0.15.5 (jsc#PED-2235):
  * vapi: Add missing generic type argument
  * Fix docs build against newer eds version
  * Fix build against newer eds version
  * Remove volatile keyword from tests

gcr:

- Version update 3.41.0 to 3.41.1 (jsc#PED-2235):
  * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands
  * Add gi-docgen dependency which is needed by the docs
  * Fix build with meson 0.60.0 and newer
  * Fix build without systemd 
  * Several CI fixes

geocode-glib:

- Version update from 3.26.2 to 3.26.4 (jsc#PED-2235):
   * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port
   * Add support for libsoup 3.x

gjs:

- Version update from 1.70.1 to 1.70.2 (jsc#PED-2235):
  * Build and compatibility fixes backported from the development branch
  * Reverse order of running-from-source checks
- Require xorg-x11-Xvfb for proper package build (bsc#1203274)


glib2:

- Version update from 2.70.4 to 2.70.5 (jsc#PED-2235):
  * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555
  * Split gtk-docs from -devel package, these are not needed during building projects using glib2


gnome-control-center:

- Fix the size of logo icon in About system (bsc#1200581)
- Version update from 41.4 to 41.7 (jsc#PED-2235):
  * Cellular: Remove duplicate line from .desktop
  * Info: Allow changing 'Device Name' by pressing 'Enter'
  * Info: Remove trailing space after CPU name
  * Keyboard: Fix crash resetting all keyboard shortcuts
  * Keyboard: Fix leaks
  * Network: Fix saving passwords for non-wifi connections
  * Network: Fix critical when opening VPN details page
  * Wacom: Fix leaks

gnome-desktop:

- Version update from 41.2 to 41.8 (jsc#PED-2235):
  * Version increase but no actual changes

gnome-music:

- Version update from 41.0 to 41.1 (jsc#PED-2235):
  * Ensure the correct album is played
  * Fix build with meson 0.61.0 and newer
  * Fix crash on empty selection
  * Fix incorrect playlist import
  * Fix time displayed in RTL languages
  * Improve async queue work
  * Make random shuffle actually random
  * Make shuffle random
  * Speed increase on first startup on larger collections
  * Time is reversed in RTL

gnome-remote-desktop:

- Version update from 41.2 to 41.3 (jsc#PED-2235):
  * Add Icelandic translation

gnome-session:

- Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867)
- Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882)
  
gnome-shell:

- Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832)
- Version update from 41.4 to 41.9 (jsc#PED-2235):
  * Allow extension updates with only Extension Manager installed
  * Allow more intermediate icon sizes in app grid
  * Disable workspace switching while in search.
  * Do not create systemd scope for D-Bus activated apps
  * Fix calendar to correctly align world clocks header in RTL
  * Fix drag placeholder position in dash in RTL locales
  * Fix edge case where windows stay dimmed after a modal is closed
  * Fix feedback when turning on a11y features by keyboard
  * Fix focus tracking in magnifier on wayland
  * Fix fractional timezone offsets in world clock
  * Fix glitches in overview transition
  * Fix logging in with realmd
  * Fix memory leak
  * Fix opening device settings for enterprise WPA networks
  * Fix programatically set scrollview fade
  * Fix regression in ibus support
  * Fix unresponsive top bar in overview when in fullscreen
  * Handle monitor changes during startup animation
  * Hide overview after 'Show Details' from app context menu
  * Improve Belgian on-screen keyboard layout
  * Improve CSS shadow appearance
  * Make sure startup animation completes
  * Misc. bug fixes and cleanups
  * Only close messages via delete key if they can be closed
  * Respect IM hint for candidates list in on-screen keyboard
    
gnome-software:

- Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832)
- Version update from 41.4 to 41.5 (jsc#PED-2235):
  * Added several appstream-related fixed
  * Disable scroll-by-mouse-wheel on featured carousel
  * Ensure details page shows app provided on command line


gnome-terminal:

- Version update from 3.42.2 to 3.42.3 (jsc#PED-2235):
  * Fix build with meson 0.61.0 and newer
  * window: Use a normal menu for the popup menu

gnome-user-docs:

- Version update from 41.1 to 41.5 (jsc#PED-2235):
  * Added missing icon for network-wired-symbolic

gspell:

- Version update from 1.8.4 to 1.10.0 (jsc#PED-2235):
  * Build: distribute more files in tarballs
  * Documentation improvements

gtkmm3:

- Version update from 3.24.5 to 3.24.6 (jsc#PED-2235):
  * Build with Meson: MSVC build: Support Visual Studio 2022
  * Check if Perl is required for building documentation
  * Don't use deprecated python3.path() and execute (..., gui_app...)
  * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler
  * Object::_release_c_instance(): Unref orphan managed widgets
  * SizeGroup demo: Set active items in the combo boxs, so something is shown
  * Specify 'check' option in run_command()

gtk-vnc:

- Version update from 1.3.0 to 1.3.1 (jsc#PED-2235):
  * Add 'check' arg to meson run_command()
  * Fix invalid use of subprojects with meson
  * Support ZRLE encoding for zero size alpha cursors

gupnp-av:

- Version update from 0.12.11 to 0.14.1 (jsc#PED-2235):
  * Add utility function to format GDateTime to the iso variant DIDL expects
  * Allow to be used as a subproject
  * Drop autotools
  * Fix stripping @refID
  * Fix unsetting subtitleFileType
  * Make Feature derivable again
  * Obsolete code removal.
  * Port to modern GObject
  * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead.
  * Switch to meson build system, following upstream
- Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library
- Conflict with the wrongly provided libgupnp-av-1_0-2
  
gvfs:

- Version update from 1.48.1 to 1.48.2 (jsc#PED-2235):
  * sftp: Adapt on new OpenSSH password prompts
  * smb: Rework anonymous handling to avoid EINVAL
  * smb: Ignore EINVAL for kerberos/ccache login

libgsf:

- Version update from 1.14.48 to 1.14.50 (jsc#PED-2235):
  * Fix error handling problem when writing ole files
  * Fix problems with non-western text in OLE properties
  * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available

libmediaart:

- Version update from 1.9.5 to 1.9.6 (jsc#PED-2235):
  * build: Add introspection/vapi/tests options
  * build: Use library() to optionally build a static library

libnma:

- Version update from 1.8.32 to 1.8.40 (jsc#PED-2235):
  * Ad-Hoc networks now default to using WPA2 instead of WEP
  * Add possibility of building libnma-gtk4 library with Gtk4 support
  * Do not allow setting empty 802.1x domain for EAP TLS
  * Fixed keyboard accelerator for certificate chooser
  * Fixed libnma-gtk4 version of mobile-wizard
  * Include OWE wireless security option
  * The GtkBuilder files for Gtk4 are now included in the release tarball
  * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status
- New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel
- Split out documentation files in own docs sub-package

libnotify:

- Version update from 0.7.10 to 0.7.12 (jsc#PED-2235):
  * Delete unused notifynotification.xml
  * Fix potential build errors with old glib version we require
  * docs/notify-send: Add --transient option to manpage
  * notification: Bookend calling NotifyActionCallback with temporary reference
  * notification: Include sender-pid hint by default if not provided
  * notify-send: Add debug message about server not supporting persistence
  * notify-send: Add explicit option to create transient notifications
  * notify-send: Add support for boolean hints
  * notify-send: Move server capabilities check to a separate function
  * notify-send: Support passing any hint value, by parsing variant strings

libpeas:

- Version update from 1.30.0 to 1.32.0 (jsc#PED-2235):
  * Icon licenses have been corrected
  * Parallel build system operation fixes
  * Use gi-docgen for documentation
  * Various build warnings squashed
  * Various GIR data that should not have been exported was removed
- Stop packaging the demo files/sub-package

librsvg:

- Version update from 2.52.6 to 2.52.9 (jsc#PED-2235):
  * Catch circular references when rendering patterns
  * Fix regressions when computing element geometries
  * Fix regression outputting all text as paths

libsecret:

- Version update from 0.20.4 to 0.20.5 (jsc#PED-2235):
  * Add bash-completion for secret-tool
  * Add locking capabilities to secret tool
  * Add support for TPM2 based secret storage
  * Create default collection after DBus.Error.UnknownObject
  * Detect local storage in snaps in the same way as flatpaks
  * Drop autotools-based build
  * GI annotation and documentation fixes
  * Port documentation to gi-docgen
  * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask
  * secret-file-backend: Avoid closing the same file descriptor twice

mutter:

- Version update from 41.5 to 41.9 (jsc#PED-2235):
  * Fix '--replace option'
  * Fix missing root window properties after XWayland start
  * Fix night light without GAMMA_LUT property
  * KMS: Survive missing GAMMA_LUT property
  * wayland: Fix rotation transform
  * Misc. bug fixes

nautilus:

- Version update from 41.2 to 41.5(jsc#PED-2235):
  * Drag-and-drop bugfixes
  * HighContrast style fixes

orca:

- Version update from 41.1 to 41.3 (jsc#PED-2235):
  * Add more event-flood detection and handling for improved performance
  * Fix bug causing accessing preferences to fail for Esperanto
  * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over
  * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant)
  * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x

python-cairo:

- Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo

python-gobject:

- Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584)
  
- Version update from 3.42.0 to 3.42.2 (jsc#PED-2235):
  * Add a workaround for a PyPy 3.9+ bug when threads are used
  * Do not error out for unknown scopes
  * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases
  * Fix a crash/refcounting error in case marshaling a hash table fails
  * Fix crashes when marshaling zero terminated arrays for certain item types
  * Implement DynamicImporter.find_spec() to silence deprecation warning
  * Make the test suite pass again with PyPy
  * Some test/CI fixes
  * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4
  * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4
  * interface: Fix leak when overriding GInterfaceInfo
  * setup.py: look up pycairo headers without importing the module

trackers-python:

- Allow system calls used by gstreamer (bsc#1196205)
- Version update from 3.2.2 to 3.2.1 (jsc#PED-2235):
  * Backport seccomp rules for rseq and mbind syscalls

vala:

- Version update from 0.54.6 to 0.54.8 (jsc#PED-2235):
  * Add missing TraverseVisitor.visit_data_type()
  * Add support for 'copy_/free_function' metadata for compact classes
  * Catch and throw possible inner error of lock statements
  * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore
  * Don't count instance-parameter when checking for backwards closure reference
  * Fix a few binding errors
  * Free empty stack list for code contexts
  * Handle duplicated and unnamed symbols.
  * Improve UI parsing and handling of nested objects and properties
  * Make sure to drop our 'trap' jump target in case of an error
  * Move dynamic property errors to semantic analyzer pass
  * Require lvalue access of delegate target/destroy 'fields'
  * Show source location when reporting deprecations
  * Transform assignment of an array element as needed
  * manual: Update from wiki.gnome.org
  * parser: Improve handling of nullable VarType in with-statement
  * parser: Reduce the source reference of main block method to its beginning

xdg-desktop-portal-gnome:

- Version update from 0.54.6 to 0.54.8 (jsc#PED-2235):
  * Properly bind property in Lockdown portal

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4628-1
Released:    Wed Dec 28 09:23:13 2022
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1206337,CVE-2022-46908
This update for sqlite3 fixes the following issues:

- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, 
  when relying on --safe for execution of an untrusted CLI script (bsc#1206337).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:56-1
Released:    Mon Jan  9 11:13:43 2023
Summary:     Security update for libksba
Type:        security
Severity:    moderate
References:  1206579,CVE-2022-47629
This update for libksba fixes the following issues:

- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
  signature parser (bsc#1206579).


The following package changes have been done:

- libudev1-249.16-150400.8.25.7 added
- libusb-1_0-0-1.0.24-150400.3.3.1 added
- libsqlite3-0-3.39.3-150000.3.20.1 added
- libksba8-1.3.5-150000.4.6.1 added
- libassuan0-2.5.5-150000.4.3.1 added
- libnpth0-1.5-2.11 added
- libglib-2_0-0-2.70.5-150400.3.3.1 added
- pinentry-1.1.0-4.3.1 added
- gpg2-2.2.27-150300.3.5.1 added
- libgpgme11-1.16.0-150400.1.80 added
- netcfg-11.6-3.3.1 added
- libffi7-3.2.1.git259-10.8 added
- libp11-kit0-0.23.22-150400.1.10 added


More information about the sle-security-updates mailing list