SUSE-CU-2023:3073-1: Security update of ses/7.1/ceph/ceph

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Sep 21 07:32:27 UTC 2023


SUSE Container Update Advisory: ses/7.1/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:3073-1
Container Tags        : ses/7.1/ceph/ceph:16.2.13.66 , ses/7.1/ceph/ceph:16.2.13.66.4.7.86 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific
Container Release     : 4.7.86
Severity              : important
Type                  : security
References            : 1089497 1099269 1103893 1112183 1133277 1144068 1157881 1158763
                        1162343 1177127 1178168 1182066 1182142 1184753 1186673 1193412
                        1194530 1197726 1198165 1198331 1199282 1200710 1201627 1202234
                        1203681 1203750 1204256 1206627 1207534 1207805 1208721 1209229
                        1209536 1209565 1209859 1210740 1210999 1211078 1211079 1211158
                        1211261 1211419 1211661 1211674 1211828 1212126 1212187 1212187
                        1212222 1212260 1213004 1213008 1213189 1213231 1213282 1213487
                        1213504 1213514 1213517 1213557 1213582 1213582 1213673 1213853
                        1214025 1214052 1214054 1214071 1214248 1214290 1214768 CVE-2007-4559
                        CVE-2018-1000518 CVE-2020-25659 CVE-2020-36242 CVE-2021-22569
                        CVE-2021-22570 CVE-2022-1941 CVE-2022-3171 CVE-2022-41409 CVE-2022-4304
                        CVE-2023-22652 CVE-2023-2603 CVE-2023-30078 CVE-2023-30079 CVE-2023-31484
                        CVE-2023-32181 CVE-2023-32681 CVE-2023-3446 CVE-2023-34969 CVE-2023-36054
                        CVE-2023-3817 CVE-2023-38408 CVE-2023-39615 CVE-2023-4016 CVE-2023-4039
                        CVE-2023-4156 
-----------------------------------------------------------------

The container ses/7.1/ceph/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2497-1
Released:    Tue Jun 13 15:37:25 2023
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    important
References:  1211661,1212187
This update for libzypp fixes the following issues:

- Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187]
- Do not unconditionally release a medium if provideFile failed. [bsc#1211661]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2517-1
Released:    Thu Jun 15 07:09:52 2023
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1203750,1211158,CVE-2007-4559
This update for python3 fixes the following issues:

- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).

- Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2625-1
Released:    Fri Jun 23 17:16:11 2023
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
References:  
This update for gcc12 fixes the following issues:

- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204

  * includes regression and other bug fixes

- Speed up builds with --enable-link-serialization.

- Update embedded newlib to version 4.2.0

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2742-1
Released:    Fri Jun 30 11:40:56 2023
Summary:     Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper
Type:        recommended
Severity:    moderate
References:  1202234,1209565,1211261,1212187,1212222
This update for yast2-pkg-bindings fixes the following issues:

libzypp was updated to version 17.31.14 (22):

- Curl: trim all custom headers (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. So we make
  sure all custom headers are trimmed. This also includes headers
  returned by URL-Resolver plugins.
- build: honor libproxy.pc's includedir (bsc#1212222)

zypper was updated to version 1.14.61:

- targetos: Add an error note if XPath:/product/register/target
  is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)

yast2-pkg-bindings, autoyast:

- Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- Selected products are not installed after resetting the package manager internally (bsc#1202234)

yast2-update:

- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2783-1
Released:    Tue Jul  4 22:08:19 2023
Summary:     Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets
Type:        security
Severity:    important
References:  1099269,1133277,1144068,1162343,1177127,1178168,1182066,1184753,1194530,1197726,1198331,1199282,1203681,1204256,CVE-2018-1000518,CVE-2020-25659,CVE-2020-36242,CVE-2021-22569,CVE-2021-22570,CVE-2022-1941,CVE-2022-3171
This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues:

grpc:
- Update in SLE-15 (bsc#1197726, bsc#1144068)
  
protobuf:
- Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681
- Fix a potential DoS issue when parsing with binary data in  protobuf-java, CVE-2022-3171, bsc#1204256
- Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530
- Add missing dependency of python subpackages on python-six (bsc#1177127)
- Updated to version 3.9.2 (bsc#1162343)
  * Remove OSReadLittle* due to alignment requirements.
  * Don't use unions and instead use memcpy for the type swaps.
- Disable LTO (bsc#1133277)

python-aiocontextvars:  
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-avro:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-cryptography:  
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331)
  * SECURITY ISSUE: Fixed a bug where certain sequences of update()
    calls when symmetrically encrypting very large payloads (>2GB) could
    result in an integer overflow, leading to buffer overflows.
  CVE-2020-36242

python-cryptography-vectors:
- update to 3.2 (bsc#1178168, CVE-2020-25659):
  * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
    to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
    by our API, we cannot completely mitigate this vulnerability.
  * Support for OpenSSL 1.0.2 has been removed.
  * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
- update to 3.3.2 (bsc#1198331)

python-Deprecated:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 1.2.13:

python-google-api-core:
- Update to 1.14.2

python-googleapis-common-protos:
- Update to 1.6.0
  
python-grpcio-gcp:
- Initial spec for v0.2.2

python-humanfriendly:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to 10.0

python-jsondiff:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 1.3.0

python-knack:  
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 0.9.0

python-opencensus:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Disable Python2 build
- Update to 0.8.0

python-opencensus-context:  
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-opencensus-ext-threading:  
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Initial build version 0.1.2

python-opentelemetry-api:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Version update to 1.5.0

python-psutil:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 5.9.1
- remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753)
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-PyGithub:
- Update to 1.43.5:

python-pytest-asyncio:  
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Initial release of python-pytest-asyncio 0.8.0 
  
python-requests:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
  
python-websocket-client:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 1.3.2

python-websockets:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 9.1:
 
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2855-1
Released:    Mon Jul 17 16:35:21 2023
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1212260
This update for openldap2 fixes the following issues:

- libldap2 crashes on ldap_sasl_bind_s (bsc#1212260)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2866-1
Released:    Tue Jul 18 11:09:03 2023
Summary:     Security update for python-requests
Type:        security
Severity:    moderate
References:  1211674,CVE-2023-32681
This update for python-requests fixes the following issues:

- CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2879-1
Released:    Wed Jul 19 09:45:34 2023
Summary:     Security update for dbus-1
Type:        security
Severity:    moderate
References:  1212126,CVE-2023-34969
This update for dbus-1 fixes the following issues:

- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2882-1
Released:    Wed Jul 19 11:49:39 2023
Summary:     Security update for perl
Type:        security
Severity:    important
References:  1210999,CVE-2023-31484
This update for perl fixes the following issues:


  - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2885-1
Released:    Wed Jul 19 16:58:43 2023
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1208721,1209229,1211828
This update for glibc fixes the following issues:

- getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235)
- Exclude static archives from preparation for live patching (bsc#1208721)
- resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2918-1
Released:    Thu Jul 20 12:00:17 2023
Summary:     Recommended update for gpgme
Type:        recommended
Severity:    moderate
References:  1089497
This update for gpgme fixes the following issues:

gpgme:

- Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497)
    
libassuan:

- Version upgrade to 2.5.5 in LTSS to address gpgme new requirements

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2945-1
Released:    Mon Jul 24 09:37:30 2023
Summary:     Security update for openssh
Type:        security
Severity:    important
References:  1186673,1209536,1213004,1213008,1213504,CVE-2023-38408
This update for openssh fixes the following issues:

- CVE-2023-38408: Fixed a condition where specific libaries loaded via
  ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
  execution via a forwarded agent socket if those libraries were present on the
  victim's system and if the agent was forwarded to an attacker-controlled
  system. [bsc#1213504, CVE-2023-38408]

- Close the right filedescriptor and also close fdh in read_hmac to avoid file
  descriptor leaks. [bsc#1209536]

- Attempts to mitigate instances of secrets lingering in memory after a session
  exits. [bsc#1186673, bsc#1213004, bsc#1213008]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2956-1
Released:    Tue Jul 25 08:33:38 2023
Summary:     Security update for libcap
Type:        security
Severity:    moderate
References:  1211419,CVE-2023-2603
This update for libcap fixes the following issues:

- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2994-1
Released:    Thu Jul 27 06:45:29 2023
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    moderate
References:  1157881,1200710,1209859
This update for nfs-utils fixes the following issues:

- SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710)
- Avoid unhelpful warnings (bsc#1157881)
- Fix rpc.nfsd man pages (bsc#1209859)
- Allow scope to be set in sysconfig: NFSD_SCOPE

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3179-1
Released:    Thu Aug  3 13:59:38 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1201627,1207534,1213487,CVE-2022-4304,CVE-2023-3446
This update for openssl-1_1 fixes the following issues:

- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
  The previous fix for this timing side channel turned out to cause a
  severe 2-3x performance regression in the typical use case (bsc#1207534).
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).

- Update further expiring certificates that affect tests [bsc#1201627]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3210-1
Released:    Mon Aug  7 15:20:04 2023
Summary:     Security update for pcre2
Type:        security
Severity:    moderate
References:  1213514,CVE-2022-41409
This update for pcre2 fixes the following issues:

  - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3218-1
Released:    Mon Aug  7 16:52:13 2023
Summary:     Recommended update for cryptsetup
Type:        recommended
Severity:    moderate
References:  1211079
This update for cryptsetup fixes the following issues:

- Handle system with low memory and no swap space (bsc#1211079)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3284-1
Released:    Fri Aug 11 10:29:50 2023
Summary:     Recommended update for shadow
Type:        recommended
Severity:    moderate
References:  1206627,1213189
This update for shadow fixes the following issues:

- Prevent lock files from remaining after power interruptions (bsc#1213189)
- Add --prefix support to passwd, chpasswd and chage (bsc#1206627)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3288-1
Released:    Fri Aug 11 12:30:14 2023
Summary:     Recommended update for python-apipkg
Type:        recommended
Severity:    moderate
References:  1213582

This update for python-apipkg provides python3-apipkg to SUSE Linux Enterprise Micro 5.2. 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3291-1
Released:    Fri Aug 11 12:51:21 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1213517,1213853,CVE-2023-3817
This update for openssl-1_1 fixes the following issues:

- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3330-1
Released:    Wed Aug 16 08:59:33 2023
Summary:     Recommended update for python-pyasn1
Type:        recommended
Severity:    important
References:  1207805
This update for python-pyasn1 fixes the following issues:

- To avoid users of this package having to recompile bytecode
  files, change the mtime of any __init__.py. (bsc#1207805)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3365-1
Released:    Fri Aug 18 20:35:01 2023
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1214054,CVE-2023-36054
This update for krb5 fixes the following issues:

- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3388-1
Released:    Wed Aug 23 17:14:22 2023
Summary:     Recommended update for binutils
Type:        recommended
Severity:    important
References:  1213282
This update for binutils fixes the following issues:

- Add `binutils-disable-dt-relr.sh` to address compatibility problems with the glibc version included in future
  SUSE Linux Enterprise releases (bsc#1213282, jsc#PED-1435)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3440-1
Released:    Mon Aug 28 08:57:10 2023
Summary:     Security update for gawk
Type:        security
Severity:    low
References:  1214025,CVE-2023-4156
This update for gawk fixes the following issues:

- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3454-1
Released:    Mon Aug 28 13:43:18 2023
Summary:     Security update for ca-certificates-mozilla
Type:        security
Severity:    important
References:  1214248
This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
  Added:
  - Atos TrustedRoot Root CA ECC G2 2020
  - Atos TrustedRoot Root CA ECC TLS 2021
  - Atos TrustedRoot Root CA RSA G2 2020
  - Atos TrustedRoot Root CA RSA TLS 2021
  - BJCA Global Root CA1
  - BJCA Global Root CA2
  - LAWtrust Root CA2 (4096)
  - Sectigo Public Email Protection Root E46
  - Sectigo Public Email Protection Root R46
  - Sectigo Public Server Authentication Root E46
  - Sectigo Public Server Authentication Root R46
  - SSL.com Client ECC Root CA 2022
  - SSL.com Client RSA Root CA 2022
  - SSL.com TLS ECC Root CA 2022
  - SSL.com TLS RSA Root CA 2022
  Removed CAs:
  - Chambers of Commerce Root
  - E-Tugra Certification Authority
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  - Hongkong Post Root CA 1

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3466-1
Released:    Tue Aug 29 07:33:16 2023
Summary:     Recommended update for icu
Type:        recommended
Severity:    moderate
References:  1103893,1112183
This update for icu fixes the following issues:

- Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3470-1
Released:    Tue Aug 29 10:49:33 2023
Summary:     Recommended update for parted
Type:        recommended
Severity:    low
References:  1182142,1193412
This update for parted fixes the following issues:

- fix null pointer dereference (bsc#1193412)
- update mkpart options in manpage (bsc#1182142)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3472-1
Released:    Tue Aug 29 10:55:16 2023
Summary:     Security update for procps
Type:        security
Severity:    low
References:  1214290,CVE-2023-4016
This update for procps fixes the following issues:

  - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3487-1
Released:    Tue Aug 29 14:28:35 2023
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1214071
This update for lvm2 fixes the following issues:

- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3515-1
Released:    Fri Sep  1 15:54:25 2023
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1158763,1210740,1213231,1213557,1213673
This update for libzypp, zypper fixes the following issues:

- Fix occasional isue with downloading very small files (bsc#1213673)
- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)
- Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)
- Revised explanation of --force-resolution in man page (bsc#1213557)
- Print summary hint if policies were violated due to --force-resolution (bsc#1213557)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3521-1
Released:    Tue Sep  5 08:56:45 2023
Summary:     Recommended update for python-iniconfig
Type:        recommended
Severity:    moderate
References:  1213582

This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3639-1
Released:    Mon Sep 18 13:33:16 2023
Summary:     Security update for libeconf
Type:        security
Severity:    moderate
References:  1198165,1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181
This update for libeconf fixes the following issues:

Update to version 0.5.2.

- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)

The following non-security bug was fixed:

- Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3661-1
Released:    Mon Sep 18 21:44:09 2023
Summary:     Security update for gcc12
Type:        security
Severity:    important
References:  1214052,CVE-2023-4039
This update for gcc12 fixes the following issues:

- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3698-1
Released:    Wed Sep 20 11:01:15 2023
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1214768,CVE-2023-39615
This update for libxml2 fixes the following issues:

- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).


The following package changes have been done:

- binutils-2.39-150100.7.43.2 updated
- ca-certificates-mozilla-2.62-150200.30.1 updated
- cryptsetup-2.3.7-150300.3.8.1 updated
- dbus-1-1.12.2-150100.8.17.1 updated
- device-mapper-2.03.05_1.02.163-150200.8.52.1 updated
- gawk-4.2.1-150000.3.3.1 updated
- glibc-locale-base-2.31-150300.52.2 updated
- glibc-2.31-150300.52.2 updated
- krb5-1.19.2-150300.13.1 updated
- libassuan0-2.5.5-150000.4.5.2 updated
- libcap2-2.26-150000.4.9.1 updated
- libcryptsetup12-hmac-2.3.7-150300.3.8.1 updated
- libcryptsetup12-2.3.7-150300.3.8.1 updated
- libctf-nobfd0-2.39-150100.7.43.2 updated
- libctf0-2.39-150100.7.43.2 updated
- libdbus-1-3-1.12.2-150100.8.17.1 updated
- libdevmapper-event1_03-2.03.05_1.02.163-150200.8.52.1 updated
- libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 updated
- libeconf0-0.5.2-150300.3.11.1 updated
- libgcc_s1-12.3.0+git1204-150000.1.16.1 updated
- libicu-suse65_1-65.1-150200.4.8.1 updated
- libicu65_1-ledata-65.1-150200.4.8.1 updated
- libldap-2_4-2-2.4.46-150200.14.17.1 updated
- libldap-data-2.4.46-150200.14.17.1 updated
- liblvm2cmd2_03-2.03.05-150200.8.52.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.75.1 updated
- libopenssl1_1-1.1.1d-150200.11.75.1 updated
- libparted0-3.2-150300.21.3.1 updated
- libpcre2-8-0-10.31-150000.3.15.1 updated
- libprocps7-3.3.15-150000.7.34.1 updated
- libprotobuf-lite20-3.9.2-150200.4.21.1 updated
- libpython3_6m1_0-3.6.15-150300.10.48.1 updated
- libsolv-tools-0.7.24-150200.20.2 updated
- libstdc++6-12.3.0+git1204-150000.1.16.1 updated
- libxml2-2-2.9.7-150000.3.60.1 updated
- libzypp-17.31.20-150200.75.1 updated
- login_defs-4.8.1-150300.4.9.1 updated
- lvm2-2.03.05-150200.8.52.1 updated
- nfs-client-2.1.1-150100.10.37.1 updated
- nfs-kernel-server-2.1.1-150100.10.37.1 updated
- openssh-clients-8.4p1-150300.3.22.1 updated
- openssh-common-8.4p1-150300.3.22.1 updated
- openssh-fips-8.4p1-150300.3.22.1 updated
- openssh-server-8.4p1-150300.3.22.1 updated
- openssh-8.4p1-150300.3.22.1 updated
- openssl-1_1-1.1.1d-150200.11.75.1 updated
- parted-3.2-150300.21.3.1 updated
- perl-base-5.26.1-150300.17.14.1 updated
- procps-3.3.15-150000.7.34.1 updated
- python3-apipkg-1.4-150000.3.6.1 updated
- python3-base-3.6.15-150300.10.48.1 updated
- python3-curses-3.6.15-150300.10.48.1 updated
- python3-iniconfig-1.1.1-150000.1.11.1 updated
- python3-pyasn1-0.4.2-150000.3.5.1 updated
- python3-requests-2.24.0-150300.3.3.1 updated
- python3-websocket-client-1.3.2-150100.6.7.3 updated
- python3-3.6.15-150300.10.48.1 updated
- shadow-4.8.1-150300.4.9.1 updated
- zypper-1.14.63-150200.59.1 updated
- container:sles15-image-15.0.0-17.20.185 updated


More information about the sle-security-updates mailing list