SUSE-CU-2023:330-1: Security update of suse/manager/4.3/proxy-httpd

sle-security-updates at sle-security-updates at
Sat Feb 11 08:03:19 UTC 2023

SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd
Container Advisory ID : SUSE-CU-2023:330-1
Container Tags        : suse/manager/4.3/proxy-httpd:4.3.4 , suse/manager/4.3/proxy-httpd: , suse/manager/4.3/proxy-httpd:latest
Container Release     : 9.25.2
Severity              : important
Type                  : security
References            : 1172110 1172179 1175622 1177460 1179584 1179962 1186011 1187028
                        1188882 1191857 1191925 1194038 1194394 1195455 1195624 1195979
                        1196205 1196729 1197027 1198168 1198356 1198358 1198903 1198944
                        1199147 1199157 1199467 1199523 1199629 1199646 1199656 1199659
                        1199662 1199663 1199679 1199714 1199726 1199727 1199779 1199817
                        1199874 1199950 1199984 1199998 1200169 1200276 1200296 1200347
                        1200480 1200532 1200573 1200581 1200591 1200606 1200629 1200707
                        1200723 1200801 1201003 1201142 1201189 1201210 1201220 1201224
                        1201260 1201411 1201476 1201498 1201589 1201606 1201607 1201626
                        1201753 1201782 1201788 1201788 1201842 1201893 1201913 1201918
                        1202093 1202150 1202217 1202271 1202272 1202367 1202455 1202464
                        1202602 1202728 1202729 1202785 1202805 1202899 1203026 1203049
                        1203056 1203169 1203274 1203283 1203287 1203288 1203385 1203406
                        1203422 1203449 1203451 1203478 1203478 1203484 1203532 1203532
                        1203564 1203580 1203585 1203588 1203599 1203611 1203611 1203633
                        1203652 1203685 1203698 1203826 1203884 1204029 1204032 1204061
                        1204126 1204186 1204195 1204235 1204270 1204330 1204437 1204444
                        1204517 1204519 1204541 1204585 1204651 1204699 1204712 1204715
                        1204867 1204879 1204932 1204944 1205000 1205000 1205012 1205040
                        1205207 1205212 1205255 1205339 1205350 1205470 1205489 1205502
                        1205523 1205644 1205646 1205663 1205749 1205754 1205890 1205919
                        1205943 1205976 1206055 1206160 1206168 1206186 1206249 1206276
                        1206294 1206308 1206309 1206336 1206337 1206375 1206412 1206470
                        1206579 1206613 1206666 1206667 1206799 1207136 1207182 1207247
                        1207250 1207251 1207264 1207533 1207534 1207536 1207538 944832
                        CVE-2006-20001 CVE-2021-41411 CVE-2021-42740 CVE-2021-43138 CVE-2022-0860
                        CVE-2022-1415 CVE-2022-31129 CVE-2022-36760 CVE-2022-37436 CVE-2022-40897
                        CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-4415 CVE-2022-4415
                        CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286

The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:

Advisory ID: SUSE-RU-2022:2136-1
Released:    Mon Jun 20 13:45:31 2022
Summary:     Recommended update for SUSE Manager 4.3 Release Notes
Type:        recommended
Severity:    low
This update for SUSE Manager 4.3 Release Notes provides the following additions:  

Release notes for SUSE Manager:  

- Update to SUSE Manager
  * Workarounds for some known issues.

Release notes for SUSE Manager proxy:

- Update to SUSE Manager
  * Workaround for an upgrade issue of SUSE Manager Proxy 4.2 based on JeOS image to 4.3.

Advisory ID: SUSE-RU-2022:3182-1
Released:    Thu Sep  8 09:40:09 2022
Summary:     Recommended update for SUSE Manager 4.3.1 Release Notes
Type:        recommended
Severity:    moderate
References:  1172179,1179962,1186011,1187028,1191925,1194394,1195455,1198356,1198358,1198944,1199147,1199157,1199523,1199629,1199646,1199656,1199659,1199662,1199663,1199679,1199714,1199727,1199779,1199817,1199874,1199950,1199984,1199998,1200276,1200347,1200532,1200591,1200606,1200707,1201003,1201142,1201189,1201224,1201411,1201498,1201782,1201842
This update for SUSE Manager 4.3.1 Release Notes fixes the following issues:

Release notes for SUSE Manager:

- Update to SUSE Manager 4.3.1
  * GPG key handling in SUSE Manager
  * Disabling locally defined repositories
  * Bugs mentioned
    bsc#1172179, bsc#1179962, bsc#1186011, bsc#1187028, bsc#1191925,
    bsc#1194394, bsc#1195455, bsc#1198356, bsc#1198358, bsc#1198944,
    bsc#1199147, bsc#1199157, bsc#1199523, bsc#1199629, bsc#1199646,
    bsc#1199656, bsc#1199659, bsc#1199662, bsc#1199663, bsc#1199679,
    bsc#1199714, bsc#1199727, bsc#1199779, bsc#1199817, bsc#1199874,
    bsc#1199950, bsc#1199984, bsc#1199998, bsc#1200276, bsc#1200347,
    bsc#1200532, bsc#1200591, bsc#1200606, bsc#1200707, bsc#1201003,
    bsc#1201142, bsc#1201189, bsc#1201224, bsc#1201411, bsc#1201498,
    bsc#1201782, bsc#1201842

Release notes for SUSE Manager Proxy:

- Update to SUSE Manager 4.3.1                                                             
  * Bugs mentioned                                                                         
    bsc#1199659, bsc#1199679, bsc#1200591, bsc#1201003, bsc#1201142  

Advisory ID: SUSE-SU-2022:3761-1
Released:    Wed Oct 26 10:58:50 2022
Summary:     Security update for release-notes-susemanager, release-notes-susemanager-proxy
Type:        security
Severity:    moderate
References:  1191857,1195624,1196729,1197027,1198168,1198903,1199726,1200480,1200573,1200629,1201210,1201220,1201260,1201589,1201626,1201753,1201788,1201913,1201918,1202271,1202272,1202367,1202455,1202464,1202602,1202728,1202729,1202805,1202899,1203026,1203049,1203056,1203169,1203287,1203288,1203385,1203406,1203422,1203449,1203478,1203484,1203564,1203585,1203611,CVE-2021-41411,CVE-2021-42740,CVE-2021-43138,CVE-2022-0860,CVE-2022-31129
This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:

Release notes for SUSE Manager:

- Update to SUSE Manager 4.3.2
  * Containerized proxy and RBS are now fully supported
  * HTTP API is now fully supported
  * Ubuntu 22.04 is now supported as a client
  * Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support
  * pip support has been added for the Salt Bundle  
  * Prometheus exporter for Apache has been upgraded to 0.10.0
  * CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129
  * Bugs mentioned:
    bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168
    bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629
    bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753
    bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272
    bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728
    bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049
    bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385
    bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484
    bsc#1203564, bsc#1203585, bsc#1203611 

Release notes for SUSE Manager Proxy:

- Update to SUSE Manager 4.3.2
  * Containerized proxy and RBS are now fully supported
  * CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129
  * Bugs mentioned:
    bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788
    bsc#1203287, bsc#1203288, bsc#1203585 

Advisory ID: SUSE-RU-2022:4422-1
Released:    Tue Dec 13 08:26:22 2022
Summary:     Recommended update for SUSE Manager 4.3.3 Release Notes
Type:        recommended
Severity:    moderate
References:  1200169,1200296,1201476,1201606,1201607,1201788,1201893,1202093,1202217,1202785,1203283,1203451,1203532,1203580,1203588,1203599,1203611,1203633,1203685,1203698,1203884,1204029,1204061,1204195,1204437,1204444,1204517,1204519,1204541,1204651,1204699,1205212,1205339,1205470
This update for SUSE Manager 4.3.3 Release Notes provides the following additions:

Release Notes for SUSE Manager:
  - Revision 4.3.3
  - Bugs mentioned:
    bsc#1200169, bsc#1200296, bsc#1201476, bsc#1201606, bsc#1201607
    bsc#1201788, bsc#1201893, bsc#1202093, bsc#1202217, bsc#1202785
    bsc#1203283, bsc#1203451, bsc#1203532, bsc#1203580, bsc#1203588
    bsc#1203599, bsc#1203611, bsc#1203633, bsc#1203685, bsc#1203698
    bsc#1203884, bsc#1204029, bsc#1204061, bsc#1204195, bsc#1204437
    bsc#1204444, bsc#1204517, bsc#1204519, bsc#1204541, bsc#1204651
    bsc#1204699, bsc#1205212, bsc#1205339, bsc#1205470

Release Notes for SUSE Manager Proxy:
  - Revision 4.3.3
  - Bugs mentioned:
    bsc#1201893, bsc#1203283, bsc#1204517, bsc#1205212, bsc#1205339

Advisory ID: SUSE-SU-2022:4597-1
Released:    Wed Dec 21 10:13:11 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1206308,1206309,CVE-2022-43551,CVE-2022-43552
This update for curl fixes the following issues:

- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).

Advisory ID: SUSE-feature-2022:4601-1
Released:    Wed Dec 21 12:23:59 2022
Summary:     Feature update for GNOME 41
Type:        feature
Severity:    moderate
References:  1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832
This update for GNOME 41 fixes the following issues:


- Version update from 2.28.1 to 2.28.3 (jsc#PED-2235):
  * Meson build: Avoid unnecessary configuration warnings
  * Meson build: Perl is not required by new versions of mm-common
  * Meson build: Require meson >= 0.55.0
  * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson.
  * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in and
  * Support building with Visual Studio 2022


- Version update from 41.1 to 41.2 (jsc#PED-2235):
  * eog-window: use correct type for display_profile
  * Fix discovery of Evince for multi-page images


- Version update 41.3 to 41.4 (jsc#PED-2235):
  * shell: Fix failures when thumbnail extraction takes too long
  * Fix build with meson 0.60.0 and newer

- Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235)

- Version update from 3.42.4 to 3.42.5 (jsc#PED-2235):
  * Google OAuth out-of-band (oob) flow will be deprecated


- Version update 0.15.3 to 0.15.5 (jsc#PED-2235):
  * vapi: Add missing generic type argument
  * Fix docs build against newer eds version
  * Fix build against newer eds version
  * Remove volatile keyword from tests


- Version update 3.41.0 to 3.41.1 (jsc#PED-2235):
  * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands
  * Add gi-docgen dependency which is needed by the docs
  * Fix build with meson 0.60.0 and newer
  * Fix build without systemd 
  * Several CI fixes


- Version update from 3.26.2 to 3.26.4 (jsc#PED-2235):
   * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port
   * Add support for libsoup 3.x


- Version update from 1.70.1 to 1.70.2 (jsc#PED-2235):
  * Build and compatibility fixes backported from the development branch
  * Reverse order of running-from-source checks
- Require xorg-x11-Xvfb for proper package build (bsc#1203274)


- Version update from 2.70.4 to 2.70.5 (jsc#PED-2235):
  * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555
  * Split gtk-docs from -devel package, these are not needed during building projects using glib2


- Fix the size of logo icon in About system (bsc#1200581)
- Version update from 41.4 to 41.7 (jsc#PED-2235):
  * Cellular: Remove duplicate line from .desktop
  * Info: Allow changing 'Device Name' by pressing 'Enter'
  * Info: Remove trailing space after CPU name
  * Keyboard: Fix crash resetting all keyboard shortcuts
  * Keyboard: Fix leaks
  * Network: Fix saving passwords for non-wifi connections
  * Network: Fix critical when opening VPN details page
  * Wacom: Fix leaks


- Version update from 41.2 to 41.8 (jsc#PED-2235):
  * Version increase but no actual changes


- Version update from 41.0 to 41.1 (jsc#PED-2235):
  * Ensure the correct album is played
  * Fix build with meson 0.61.0 and newer
  * Fix crash on empty selection
  * Fix incorrect playlist import
  * Fix time displayed in RTL languages
  * Improve async queue work
  * Make random shuffle actually random
  * Make shuffle random
  * Speed increase on first startup on larger collections
  * Time is reversed in RTL


- Version update from 41.2 to 41.3 (jsc#PED-2235):
  * Add Icelandic translation


- Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867)
- Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882)

- Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832)
- Version update from 41.4 to 41.9 (jsc#PED-2235):
  * Allow extension updates with only Extension Manager installed
  * Allow more intermediate icon sizes in app grid
  * Disable workspace switching while in search.
  * Do not create systemd scope for D-Bus activated apps
  * Fix calendar to correctly align world clocks header in RTL
  * Fix drag placeholder position in dash in RTL locales
  * Fix edge case where windows stay dimmed after a modal is closed
  * Fix feedback when turning on a11y features by keyboard
  * Fix focus tracking in magnifier on wayland
  * Fix fractional timezone offsets in world clock
  * Fix glitches in overview transition
  * Fix logging in with realmd
  * Fix memory leak
  * Fix opening device settings for enterprise WPA networks
  * Fix programatically set scrollview fade
  * Fix regression in ibus support
  * Fix unresponsive top bar in overview when in fullscreen
  * Handle monitor changes during startup animation
  * Hide overview after 'Show Details' from app context menu
  * Improve Belgian on-screen keyboard layout
  * Improve CSS shadow appearance
  * Make sure startup animation completes
  * Misc. bug fixes and cleanups
  * Only close messages via delete key if they can be closed
  * Respect IM hint for candidates list in on-screen keyboard

- Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832)
- Version update from 41.4 to 41.5 (jsc#PED-2235):
  * Added several appstream-related fixed
  * Disable scroll-by-mouse-wheel on featured carousel
  * Ensure details page shows app provided on command line


- Version update from 3.42.2 to 3.42.3 (jsc#PED-2235):
  * Fix build with meson 0.61.0 and newer
  * window: Use a normal menu for the popup menu


- Version update from 41.1 to 41.5 (jsc#PED-2235):
  * Added missing icon for network-wired-symbolic


- Version update from 1.8.4 to 1.10.0 (jsc#PED-2235):
  * Build: distribute more files in tarballs
  * Documentation improvements


- Version update from 3.24.5 to 3.24.6 (jsc#PED-2235):
  * Build with Meson: MSVC build: Support Visual Studio 2022
  * Check if Perl is required for building documentation
  * Don't use deprecated python3.path() and execute (..., gui_app...)
  * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler
  * Object::_release_c_instance(): Unref orphan managed widgets
  * SizeGroup demo: Set active items in the combo boxs, so something is shown
  * Specify 'check' option in run_command()


- Version update from 1.3.0 to 1.3.1 (jsc#PED-2235):
  * Add 'check' arg to meson run_command()
  * Fix invalid use of subprojects with meson
  * Support ZRLE encoding for zero size alpha cursors


- Version update from 0.12.11 to 0.14.1 (jsc#PED-2235):
  * Add utility function to format GDateTime to the iso variant DIDL expects
  * Allow to be used as a subproject
  * Drop autotools
  * Fix stripping @refID
  * Fix unsetting subtitleFileType
  * Make Feature derivable again
  * Obsolete code removal.
  * Port to modern GObject
  * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead.
  * Switch to meson build system, following upstream
- Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library
- Conflict with the wrongly provided libgupnp-av-1_0-2

- Version update from 1.48.1 to 1.48.2 (jsc#PED-2235):
  * sftp: Adapt on new OpenSSH password prompts
  * smb: Rework anonymous handling to avoid EINVAL
  * smb: Ignore EINVAL for kerberos/ccache login


- Version update from 1.14.48 to 1.14.50 (jsc#PED-2235):
  * Fix error handling problem when writing ole files
  * Fix problems with non-western text in OLE properties
  * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available


- Version update from 1.9.5 to 1.9.6 (jsc#PED-2235):
  * build: Add introspection/vapi/tests options
  * build: Use library() to optionally build a static library


- Version update from 1.8.32 to 1.8.40 (jsc#PED-2235):
  * Ad-Hoc networks now default to using WPA2 instead of WEP
  * Add possibility of building libnma-gtk4 library with Gtk4 support
  * Do not allow setting empty 802.1x domain for EAP TLS
  * Fixed keyboard accelerator for certificate chooser
  * Fixed libnma-gtk4 version of mobile-wizard
  * Include OWE wireless security option
  * The GtkBuilder files for Gtk4 are now included in the release tarball
  * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status
- New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel
- Split out documentation files in own docs sub-package


- Version update from 0.7.10 to 0.7.12 (jsc#PED-2235):
  * Delete unused notifynotification.xml
  * Fix potential build errors with old glib version we require
  * docs/notify-send: Add --transient option to manpage
  * notification: Bookend calling NotifyActionCallback with temporary reference
  * notification: Include sender-pid hint by default if not provided
  * notify-send: Add debug message about server not supporting persistence
  * notify-send: Add explicit option to create transient notifications
  * notify-send: Add support for boolean hints
  * notify-send: Move server capabilities check to a separate function
  * notify-send: Support passing any hint value, by parsing variant strings


- Version update from 1.30.0 to 1.32.0 (jsc#PED-2235):
  * Icon licenses have been corrected
  * Parallel build system operation fixes
  * Use gi-docgen for documentation
  * Various build warnings squashed
  * Various GIR data that should not have been exported was removed
- Stop packaging the demo files/sub-package


- Version update from 2.52.6 to 2.52.9 (jsc#PED-2235):
  * Catch circular references when rendering patterns
  * Fix regressions when computing element geometries
  * Fix regression outputting all text as paths


- Version update from 0.20.4 to 0.20.5 (jsc#PED-2235):
  * Add bash-completion for secret-tool
  * Add locking capabilities to secret tool
  * Add support for TPM2 based secret storage
  * Create default collection after DBus.Error.UnknownObject
  * Detect local storage in snaps in the same way as flatpaks
  * Drop autotools-based build
  * GI annotation and documentation fixes
  * Port documentation to gi-docgen
  * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask
  * secret-file-backend: Avoid closing the same file descriptor twice


- Version update from 41.5 to 41.9 (jsc#PED-2235):
  * Fix '--replace option'
  * Fix missing root window properties after XWayland start
  * Fix night light without GAMMA_LUT property
  * KMS: Survive missing GAMMA_LUT property
  * wayland: Fix rotation transform
  * Misc. bug fixes


- Version update from 41.2 to 41.5(jsc#PED-2235):
  * Drag-and-drop bugfixes
  * HighContrast style fixes


- Version update from 41.1 to 41.3 (jsc#PED-2235):
  * Add more event-flood detection and handling for improved performance
  * Fix bug causing accessing preferences to fail for Esperanto
  * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over
  * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant)
  * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x


- Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo


- Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584)
- Version update from 3.42.0 to 3.42.2 (jsc#PED-2235):
  * Add a workaround for a PyPy 3.9+ bug when threads are used
  * Do not error out for unknown scopes
  * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases
  * Fix a crash/refcounting error in case marshaling a hash table fails
  * Fix crashes when marshaling zero terminated arrays for certain item types
  * Implement DynamicImporter.find_spec() to silence deprecation warning
  * Make the test suite pass again with PyPy
  * Some test/CI fixes
  * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4
  * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4
  * interface: Fix leak when overriding GInterfaceInfo
  * look up pycairo headers without importing the module


- Allow system calls used by gstreamer (bsc#1196205)
- Version update from 3.2.2 to 3.2.1 (jsc#PED-2235):
  * Backport seccomp rules for rseq and mbind syscalls


- Version update from 0.54.6 to 0.54.8 (jsc#PED-2235):
  * Add missing TraverseVisitor.visit_data_type()
  * Add support for 'copy_/free_function' metadata for compact classes
  * Catch and throw possible inner error of lock statements
  * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore
  * Don't count instance-parameter when checking for backwards closure reference
  * Fix a few binding errors
  * Free empty stack list for code contexts
  * Handle duplicated and unnamed symbols.
  * Improve UI parsing and handling of nested objects and properties
  * Make sure to drop our 'trap' jump target in case of an error
  * Move dynamic property errors to semantic analyzer pass
  * Require lvalue access of delegate target/destroy 'fields'
  * Show source location when reporting deprecations
  * Transform assignment of an array element as needed
  * manual: Update from
  * parser: Improve handling of nullable VarType in with-statement
  * parser: Reduce the source reference of main block method to its beginning


- Version update from 0.54.6 to 0.54.8 (jsc#PED-2235):
  * Properly bind property in Lockdown portal

Advisory ID: SUSE-SU-2022:4628-1
Released:    Wed Dec 28 09:23:13 2022
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1206337,CVE-2022-46908
This update for sqlite3 fixes the following issues:

- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, 
  when relying on --safe for execution of an untrusted CLI script (bsc#1206337).

Advisory ID: SUSE-SU-2022:4629-1
Released:    Wed Dec 28 09:24:07 2022
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1200723,1205000,CVE-2022-4415
This update for systemd fixes the following issues:

- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).

Bug fixes:

- Support by-path devlink for multipath nvme block devices (bsc#1200723).

Advisory ID: SUSE-RU-2023:25-1
Released:    Thu Jan  5 09:51:41 2023
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

Version update from 2022f to 2022g (bsc#1177460):

- In the Mexican state of Chihuahua:
  * The border strip near the US will change to agree with nearby US locations on 2022-11-30.
  * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules,
    like El Paso, TX.
  * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX.
  * A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
- Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving
  time becomes standard time.
- Changes for pre-1996 northern Canada
- Update to past DST transition in Colombia (1993), Singapore (1981)
- 'timegm' is now supported by default

Advisory ID: SUSE-RU-2023:45-1
Released:    Mon Jan  9 10:32:26 2023
Summary:     Recommended update for libxml2
Type:        recommended
Severity:    moderate
References:  1204585
This update for libxml2 fixes the following issues:

- Add W3C conformance tests to the testsuite (bsc#1204585):
  * Added file xmlts20080827.tar.gz 

Advisory ID: SUSE-RU-2023:46-1
Released:    Mon Jan  9 10:35:21 2023
Summary:     Recommended update for hwdata
Type:        recommended
Severity:    moderate
This update for hwdata fixes the following issues:

-  Update pci, usb and vendor ids

Advisory ID: SUSE-RU-2023:48-1
Released:    Mon Jan  9 10:37:54 2023
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1199467
This update for libtirpc fixes the following issues:

- Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)

Advisory ID: SUSE-RU-2023:50-1
Released:    Mon Jan  9 10:42:21 2023
Summary:     Recommended update for shadow
Type:        recommended
Severity:    moderate
References:  1205502
This update for shadow fixes the following issues:

- Fix issue with user id field that cannot be interpreted (bsc#1205502)

Advisory ID: SUSE-SU-2023:56-1
Released:    Mon Jan  9 11:13:43 2023
Summary:     Security update for libksba
Type:        security
Severity:    moderate
References:  1206579,CVE-2022-47629
This update for libksba fixes the following issues:

- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
  signature parser (bsc#1206579).

Advisory ID: SUSE-SU-2023:159-1
Released:    Thu Jan 26 18:21:56 2023
Summary:     Security update for python-setuptools
Type:        security
Severity:    moderate
References:  1206667,CVE-2022-40897
This update for python-setuptools fixes the following issues:

- CVE-2022-40897: Fixed an excessive CPU usage that could be triggered
  by fetching a malicious HTML document (bsc#1206667).

Advisory ID: SUSE-RU-2023:177-1
Released:    Thu Jan 26 20:57:35 2023
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1194038,1205646
This update for util-linux fixes the following issues:

- Fix tests not passing when '@' character is in build path: 
  Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).

Advisory ID: SUSE-RU-2023:178-1
Released:    Thu Jan 26 20:58:21 2023
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1207182
This update for openssl-1_1 fixes the following issues:

- FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182]

Advisory ID: SUSE-RU-2023:181-1
Released:    Thu Jan 26 21:55:43 2023
Summary:     Recommended update for procps
Type:        recommended
Severity:    low
References:  1206412
This update for procps fixes the following issues:

- Improve memory handling/usage (bsc#1206412) 
- Make sure that correct library version is installed (bsc#1206412)

Advisory ID: SUSE-RU-2023:188-1
Released:    Fri Jan 27 12:07:19 2023
Summary:     Recommended update for zlib
Type:        recommended
Severity:    important
References:  1203652
This update for zlib fixes the following issues:

- Follow up fix for bug bsc#1203652 due to libxml2 issues

Advisory ID: SUSE-SU-2023:201-1
Released:    Fri Jan 27 15:24:15 2023
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1204944,1205000,1207264,CVE-2022-4415
This update for systemd fixes the following issues:

- CVE-2022-4415: Fixed an issue where users could access coredumps
  with changed uid, gid or capabilities (bsc#1205000).

Non-security fixes:

- Enabled the pstore service (jsc#PED-2663).
- Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944).
- Fixed an issue where a pamd file could get accidentally overwritten
  after an update (bsc#1207264).

Advisory ID: SUSE-SU-2023:311-1
Released:    Tue Feb  7 17:36:32 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286
This update for openssl-1_1 fixes the following issues:

- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).

Advisory ID: SUSE-SU-2023:322-1
Released:    Wed Feb  8 16:19:37 2023
Summary:     Security update for apache2
Type:        security
Severity:    important
References:  1207247,1207250,1207251,CVE-2006-20001,CVE-2022-36760,CVE-2022-37436
This update for apache2 fixes the following issues:

- CVE-2022-37436: Fixed an issue in mod_proxy where a malicious
  backend could cause the response headers to be truncated early,
  resulting in some headers being incorporated into the response body
- CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow
  request smuggling attacks (bsc#1207250).
- CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request
  header could cause memory corruption (bsc#1207247).

Advisory ID: SUSE-SU-2023:345-1
Released:    Fri Feb 10 15:06:27 2023
Summary:     Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Type:        security
Severity:    important
References:  1172110,1195979,1200801,1202150,1203478,1203532,1203826,1204032,1204126,1204186,1204235,1204270,1204330,1204712,1204715,1204879,1204932,1205012,1205040,1205207,1205255,1205350,1205489,1205523,1205644,1205663,1205749,1205754,1205890,1205919,1205943,1205976,1206055,1206160,1206168,1206186,1206249,1206276,1206294,1206336,1206375,1206470,1206613,1206666,1206799,1207136,CVE-2022-1415
Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server

This is a codestream only update

The following package changes have been done:

- libtirpc-netconfig-1.2.6-150300.3.17.1 updated
- libuuid1-2.37.2-150400.8.14.1 updated
- libudev1-249.14-150400.8.19.1 updated
- libsmartcols1-2.37.2-150400.8.14.1 updated
- libblkid1-2.37.2-150400.8.14.1 updated
- libfdisk1-2.37.2-150400.8.14.1 updated
- libz1-1.2.11-150000.3.39.1 updated
- libsqlite3-0-3.39.3-150000.3.20.1 updated
- libksba8-1.3.5-150000.4.6.1 updated
- libglib-2_0-0-2.70.5-150400.3.3.1 updated
- libxml2-2-2.9.14-150400.5.13.1 updated
- libsystemd0-249.14-150400.8.19.1 updated
- libopenssl1_1-1.1.1l-150400.7.22.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated
- libprocps7-3.3.15-150000.7.28.1 updated
- procps-3.3.15-150000.7.28.1 updated
- libmount1-2.37.2-150400.8.14.1 updated
- login_defs-4.8.1-150400.10.3.1 updated
- libtirpc3-1.2.6-150300.3.17.1 updated
- libcurl4-7.79.1-150400.5.12.1 updated
- shadow-4.8.1-150400.10.3.1 updated
- util-linux-2.37.2-150400.8.14.1 updated
- timezone-2022g-150000.75.18.1 updated
- curl-7.79.1-150400.5.12.1 updated
- libgmodule-2_0-0-2.70.5-150400.3.3.1 updated
- libgobject-2_0-0-2.70.5-150400.3.3.1 updated
- release-notes-susemanager-proxy-4.3.3-150400.3.12.3 added
- python3-uyuni-common-libs-4.3.7-150400.3.9.4 updated
- hwdata-0.365-150000.3.54.1 updated
- apache2-utils-2.4.51-150400.6.6.1 updated
- systemd-249.14-150400.8.19.1 updated
- gio-branding-SLE-15-150400.27.2.1 updated
- libgio-2_0-0-2.70.5-150400.3.3.1 updated
- glib2-tools-2.70.5-150400.3.3.1 updated
- python3-setuptools-44.1.1-150400.3.3.1 updated
- apache2-2.4.51-150400.6.6.1 updated
- apache2-prefork-2.4.51-150400.6.6.1 updated
- python3-gobject-3.42.2-150400.3.3.2 updated
- python3-rhnlib-4.3.5-150400.3.3.3 updated
- spacewalk-backend-4.3.18-150400.3.12.5 updated
- python3-libxml2-2.9.14-150400.5.13.1 updated
- python3-spacewalk-client-tools-4.3.14-150400.3.12.5 updated
- spacewalk-client-tools-4.3.14-150400.3.12.5 updated
- mgr-push-4.3.5-150400.3.3.5 updated
- python3-mgr-push-4.3.5-150400.3.3.5 updated
- spacewalk-proxy-package-manager-4.3.14-150400.3.11.4 updated
- spacewalk-proxy-common-4.3.14-150400.3.11.4 updated
- spacewalk-proxy-broker-4.3.14-150400.3.11.4 updated
- susemanager-tftpsync-recv-4.3.8-150400.3.6.4 updated
- spacewalk-proxy-redirect-4.3.14-150400.3.11.4 updated

More information about the sle-security-updates mailing list