SUSE-CU-2023:498-1: Security update of ses/7.1/ceph/grafana

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Mar 1 08:02:37 UTC 2023


SUSE Container Update Advisory: ses/7.1/ceph/grafana
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:498-1
Container Tags        : ses/7.1/ceph/grafana:8.5.15 , ses/7.1/ceph/grafana:8.5.15.2.2.393 , ses/7.1/ceph/grafana:latest , ses/7.1/ceph/grafana:sle15.3.pacific
Container Release     : 2.2.393
Severity              : important
Type                  : security
References            : 1121365 1177460 1177460 1180995 1183533 1188571 1189520 1192383
                        1192763 1193492 1193686 1194038 1194530 1198472 1199467 1199810
                        1200723 1201535 1201539 1201959 1201978 1202324 1202750 1203046
                        1203596 1203597 1203652 1203652 1203681 1203857 1204179 1204211
                        1204256 1204302 1204303 1204304 1204305 1204366 1204367 1204423
                        1204649 1204968 1205000 1205126 1205156 1205225 1205227 1205646
                        1206309 1206337 1206412 1206579 1206738 1207533 1207534 1207536
                        1207538 CVE-2016-3709 CVE-2021-22569 CVE-2021-28153 CVE-2021-36222
                        CVE-2021-3711 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813
                        CVE-2021-43815 CVE-2022-1941 CVE-2022-29170 CVE-2022-31097 CVE-2022-31107
                        CVE-2022-31123 CVE-2022-31130 CVE-2022-3171 CVE-2022-35957 CVE-2022-36062
                        CVE-2022-3821 CVE-2022-39201 CVE-2022-39229 CVE-2022-39306 CVE-2022-39307
                        CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552
                        CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215
                        CVE-2023-0286 
-----------------------------------------------------------------

The container ses/7.1/ceph/grafana was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3871-1
Released:    Fri Nov  4 13:26:29 2022
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304
This update for libxml2 fixes the following issues:

  - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978).
  - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
  - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3901-1
Released:    Tue Nov  8 10:50:06 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1180995,1203046
This update for openssl-1_1 fixes the following issues:

- Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995)
- Fix memory leaks (bsc#1203046)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3910-1
Released:    Tue Nov  8 13:05:04 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  
This update for pam fixes the following issue:

- Update pam_motd to the most current version. (PED-1712)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3922-1
Released:    Wed Nov  9 09:03:33 2022
Summary:     Security update for protobuf
Type:        security
Severity:    important
References:  1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171
This update for protobuf fixes the following issues:

- CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530).
- CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681)
- CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3961-1
Released:    Mon Nov 14 07:33:50 2022
Summary:     Recommended update for zlib
Type:        recommended
Severity:    important
References:  1203652
This update for zlib fixes the following issues:

- Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3973-1
Released:    Mon Nov 14 15:38:25 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1201959,1204211
This update for util-linux fixes the following issues:

- Fix file conflict during upgrade (bsc#1204211)
- libuuid improvements (bsc#1201959, PED-1150):
  libuuid: Fix range when parsing UUIDs.
  Improve cache handling for short running applications-increment the cache size over runtime.
  Implement continuous clock handling for time based UUIDs.
  Check clock value from clock file to provide seamless libuuid.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4056-1
Released:    Thu Nov 17 15:38:08 2022
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1204179,1204968,CVE-2022-3821
This update for systemd fixes the following issues:

- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).

- Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2
  * 8a70235d8a core: Add trigger limit for path units
  * 93e544f3a0 core/mount: also add default before dependency for automount mount units
  * 5916a7748c logind: fix crash in logind on user-specified message string

- Document udev naming scheme (bsc#1204179).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4066-1
Released:    Fri Nov 18 10:43:00 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1177460,1202324,1204649,1205156
This update for timezone fixes the following issues:

Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156):

- Mexico will no longer observe DST except near the US border
- Chihuahua moves to year-round -06 on 2022-10-30
- Fiji no longer observes DST
- In vanguard form, GMT is now a Zone and Etc/GMT a link
- zic now supports links to links, and vanguard form uses this
- Simplify four Ontario zones
- Fix a Y2438 bug when reading TZif data
- Enable 64-bit time_t on 32-bit glibc platforms
- Omit large-file support when no longer needed
- Jordan and Syria switch from +02/+03 with DST to year-round +03
- Palestine transitions are now Saturdays at 02:00
- Simplify three Ukraine zones into one
- Improve tzselect on intercontinental Zones
- Chile's DST is delayed by a week in September 2022 (bsc#1202324)
- Iran no longer observes DST after 2022
- Rename Europe/Kiev to Europe/Kyiv
- New `zic -R` command option
- Vanguard form now uses %z

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4198-1
Released:    Wed Nov 23 13:15:04 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    moderate
References:  1202750
This update for rpm fixes the following issues:

- Strip critical bit in signature subpackage parsing
- No longer deadlock DNF after pubkey import (bsc#1202750)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4256-1
Released:    Mon Nov 28 12:36:32 2022
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
References:  
This update for gcc12 fixes the following issues:

This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.

The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

	https://gcc.gnu.org/gcc-12/changes.html


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4428-1
Released:    Tue Dec 13 08:29:38 2022
Summary:     Security update for grafana
Type:        security
Severity:    important
References:  1188571,1189520,1192383,1192763,1193492,1193686,1199810,1201535,1201539,1203596,1203597,CVE-2021-36222,CVE-2021-3711,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-29170,CVE-2022-31097,CVE-2022-31107,CVE-2022-35957,CVE-2022-36062
This update for grafana fixes the following issues:

Version update from 8.3.10 to 8.5.13 (jsc#PED-2145):

- Security fixes:
  * CVE-2022-36062: (bsc#1203596)
  * CVE-2022-35957: (bsc#1203597)
  * CVE-2022-31107: (bsc#1201539)
  * CVE-2022-31097: (bsc#1201535)
  * CVE-2022-29170: (bsc#1199810)
  * CVE-2021-43813, CVE-2021-43815: (bsc#1193686)
  * CVE-2021-43798: (bsc#1193492)
  * CVE-2021-41244: (bsc#1192763)
  * CVE-2021-41174: (bsc#1192383)
  * CVE-2021-3711: (bsc#1189520)
  * CVE-2021-36222: (bsc#1188571)

- Features and enhancements:
  * AccessControl: Disable user remove and user update roles when they do not have the permissions
  * AccessControl: Provisioning for teams
  * Alerting: Add custom grouping to Alert Panel
  * Alerting: Add safeguard for migrations that might cause dataloss
  * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled
  * Alerting: Grafana uses > instead of >= when checking the For duration
  * Alerting: Move slow queries in the scheduler to another goroutine
  * Alerting: Remove disabled flag for data source when migrating alerts
  * Alerting: Show notification tab of legacy alerting only to editor
  * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard
  * Alerting: Use expanded labels in dashboard annotations
  * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert
  * Analytics: Add user id tracking to google analytics
  * Angular: Add AngularJS plugin support deprecation plan to docs site
  * API: Add usage stats preview endpoint
  * API: Extract OpenAPI specification from source code using go-swagger
  * Auth: implement auto_sign_up for auth.jwt
  * Azure monitor Logs: Optimize data fetching in resource picker
  * Azure Monitor Logs: Order subscriptions in resource picker by name
  * Azure Monitor: Include datasource ref when interpolating variables.
  * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters.
  * AzureMonitor: Do not quote variables when a custom 'All' variable option is used
  * AzureMonitor: Filter list of resources by resourceType
  * AzureMonitor: Update allowed namespaces
  * BarChart: color by field, x time field, bar radius, label skipping
  * Chore: Implement OpenTelemetry in Grafana
  * Cloud Monitoring: Adds metric type to Metric drop down options
  * CloudMonitor: Correctly encode default project response
  * CloudWatch: Add all ElastiCache Redis Metrics
  * CloudWatch: Add Data Lifecycle Manager metrics and dimension
  * CloudWatch: Add Missing Elasticache Host-level metrics
  * CloudWatch: Add multi-value template variable support for log group names in logs query builder
  * CloudWatch: Add new AWS/ES metrics. #43034, @sunker
  * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions
  * Cloudwatch: Add support for new AWS/RDS EBS* metrics
  * Cloudwatch: Add syntax highlighting and autocomplete for 'Metric Search'
  * Cloudwatch: Add template variable query function for listing log groups
  * Configuration: Add ability to customize okta login button name and icon
  * Elasticsearch: Add deprecation notice for < 7.10 versions.
  * Explore: Support custom display label for exemplar links for Prometheus datasource
  * Hotkeys: Make time range absolute/permanent
  * InfluxDB: Use backend for influxDB by default via feature toggle
  * Legend: Use correct unit for percent and count calculations
  * Logs: Escape windows newline into single newline
  * Loki: Add unpack to autocomplete suggestions
  * Loki: Use millisecond steps in Grafana 8.5.x.
  * Playlists: Enable sharing direct links to playlists
  * Plugins: Allow using both Function and Class components for app plugins
  * Plugins: Expose emotion/react to plugins to prevent load failures
  * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query
  * Rendering: Add support for renderer token
  * Setting: Support configuring feature toggles with bools instead of just passing an array
  * SQLStore: Prevent concurrent migrations
  * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations
  * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search
  * TimeSeries: Add migration for Graph panel's transform series override
  * TimeSeries: Add support for negative Y and constant transform
  * TimeSeries: Preserve null/undefined values when performing negative y transform
  * Traces: Filter by service/span name and operation in Tempo and Jaeger
  * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer
  * Transformations: Add an All Unique Values Reducer
  * Transformers: avoid error when the ExtractFields source field is missing

- Breaking changes:
  * For a data source query made via /api/ds/query:
    + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the
      DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway'
    + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of
      the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change)
  * For a proxied request, e.g. Grafana's datasource or plugin proxy: 
    + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed'
      request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status
      code is now '504 Gateway timeout' instead of '502 Bad gateway'.
    + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks),
      rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line
      interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of
      stepped lines
    + The meaning of the default data source has now changed from being a persisted property in a panel. Before when
      you selected the default data source for a panel and later changed the default data source to another data source
      it would change all panels who were configured to use the default data source. From  now on the default data
      source is just the default for new panels and changing the default will not impact any currently saved dashboards
    + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto
      it and click a link or select text). It will from now on by default close automatically when you mouse out
      from the trigger element. To make tooltips behave like before set the new interactive property to true.

- Deprecations:
  * /api/tsdb/query API has been deprecated, please use /api/ds/query instead
  * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how
  
- Bug fixes:
  * Alerting: Add contact points provisioning API
  * Alerting: add field for custom slack endpoint
  * Alerting: Add resolved count to notification title when both firing and resolved present
  * Alerting: Alert rule should wait For duration when execution error state is Alerting
  * Alerting: Allow disabling override timings for notification policies
  * Alerting: Allow serving images from custom url path
  * Alerting: Apply Custom Headers to datasource queries
  * Alerting: Classic conditions can now display multiple values
  * Alerting: correctly show all alerts in a folder
  * Alerting: Display query from grafana-managed alert rules on /api/v1/rules
  * Alerting: Do not overwrite existing alert rule condition
  * Alerting: Enhance support for arbitrary group names in managed alerts
  * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled
  * Alerting: Fix anonymous access to alerting
  * Alerting: Fix migrations by making send_alerts_to field nullable
  * Alerting: Fix RBAC actions for notification policies
  * Alerting: Fix use of > instead of >= when checking the For duration
  * Alerting: Remove double quotes from matchers
  * API: Include userId, orgId, uname in request logging middleware
  * Auth: Guarantee consistency of signed SigV4 headers
  * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab
  * Azure Monitor: Add 2 more Curated Dashboards for VM Insights
  * Azure Monitor: Bug Fix for incorrect variable cascading for template variables
  * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal
  * Azure Monitor: Fixes broken log queries that use workspace
  * Azure Monitor: Small bug fixes for Resource Picker
  * AzureAd Oauth: Fix strictMode to reject users without an assigned role
  * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources
  * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query
  * CloudWatch: Added missing MemoryDB Namespace metrics
  * CloudWatch: Fix MetricName resetting on Namespace change.
  * Cloudwatch: Fix template variables in variable queries.
  * CloudWatch: Fix variable query tag migration
  * CloudWatch: Handle new error codes for MetricInsights
  * CloudWatch: List all metrics properly in SQL autocomplete
  * CloudWatch: Prevent log groups from being removed on query change
  * CloudWatch: Remove error message when using multi-valued template vars in region field
  * CloudWatch: Run query on blur in logs query field
  * CloudWatch: Use default http client from aws-sdk-go
  * Dashboard: Fix dashboard update permission check
  * Dashboard: Fixes random scrolling on time range change
  * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links
  * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect
  * DashboardPage: Remember scroll position when coming back panel edit / view panel
  * Dashboards: Fixes repeating by row and no refresh
  * Dashboards: Show changes in save dialog
  * DataSource: Default data source is no longer a persisted state but just the default data source for new panels
  * DataSourcePlugin API: Allow queries import when changing data source type
  * Elasticsearch: Respect maxConcurrentShardRequests datasource setting
  * Explore: Allow users to save Explore state to a new panel in a new dashboard
  * Explore: Avoid locking timepicker when range is inverted.
  * Explore: Fix closing split pane when logs panel is used
  * Explore: Prevent direct access to explore if disabled via feature toggle
  * Explore: Remove return to panel button
  * FileUpload: clicking the Upload file button now opens their modal correctly
  * Gauge: Fixes blank viz when data link exists and orientation was horizontal
  * GrafanaUI: Fix color of links in error Tooltips in light theme
  * Histogram Panel: Take decimal into consideration
  * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram
  * Instrumentation: Fix HTTP request instrumentation of authentication failures
  * Instrumentation: Make backend plugin metrics endpoints available with optional authentication
  * Instrumentation: Proxy status code correction and various improvements
  * LibraryPanels: Fix library panels not connecting properly in imported dashboards
  * LibraryPanels: Prevent long descriptions and names from obscuring the delete button
  * Logger: Use specified format for file logger
  * Logging: Introduce feature toggle to activate gokit/log format
  * Logs: Handle missing fields in dataframes better
  * Loki: Improve unpack parser handling
  * ManageDashboards: Fix error when deleting all dashboards from folder view
  * Middleware: Fix IPv6 host parsing in CSRF check
  * Navigation: Prevent navbar briefly showing on login
  * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney
  * OAuth: Fix parsing of ID token if header contains non-string value
  * Panel Edit: Options search now works correctly when a logarithmic scale option is set
  * Panel Edit: Visualization search now works correctly with special characters
  * Plugins Catalog: Fix styling of hyperlinks
  * Plugins: Add deprecation notice for /api/tsdb/query endpoint
  * Plugins: Adding support for traceID field to accept variables
  * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios
  * Postgres: Return tables with hyphenated schemes
  * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument
  * Profile/Help: Expose option to disable profile section and help menu
  * Prometheus: Enable new visual query builder by default
  * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted
  * RBAC: Fix Anonymous Editors missing dashboard controls
  * RolePicker: Fix menu position on smaller screens
  * SAML: Allow disabling of SAML signups
  * Search: Sort results correctly when using postgres
  * Security: Fixes minor code scanning security warnings in old vendored javascript libs
  * Table panel: Fix horizontal scrolling when pagination is enabled
  * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates
  * Table: Fix filter crashes table
  * Table: New pagination option
  * TablePanel: Add cell inspect option
  * TablePanel: Do not prefix columns with frame name if multipleframes and override active
  * TagsInput: Fix tags remove button accessibility issues
  * Tempo / Trace Viewer: Support Span Links in Trace Viewer
  * Tempo: Download span references in data inspector
  * Tempo: Separate trace to logs and loki search datasource config
  * TextPanel: Sanitize after markdown has been rendered to html
  * TimeRange: Fixes updating time range from url and browser history
  * TimeSeries: Fix detection & rendering of sparse datapoints
  * Timeseries: Fix outside range stale state
  * TimeSeries: Properly stack series with missing datapoints
  * TimeSeries: Sort tooltip values based on raw values
  * Tooltip: Fix links not legible in Tooltips when using light theme
  * Tooltip: Sort decimals using standard numeric compare
  * Trace View: Show number of child spans
  * Transformations: Support escaped characters in key-value pair parsing
  * Transforms: Labels to fields, fix label picker layout
  * Variables: Ensure variables in query params are correctly recognised
  * Variables: Fix crash when changing query variable datasource
  * Variables: Fixes issue with data source variables not updating queries with variable
  * Visualizations: Stack negative-valued series downwards

- Plugin development fixes:
  * Card: Increase clickable area when meta items are present.
  * ClipboardButton: Use a fallback when the Clipboard API is unavailable
  * Loki: Fix operator description propup from being shortened.
  * OAuth: Add setting to skip org assignment for external users
  * Tooltips: Make tooltips non interactive by default
  * Tracing: Add option to map tag names to log label names in trace to logs settings
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4628-1
Released:    Wed Dec 28 09:23:13 2022
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1206337,CVE-2022-46908
This update for sqlite3 fixes the following issues:

- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, 
  when relying on --safe for execution of an untrusted CLI script (bsc#1206337).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4630-1
Released:    Wed Dec 28 09:25:18 2022
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1200723,1203857,1204423,1205000,CVE-2022-4415
This update for systemd fixes the following issues:

- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).

Bug fixes:

- Support by-path devlink for multipath nvme block devices (bsc#1200723).
- Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857).
- Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4633-1
Released:    Wed Dec 28 09:32:15 2022
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1206309,CVE-2022-43552
This update for curl fixes the following issues:

- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:25-1
Released:    Thu Jan  5 09:51:41 2023
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

Version update from 2022f to 2022g (bsc#1177460):

- In the Mexican state of Chihuahua:
  * The border strip near the US will change to agree with nearby US locations on 2022-11-30.
  * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules,
    like El Paso, TX.
  * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX.
  * A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
- Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving
  time becomes standard time.
- Changes for pre-1996 northern Canada
- Update to past DST transition in Colombia (1993), Singapore (1981)
- 'timegm' is now supported by default

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:48-1
Released:    Mon Jan  9 10:37:54 2023
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1199467
This update for libtirpc fixes the following issues:

- Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:56-1
Released:    Mon Jan  9 11:13:43 2023
Summary:     Security update for libksba
Type:        security
Severity:    moderate
References:  1206579,CVE-2022-47629
This update for libksba fixes the following issues:

- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
  signature parser (bsc#1206579).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:157-1
Released:    Thu Jan 26 15:54:43 2023
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1194038,1205646
This update for util-linux fixes the following issues:

- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).
- Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt
  does not exist.
- Fix tests not passing when '@' character is in build path: 
  Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:174-1
Released:    Thu Jan 26 20:52:38 2023
Summary:     Security update for glib2
Type:        security
Severity:    low
References:  1183533,CVE-2021-28153
This update for glib2 fixes the following issues:

- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:176-1
Released:    Thu Jan 26 20:56:20 2023
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1206738
This update for permissions fixes the following issues:

Update to version 20181225:

* Backport postfix permissions to SLE 15 SP2 (bsc#1206738)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:181-1
Released:    Thu Jan 26 21:55:43 2023
Summary:     Recommended update for procps
Type:        recommended
Severity:    low
References:  1206412
This update for procps fixes the following issues:

- Improve memory handling/usage (bsc#1206412) 
- Make sure that correct library version is installed (bsc#1206412)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:188-1
Released:    Fri Jan 27 12:07:19 2023
Summary:     Recommended update for zlib
Type:        recommended
Severity:    important
References:  1203652
This update for zlib fixes the following issues:

- Follow up fix for bug bsc#1203652 due to libxml2 issues

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:198-1
Released:    Fri Jan 27 14:26:54 2023
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1205126,CVE-2022-42898
This update for krb5 fixes the following issues:

- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:310-1
Released:    Tue Feb  7 17:35:34 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286
This update for openssl-1_1 fixes the following issues:

- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
- FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:362-1
Released:    Fri Feb 10 15:15:36 2023
Summary:     Security update for grafana
Type:        security
Severity:    moderate
References:  1204302,1204303,1204304,1204305,1205225,1205227,CVE-2022-31123,CVE-2022-31130,CVE-2022-39201,CVE-2022-39229,CVE-2022-39306,CVE-2022-39307
This update for grafana fixes the following issues:

- Version update from 8.5.13 to 8.5.15 (jsc#PED-2617):
  * CVE-2022-39306: Security fix for privilege escalation (bsc#1205225)
  * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227)
  * CVE-2022-39201: Do not forward login cookie in outgoing requests (bsc#1204303)
  * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305)
  * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)
  * CVE-2022-39229: Fix blocking other users from signing in (bsc#1204304)


The following package changes have been done:

- grafana-8.5.15-150200.3.32.1 updated
- krb5-1.19.2-150300.10.1 updated
- libblkid1-2.36.2-150300.4.32.1 updated
- libcurl4-7.66.0-150200.4.45.1 updated
- libfdisk1-2.36.2-150300.4.32.1 updated
- libgcc_s1-12.2.1+git416-150000.1.5.1 updated
- libglib-2_0-0-2.62.6-150200.3.10.1 updated
- libksba8-1.3.5-150000.4.6.1 updated
- libmount1-2.36.2-150300.4.32.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated
- libopenssl1_1-1.1.1d-150200.11.57.1 updated
- libprocps7-3.3.15-150000.7.28.1 updated
- libprotobuf-lite20-3.9.2-150200.4.19.2 updated
- libsmartcols1-2.36.2-150300.4.32.1 updated
- libsqlite3-0-3.39.3-150000.3.20.1 updated
- libstdc++6-12.2.1+git416-150000.1.5.1 updated
- libsystemd0-246.16-150300.7.57.1 updated
- libtirpc-netconfig-1.2.6-150300.3.17.1 updated
- libtirpc3-1.2.6-150300.3.17.1 updated
- libudev1-246.16-150300.7.57.1 updated
- libuuid1-2.36.2-150300.4.32.1 updated
- libxml2-2-2.9.7-150000.3.51.1 updated
- libz1-1.2.11-150000.3.39.1 updated
- openssl-1_1-1.1.1d-150200.11.57.1 updated
- pam-1.3.0-150000.6.61.1 updated
- permissions-20181225-150200.23.23.1 updated
- procps-3.3.15-150000.7.28.1 updated
- rpm-ndb-4.14.3-150300.52.1 updated
- timezone-2022g-150000.75.18.1 updated
- util-linux-2.36.2-150300.4.32.1 updated
- container:sles15-image-15.0.0-17.20.107 updated


More information about the sle-security-updates mailing list