From sle-updates at lists.suse.com Tue Feb 1 14:18:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 15:18:03 +0100 (CET) Subject: SUSE-SU-2022:0257-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP3) Message-ID: <20220201141803.62E8EFE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0257-1 Rating: important References: #1191529 #1192036 #1193529 #1194461 #1194737 Cross-References: CVE-2020-3702 CVE-2021-4028 CVE-2021-4154 CVE-2021-42739 CVE-2022-0185 CVSS scores: CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-4028 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4154 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0185 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-59_16 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842). - CVE-2021-4028: Fixed use-after-free in RDMA listen() that could lead to DoS or privilege escalation by a local attacker (bsc#1193167). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-257=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-258=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-269=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_10-default-8-150300.2.2 kernel-livepatch-5_3_18-59_10-default-debuginfo-8-150300.2.2 kernel-livepatch-5_3_18-59_16-default-7-150300.2.2 kernel-livepatch-5_3_18-59_16-default-debuginfo-7-150300.2.2 kernel-livepatch-5_3_18-59_19-default-6-150300.2.2 kernel-livepatch-5_3_18-59_19-default-debuginfo-6-150300.2.2 kernel-livepatch-SLE15-SP3_Update_2-debugsource-8-150300.2.2 kernel-livepatch-SLE15-SP3_Update_4-debugsource-7-150300.2.2 kernel-livepatch-SLE15-SP3_Update_5-debugsource-6-150300.2.2 References: https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-4028.html https://www.suse.com/security/cve/CVE-2021-4154.html https://www.suse.com/security/cve/CVE-2021-42739.html https://www.suse.com/security/cve/CVE-2022-0185.html https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1193529 https://bugzilla.suse.com/1194461 https://bugzilla.suse.com/1194737 From sle-updates at lists.suse.com Tue Feb 1 14:19:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 15:19:41 +0100 (CET) Subject: SUSE-SU-2022:0263-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP5) Message-ID: <20220201141941.8A8D5FE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0263-1 Rating: important References: #1186061 #1191529 #1192036 #1194680 Cross-References: CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-3702 CVE-2021-23134 CVE-2021-42739 CVSS scores: CVE-2020-25670 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25670 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25671 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-23134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-23134 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_60 fixes several issues. The following security issues were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-253=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-263=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_83-default-14-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_60-default-14-2.2 References: https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-23134.html https://www.suse.com/security/cve/CVE-2021-42739.html https://bugzilla.suse.com/1186061 https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1194680 From sle-updates at lists.suse.com Tue Feb 1 14:21:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 15:21:16 +0100 (CET) Subject: SUSE-SU-2022:0262-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP3) Message-ID: <20220201142116.A89C8FE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0262-1 Rating: important References: #1194737 Cross-References: CVE-2022-0185 CVSS scores: CVE-2022-0185 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.3.18-59_40 fixes one issue. The following security issue was fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-260=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-261=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-262=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_34-default-3-150300.2.2 kernel-livepatch-5_3_18-59_34-default-debuginfo-3-150300.2.2 kernel-livepatch-5_3_18-59_37-default-2-150300.2.2 kernel-livepatch-5_3_18-59_37-default-debuginfo-2-150300.2.2 kernel-livepatch-5_3_18-59_40-default-2-150300.2.2 kernel-livepatch-SLE15-SP3_Update_10-debugsource-2-150300.2.2 kernel-livepatch-SLE15-SP3_Update_9-debugsource-3-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-2-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-0185.html https://bugzilla.suse.com/1194737 From sle-updates at lists.suse.com Tue Feb 1 14:22:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 15:22:34 +0100 (CET) Subject: SUSE-SU-2022:0254-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP2) Message-ID: <20220201142234.22C9BFE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0254-1 Rating: important References: #1191529 #1192036 #1194461 #1194737 Cross-References: CVE-2020-3702 CVE-2021-4154 CVE-2021-42739 CVE-2022-0185 CVSS scores: CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-4154 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0185 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_53_4 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-254=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-256=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_53_4-default-8-2.2 kernel-livepatch-5_3_18-24_53_4-default-debuginfo-8-2.2 kernel-livepatch-5_3_18-24_61-default-10-2.2 kernel-livepatch-5_3_18-24_61-default-debuginfo-10-2.2 kernel-livepatch-SLE15-SP2_Update_12-debugsource-10-2.2 kernel-livepatch-SLE15-SP2_Update_15-debugsource-8-2.2 References: https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-4154.html https://www.suse.com/security/cve/CVE-2021-42739.html https://www.suse.com/security/cve/CVE-2022-0185.html https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1194461 https://bugzilla.suse.com/1194737 From sle-updates at lists.suse.com Tue Feb 1 14:24:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 15:24:09 +0100 (CET) Subject: SUSE-SU-2022:0270-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP3) Message-ID: <20220201142409.7B471FE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0270-1 Rating: important References: #1192036 #1193529 #1194737 Cross-References: CVE-2021-4028 CVE-2021-42739 CVE-2022-0185 CVSS scores: CVE-2021-4028 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0185 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-59_27 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2021-4028: Fixed use-after-free in RDMA listen() that could lead to DoS or privilege escalation by a local attacker (bsc#1193167). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-259=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-270=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_24-default-4-150300.2.2 kernel-livepatch-5_3_18-59_24-default-debuginfo-4-150300.2.2 kernel-livepatch-5_3_18-59_27-default-4-150300.2.2 kernel-livepatch-5_3_18-59_27-default-debuginfo-4-150300.2.2 kernel-livepatch-SLE15-SP3_Update_6-debugsource-4-150300.2.2 kernel-livepatch-SLE15-SP3_Update_7-debugsource-4-150300.2.2 References: https://www.suse.com/security/cve/CVE-2021-4028.html https://www.suse.com/security/cve/CVE-2021-42739.html https://www.suse.com/security/cve/CVE-2022-0185.html https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1193529 https://bugzilla.suse.com/1194737 From sle-updates at lists.suse.com Tue Feb 1 14:25:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 15:25:40 +0100 (CET) Subject: SUSE-SU-2022:0267-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP5) Message-ID: <20220201142540.00E93FE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0267-1 Rating: important References: #1191529 #1192036 Cross-References: CVE-2020-3702 CVE-2021-42739 CVSS scores: CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_80 fixes several issues. The following security issues were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-264=1 SUSE-SLE-Live-Patching-12-SP5-2022-265=1 SUSE-SLE-Live-Patching-12-SP5-2022-266=1 SUSE-SLE-Live-Patching-12-SP5-2022-267=1 SUSE-SLE-Live-Patching-12-SP5-2022-268=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_66-default-11-2.2 kgraft-patch-4_12_14-122_71-default-10-2.2 kgraft-patch-4_12_14-122_74-default-8-2.2 kgraft-patch-4_12_14-122_80-default-7-2.2 kgraft-patch-4_12_14-122_83-default-6-2.2 References: https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-42739.html https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 From sle-updates at lists.suse.com Tue Feb 1 14:27:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 15:27:06 +0100 (CET) Subject: SUSE-SU-2022:0255-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15) Message-ID: <20220201142706.2D295FE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0255-1 Rating: important References: #1186061 #1191529 #1192036 #1193863 #1194680 Cross-References: CVE-2018-25020 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-3702 CVE-2021-23134 CVE-2021-42739 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25670 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25670 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25671 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-23134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-23134 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_66 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-255=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_66-default-14-2.2 kernel-livepatch-4_12_14-150_66-default-debuginfo-14-2.2 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-23134.html https://www.suse.com/security/cve/CVE-2021-42739.html https://bugzilla.suse.com/1186061 https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1193863 https://bugzilla.suse.com/1194680 From sle-updates at lists.suse.com Tue Feb 1 17:20:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 18:20:24 +0100 (CET) Subject: SUSE-RU-2022:0273-1: important: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Message-ID: <20220201172024.20335FE02@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0273-1 Rating: important References: #1102408 #1192652 #1192653 #1193257 #1193258 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes: Changes in google-guest-agent: - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * dont duplicate logs (#146) * Add WantedBy network dependencies to google-guest-agent service (#136) * dont try dhcpv6 when not needed (#145) * Integration tests: instance setup (#143) * Integration test: test create and remove google user (#128) * handle comm errors in script runner (#140) * enforce script ordering (#138) * enable ipv6 on secondary interfaces (#133) - from version 20211103.00 * Integration tests: instance setup (#143) - from version 20211027.00 * Integration test: test create and remove google user (#128) - Update to version 20211019.00 * handle comm errors in script runner (#140) - from version 20211015.00 * enforce script ordering (#138) - from version 20211014.00 * enable ipv6 on secondary interfaces (#133) - from version 20211013.00 * dont open ssh tempfile exclusively (#137) - from version 20211011.00 * correct linux startup script order (#135) * Emit sshable attribute (#123) - from version 20210908.1 * restore line (#127) - from version 20210908.00 * New integ test (#124) - from version 20210901.00 * support enable-oslogin-sk key (#120) * match script logging to guest agent (#125) - from version 20210804.00 * Debug logging (#122) - Refresh patches for new version * dont_overwrite_ifcfg.patch - Build with go1.15 for reproducible build results (bsc#1102408) - Update to version 20210707.00 * Use IP address for calling the metadata server. (#116) - from version 20210629.00 * use IP for MDS (#115) - Update to version 20210603.00 * systemd-notify in agentInit (#113) * dont check status (#112) - from version 20210524.00 * more granular service restarts (#111) - from version 20210414.00 * (no functional changes) Changes in google-guest-configs: - Add missing pkg-config dependency to BuildRequires for SLE-12 - Install modprobe configuration files into /etc again on SLE-15-SP2 and older since that's stil the default location on these distributions - Probe udev directory using the "udevdir" pkg-config variable on SLE-15-SP2 and older since the variable got renamed to "udev_dir" in later versions - Remove redundant pkgconfig(udev) from BuildRequires for SLE-12 - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * GCE supports up to 24 NVMe local SSDs, but the regex in the PROGRAM field only looks for the last digit of the given string causing issues when there are >= 10 local SSDs. Changed REGEX to get the last number of the string instead to support the up to 24 local SSDs. (#30) * chmod+x google_nvme_id on EL (#31) - Fix duplicate installation of google_optimize_local_ssd and google_set_multiqueue - Install google_nvme_id into /usr/lib/udev (bsc#1192652, bsc#1192653) - Update to version 20210916.00 * Revert "dont set IP in etc/hosts; remove rsyslog (#26)" (#28) - from version 20210831.00 * restore rsyslog (#27) - from version 20210830.00 * Fix NVMe partition names (#25) - from version 20210824.00 * dont set IP in etc/hosts; remove rsyslog (#26) * update OWNERS - Use %_modprobedir for modprobe.d files (out of /etc) - Use %_sysctldir for sysctl.d files (out of /etc) - Update to version 20210702.00 * use grep for hostname check (#23) - from version 20210629.00 * address set_hostname vuln (#22) - from version 20210324.00 * dracut.conf wants spaces around values (#19) Changes in google-guest-oslogin: - Update to version 20211013.00 (bsc#1193257, bsc#1193258) * remove deprecated binary (#79) - from version 20211001.00 * no message if no groups (#78) - from version 20210907.00 * use sigaction for signals (#76) - from version 20210906.00 * include cstdlib for exit (#75) * catch SIGPIPE in authorized_keys (#73) - from version 20210805.00 * fix double free in ParseJsonToKey (#70) - from version 20210804.00 * fix packaging for authorized_keys_sk (#68) * add authorized_keys_sk (#66) - Add google_authorized_keys_sk to %files section - Remove google_oslogin_control from %files section Changes in google-osconfig-agent: - Update to version 20211117.00 (bsc#1193257, bsc#1193258) * Add retry logic for RegisterAgent (#404) - from version 20211111.01 * e2e_test: drop ubuntu 1604 image as its EOL (#403) - from version 20211111.00 * e2e_test: move to V1 api for OSPolicies (#397) - from version 20211102.00 * Fix context logging and fix label names (#400) - from version 20211028.00 * Add cloudops example for gcloud (#399) - Update to version 20211021.00 * Added patch report logging for Zypper. (#395) - from version 20211012.00 * Replace deprecated instance filters with the new filters (#394) - from version 20211006.00 * Added patch report log messages for Yum and Apt (#392) - from version 20210930.00 * Config: Add package info caching (#391) - from version 20210928.00 * Fixed the runWithPty function to set ctty to child's filedesc (#389) - from version 20210927.00 * e2e_tests: fix a test output mismatch (#390) - from version 20210924.00 * Fix some e2e test failures (#388) - from version 20210923.02 * Correctly check for folder existance in package upgrade (#387) - from version 20210923.01 * ReportInventory: Fix bug in deb/rpm inventory, reduce calls to append (#386) - from version 20210923.00 * Deprecate old config directory in favor of new cache directory (#385) - from version 20210922.02 * Fix rpm/deb package formating for inventory reporting (#384) - from version 20210922.01 * Add centos stream rocky linux and available package tests (#383) - from version 20210922.00 * Add more info logs, actually cleanup unmanaged repos (#382) - from version 20210901.00 * Add E2E tests for Windows Application (#379) * Return lower-case package name (#377) * Update Terraform scripts for multi-project deployments tutorial. (#378) - from version 20210811.00 * Support Windows Application Inventory (#371) - from version 20210723.00 * Send basic inventory with RegisterAgent (#373) - from version 20210722.1 * e2e_tests: move to manually generated osconfig library (#372) - from version 20210722.00 * Create OWNERS file for examples directory (#368) - from version 20210719.00 * Update Zypper patch info parsing (#370) - Build with go1.15 for reproducible build results (bsc#1102408) - Update to version 20210712.1 * Skip getting patch info when no patches are found. (#369) - from version 20210712.00 * Add Terraform scripts for multi-project deployments (#367) - from version 20210709.00 * Add examples/Terraform directory. (#366) - from version 20210707.00 * Fix bug in printing packages to update, return error for zypper patch (#365) - from version 20210629.00 * Add CloudOps examples for CentOS (#364) - Update to version 20210621.00 * chore: Fixing a comment. (#363) - from version 20210617.00 * Use exec.CommandContext so that canceling the context also kills any running processes (#362) - from version 20210608.1 * e2e_tests: point to official osconfig client library (#359) - from version 20210608.00 * e2e_tests: deflake tests (#358) - from version 20210607.00 * Fix build on some architectures (#357) - from version 20210603.00 * Create win-validation-powershell.yaml (#356) - from version 20210602.00 * Agent efficiency improvements/bugfixes/logging updates (#355) * e2e_tests: add tests for ExecResource output (#354) - from version 20210525.00 * Run fieldalignment on all structs (#353) - from version 20210521.00 * Config Task: add error message and ExecResource output recording (#350) * e2e_tests: remove Windows server 1909 and add server 20h2 (#352) * Added a method for logging structured data (#349) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-273=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-273=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-273=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): google-guest-agent-20211116.00-1.23.1 google-guest-oslogin-20211013.00-1.24.1 google-guest-oslogin-debuginfo-20211013.00-1.24.1 google-guest-oslogin-debugsource-20211013.00-1.24.1 google-osconfig-agent-20211117.00-1.14.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): google-guest-configs-20211116.00-1.16.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): google-guest-agent-20211116.00-1.23.1 google-guest-oslogin-20211013.00-1.24.1 google-guest-oslogin-debuginfo-20211013.00-1.24.1 google-guest-oslogin-debugsource-20211013.00-1.24.1 google-osconfig-agent-20211117.00-1.14.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): google-guest-configs-20211116.00-1.16.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-guest-agent-20211116.00-1.23.1 google-guest-oslogin-20211013.00-1.24.1 google-guest-oslogin-debuginfo-20211013.00-1.24.1 google-guest-oslogin-debugsource-20211013.00-1.24.1 google-osconfig-agent-20211117.00-1.14.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): google-guest-configs-20211116.00-1.16.1 References: https://bugzilla.suse.com/1102408 https://bugzilla.suse.com/1192652 https://bugzilla.suse.com/1192653 https://bugzilla.suse.com/1193257 https://bugzilla.suse.com/1193258 From sle-updates at lists.suse.com Tue Feb 1 17:22:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 18:22:05 +0100 (CET) Subject: SUSE-SU-2022:0271-1: critical: Security update for samba Message-ID: <20220201172205.6FBF3FE02@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0271-1 Rating: critical References: #1194859 Cross-References: CVE-2021-44142 CVSS scores: CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-271=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-271=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-271=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-271=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-271=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-271=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-271=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-271=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-271=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-271=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2022-271=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-271=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debugsource-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): samba-doc-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): samba-doc-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debugsource-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE OpenStack Cloud 9 (noarch): samba-doc-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE OpenStack Cloud 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debugsource-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE OpenStack Cloud 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debugsource-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE OpenStack Cloud 8 (noarch): samba-doc-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debugsource-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): samba-doc-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debugsource-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): samba-doc-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debugsource-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): samba-doc-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debugsource-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): samba-doc-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): samba-doc-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libdcerpc-binding0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debugsource-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ctdb-4.6.16+git.320.a2d80a7efef-3.70.1 ctdb-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debugsource-4.6.16+git.320.a2d80a7efef-3.70.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.16+git.320.a2d80a7efef-3.70.1 ctdb-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debugsource-4.6.16+git.320.a2d80a7efef-3.70.1 - HPE Helion Openstack 8 (noarch): samba-doc-4.6.16+git.320.a2d80a7efef-3.70.1 - HPE Helion Openstack 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc-binding0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libdcerpc0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-krb5pac0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-nbt0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr-standard0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libndr0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libnetapi0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-credentials0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-errors0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-hostconfig0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-passdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamba-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsamdb0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbconf0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libsmbldap0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libtevent-util0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 libwbclient0-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-client-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-debugsource-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-libs-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-32bit-4.6.16+git.320.a2d80a7efef-3.70.1 samba-winbind-debuginfo-4.6.16+git.320.a2d80a7efef-3.70.1 References: https://www.suse.com/security/cve/CVE-2021-44142.html https://bugzilla.suse.com/1194859 From sle-updates at lists.suse.com Tue Feb 1 20:19:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:19:14 +0100 (CET) Subject: SUSE-RU-2022:0280-1: Test update for SUSE:SLE-15-SP2:Update (reboot-needed) Message-ID: <20220201201914.CE5E8FE0E@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-15-SP2:Update (reboot-needed) ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0280-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a reboot-needed test update for SUSE:SLE-15-SP2:Update Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-280=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-reboot-needed-5.1-33.2 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Tue Feb 1 20:20:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:20:32 +0100 (CET) Subject: SUSE-SU-2022:0287-1: critical: Security update for samba Message-ID: <20220201202032.9C1A3FE0E@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0287-1 Rating: critical References: #1194859 Cross-References: CVE-2021-44142 CVSS scores: CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Availability 15-SP2 SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-287=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-287=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-287=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-287=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-287=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-287=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-287=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-287=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-287=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-287=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-287=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libdcerpc-binding0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-4.11.14+git.319.91d693db37c-4.35.1 libndr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi-devel-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-python3-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-client-4.11.14+git.319.91d693db37c-4.35.1 samba-client-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-core-devel-4.11.14+git.319.91d693db37c-4.35.1 samba-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-debugsource-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Manager Server 4.1 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-4.11.14+git.319.91d693db37c-4.35.1 libndr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi-devel-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-python3-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-client-4.11.14+git.319.91d693db37c-4.35.1 samba-client-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-core-devel-4.11.14+git.319.91d693db37c-4.35.1 samba-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-debugsource-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Manager Proxy 4.1 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-4.11.14+git.319.91d693db37c-4.35.1 libndr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi-devel-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-python3-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-client-4.11.14+git.319.91d693db37c-4.35.1 samba-client-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-core-devel-4.11.14+git.319.91d693db37c-4.35.1 samba-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-debugsource-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libdcerpc-binding0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-4.11.14+git.319.91d693db37c-4.35.1 libndr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi-devel-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-python3-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-client-4.11.14+git.319.91d693db37c-4.35.1 samba-client-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-core-devel-4.11.14+git.319.91d693db37c-4.35.1 samba-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-debugsource-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-4.11.14+git.319.91d693db37c-4.35.1 libndr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi-devel-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-python3-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-client-4.11.14+git.319.91d693db37c-4.35.1 samba-client-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-core-devel-4.11.14+git.319.91d693db37c-4.35.1 samba-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-debugsource-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): samba-ceph-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libdcerpc-binding0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-4.11.14+git.319.91d693db37c-4.35.1 libndr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi-devel-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-python3-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-client-4.11.14+git.319.91d693db37c-4.35.1 samba-client-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-core-devel-4.11.14+git.319.91d693db37c-4.35.1 samba-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-debugsource-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-4.11.14+git.319.91d693db37c-4.35.1 libndr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi-devel-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-python3-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-client-4.11.14+git.319.91d693db37c-4.35.1 samba-client-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-core-devel-4.11.14+git.319.91d693db37c-4.35.1 samba-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-debugsource-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-4.11.14+git.319.91d693db37c-4.35.1 libndr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi-devel-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-python3-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-client-4.11.14+git.319.91d693db37c-4.35.1 samba-client-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-core-devel-4.11.14+git.319.91d693db37c-4.35.1 samba-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-debugsource-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-4.11.14+git.319.91d693db37c-4.35.1 libndr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi-devel-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-python3-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-client-4.11.14+git.319.91d693db37c-4.35.1 samba-client-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-core-devel-4.11.14+git.319.91d693db37c-4.35.1 samba-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-debugsource-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ctdb-4.11.14+git.319.91d693db37c-4.35.1 ctdb-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-debugsource-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr-devel-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-samr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard-devel-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-4.11.14+git.319.91d693db37c-4.35.1 libndr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi-devel-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy-python3-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-4.11.14+git.319.91d693db37c-4.35.1 libsamba-policy0-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb-devel-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-4.11.14+git.319.91d693db37c-4.35.1 libsmbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap-devel-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util-devel-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient-devel-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-4.11.14+git.319.91d693db37c-4.35.1 samba-ad-dc-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-4.11.14+git.319.91d693db37c-4.35.1 samba-ceph-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-client-4.11.14+git.319.91d693db37c-4.35.1 samba-client-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-core-devel-4.11.14+git.319.91d693db37c-4.35.1 samba-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-debugsource-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-4.11.14+git.319.91d693db37c-4.35.1 samba-dsdb-modules-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-4.11.14+git.319.91d693db37c-4.35.1 samba-python3-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - SUSE Enterprise Storage 7 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libdcerpc0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr-standard0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libnetapi0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamba-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsamdb0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbconf0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-4.11.14+git.319.91d693db37c-4.35.1 libsmbldap2-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libtevent-util0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libwbclient0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-libs-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-4.11.14+git.319.91d693db37c-4.35.1 samba-winbind-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 References: https://www.suse.com/security/cve/CVE-2021-44142.html https://bugzilla.suse.com/1194859 From sle-updates at lists.suse.com Tue Feb 1 20:27:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:27:17 +0100 (CET) Subject: SUSE-RU-2022:0282-1: Test update for SUSE:SLE-15-SP2:Update (relogin-suggested) Message-ID: <20220201202717.D0E74FE0E@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-15-SP2:Update (relogin-suggested) ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0282-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a relogin-suggested test update for SUSE:SLE-15-SP2:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-282=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-relogin-suggested-5.1-33.2 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Tue Feb 1 20:28:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:28:29 +0100 (CET) Subject: SUSE-RU-2022:0275-1: Test update for SUSE:SLE-15-SP2:Update (retracted) Message-ID: <20220201202829.99B38FE0E@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-15-SP2:Update (retracted) ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0275-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a retracted test update for SUSE:SLE-15-SP2:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-275=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-retracted-5.1-33.2 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Tue Feb 1 20:29:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:29:43 +0100 (CET) Subject: SUSE-FU-2022:0279-1: Test update for SUSE:SLE-15-SP2:Update (feature) Message-ID: <20220201202943.D11F3FE0E@maintenance.suse.de> SUSE Feature Update: Test update for SUSE:SLE-15-SP2:Update (feature) ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0279-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP4 ______________________________________________________________________________ An update that has one feature fix can now be installed. Description: This is a feature test update for SUSE:SLE-15-SP2:Update Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-279=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-feature-5.1-33.2 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Tue Feb 1 20:32:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:32:06 +0100 (CET) Subject: SUSE-SU-2022:0277-1: important: Test update for SUSE:SLE-15-SP2:Update (security) Message-ID: <20220201203206.EB120FE0E@maintenance.suse.de> SUSE Security Update: Test update for SUSE:SLE-15-SP2:Update (security) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0277-1 Rating: important References: #1194507 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This is a security test update for SUSE:SLE-15-SP2:Update Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-277=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-security-5.1-33.2 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Tue Feb 1 20:33:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:33:23 +0100 (CET) Subject: SUSE-RU-2022:0274-1: Test update for SUSE:SLE-15-SP2:Update (affects-package-manager) Message-ID: <20220201203323.424FCFE0E@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-15-SP2:Update (affects-package-manager) ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0274-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a affects-package-manager test update for SUSE:SLE-15-SP2:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-274=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-affects-package-manager-5.1-33.2 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Tue Feb 1 20:36:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:36:56 +0100 (CET) Subject: SUSE-SU-2022:0285-1: important: Security update for python-Django1 Message-ID: <20220201203656.93592FE0E@maintenance.suse.de> SUSE Security Update: Security update for python-Django1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0285-1 Rating: important References: #1195086 #1195088 Cross-References: CVE-2022-22818 CVE-2022-23833 CVSS scores: CVE-2022-22818 (SUSE): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-23833 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Django1 fixes the following issues: - CVE-2022-22818: Fixed possible XSS via {% debug %} template tag (bsc#1195086) - CVE-2022-23833: Fixed denial-of-service possibility in file uploads. (bsc#1195088) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-285=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-285=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-Django1-1.11.29-3.37.1 - SUSE OpenStack Cloud 9 (noarch): python-Django1-1.11.29-3.37.1 venv-openstack-barbican-x86_64-7.0.1~dev24-3.30.1 venv-openstack-cinder-x86_64-13.0.10~dev23-3.33.1 venv-openstack-designate-x86_64-7.0.2~dev2-3.30.1 venv-openstack-glance-x86_64-17.0.1~dev30-3.28.1 venv-openstack-heat-x86_64-11.0.4~dev4-3.30.1 venv-openstack-horizon-x86_64-14.1.1~dev11-4.34.2 venv-openstack-ironic-x86_64-11.1.5~dev17-4.28.1 venv-openstack-keystone-x86_64-14.2.1~dev7-3.31.1 venv-openstack-magnum-x86_64-7.2.1~dev1-4.30.1 venv-openstack-manila-x86_64-7.4.2~dev60-3.36.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.30.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.32.1 venv-openstack-neutron-x86_64-13.0.8~dev164-6.34.1 venv-openstack-nova-x86_64-18.3.1~dev91-3.34.1 venv-openstack-octavia-x86_64-3.2.3~dev7-4.30.1 venv-openstack-sahara-x86_64-9.0.2~dev15-3.30.1 venv-openstack-swift-x86_64-2.19.2~dev48-2.25.1 References: https://www.suse.com/security/cve/CVE-2022-22818.html https://www.suse.com/security/cve/CVE-2022-23833.html https://bugzilla.suse.com/1195086 https://bugzilla.suse.com/1195088 From sle-updates at lists.suse.com Tue Feb 1 20:39:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:39:27 +0100 (CET) Subject: SUSE-SU-2022:0286-1: important: Security update for python-Django Message-ID: <20220201203927.56652FE20@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0286-1 Rating: important References: #1194116 #1195086 #1195088 Cross-References: CVE-2021-45452 CVE-2022-22818 CVE-2022-23833 CVSS scores: CVE-2021-45452 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-45452 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-22818 (SUSE): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-23833 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-Django fixes the following issues: - CVE-2022-22818: Fixed possible XSS via {% debug %} template tag (bsc#1195086) - CVE-2022-23833: Fixed denial-of-service possibility in file uploads. (bsc#1195088) A regression in the fix for CVE-2021-45452 was fixed (bsc#1194116) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-286=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-286=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-286=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-Django-1.11.29-3.39.1 - SUSE OpenStack Cloud 8 (noarch): python-Django-1.11.29-3.39.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.37.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.38.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.35.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.39.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.36.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.33.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.36.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.40.1 venv-openstack-horizon-x86_64-12.0.5~dev6-14.43.2 venv-openstack-ironic-x86_64-9.1.8~dev8-12.38.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.40.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.37.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.42.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.33.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.40.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.33.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.43.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.41.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.38.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.37.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.28.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.37.1 - HPE Helion Openstack 8 (noarch): python-Django-1.11.29-3.39.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.37.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.38.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.35.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.39.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.36.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.33.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.36.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.40.1 venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.43.2 venv-openstack-ironic-x86_64-9.1.8~dev8-12.38.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.40.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.37.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.42.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.33.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.40.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.33.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.43.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.41.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.38.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.37.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.28.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.37.1 References: https://www.suse.com/security/cve/CVE-2021-45452.html https://www.suse.com/security/cve/CVE-2022-22818.html https://www.suse.com/security/cve/CVE-2022-23833.html https://bugzilla.suse.com/1194116 https://bugzilla.suse.com/1195086 https://bugzilla.suse.com/1195088 From sle-updates at lists.suse.com Tue Feb 1 20:40:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:40:51 +0100 (CET) Subject: SUSE-OU-2022:0276-1: Test update for SUSE:SLE-15-SP2:Update (optional) Message-ID: <20220201204051.54518FE20@maintenance.suse.de> SUSE Optional Update: Test update for SUSE:SLE-15-SP2:Update (optional) ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:0276-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This is a optional test update for SUSE:SLE-15-SP2:Update Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-276=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-optional-5.1-33.2 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Tue Feb 1 20:42:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:42:09 +0100 (CET) Subject: SUSE-SU-2022:0283-1: important: Security update for samba Message-ID: <20220201204209.8A09AFE0E@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0283-1 Rating: important References: #1139519 #1183572 #1183574 #1188571 #1191227 #1191532 #1192684 #1193690 #1194859 #1195048 SLE-23329 Cross-References: CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-36222 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 CVSS scores: CVE-2020-27840 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27840 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20277 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20277 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2021-20316 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-43566 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-44141 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-0336 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that solves 8 vulnerabilities, contains one feature and has two fixes is now available. Description: - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set "client max protocol" to NT1 before calling the "Reconnecting with SMB1 for workgroup listing" path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * "smbd --build-options" no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the "password" and "verify" options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports "service@" as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with ".rcache2" by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an "enforce_ok_as_delegate" krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ("draft 9") variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for "dns_canonicalize_hostname=fallback", causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a "qualify_shortname" krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing "addprinc -randkey -kvno" from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * "kdb5_util dump" will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-283=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-283=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-283=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-283=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-283=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.13.6-150300.3.11.2 apache2-mod_apparmor-debuginfo-2.13.6-150300.3.11.2 apparmor-debugsource-2.13.6-150300.3.11.2 krb5-debuginfo-1.19.2-150300.8.3.2 krb5-debugsource-1.19.2-150300.8.3.2 krb5-plugin-kdb-ldap-1.19.2-150300.8.3.2 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.8.3.2 krb5-server-1.19.2-150300.8.3.2 krb5-server-debuginfo-1.19.2-150300.8.3.2 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ad-dc-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-debugsource-4.15.4+git.324.8332acf1a63-150300.3.25.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.13.6-150300.3.11.2 apparmor-parser-2.13.6-150300.3.11.2 apparmor-parser-debuginfo-2.13.6-150300.3.11.2 krb5-1.19.2-150300.8.3.2 krb5-client-1.19.2-150300.8.3.2 krb5-client-debuginfo-1.19.2-150300.8.3.2 krb5-debuginfo-1.19.2-150300.8.3.2 krb5-debugsource-1.19.2-150300.8.3.2 krb5-devel-1.19.2-150300.8.3.2 krb5-plugin-preauth-otp-1.19.2-150300.8.3.2 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.8.3.2 krb5-plugin-preauth-pkinit-1.19.2-150300.8.3.2 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.8.3.2 krb5-plugin-preauth-spake-1.19.2-150300.8.3.2 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.8.3.2 ldb-debugsource-2.4.1-150300.3.10.1 ldb-tools-2.4.1-150300.3.10.1 ldb-tools-debuginfo-2.4.1-150300.3.10.1 libapparmor-debugsource-2.13.6-150300.3.11.1 libapparmor-devel-2.13.6-150300.3.11.1 libapparmor1-2.13.6-150300.3.11.1 libapparmor1-debuginfo-2.13.6-150300.3.11.1 libipa_hbac-devel-1.16.1-150300.23.17.3 libipa_hbac0-1.16.1-150300.23.17.3 libipa_hbac0-debuginfo-1.16.1-150300.23.17.3 libldb-devel-2.4.1-150300.3.10.1 libldb2-2.4.1-150300.3.10.1 libldb2-debuginfo-2.4.1-150300.3.10.1 libsamba-policy-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3 libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3 libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3 libsamba-policy0-python3-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 libsss_certmap-devel-1.16.1-150300.23.17.3 libsss_certmap0-1.16.1-150300.23.17.3 libsss_certmap0-debuginfo-1.16.1-150300.23.17.3 libsss_idmap-devel-1.16.1-150300.23.17.3 libsss_idmap0-1.16.1-150300.23.17.3 libsss_idmap0-debuginfo-1.16.1-150300.23.17.3 libsss_nss_idmap-devel-1.16.1-150300.23.17.3 libsss_nss_idmap0-1.16.1-150300.23.17.3 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.17.3 libsss_simpleifp-devel-1.16.1-150300.23.17.3 libsss_simpleifp0-1.16.1-150300.23.17.3 libsss_simpleifp0-debuginfo-1.16.1-150300.23.17.3 libtalloc-devel-2.3.3-150300.3.3.2 libtalloc2-2.3.3-150300.3.3.2 libtalloc2-debuginfo-2.3.3-150300.3.3.2 libtdb-devel-1.4.4-150300.3.3.2 libtdb1-1.4.4-150300.3.3.2 libtdb1-debuginfo-1.4.4-150300.3.3.2 libtevent-devel-0.11.0-150300.3.3.2 libtevent0-0.11.0-150300.3.3.2 libtevent0-debuginfo-0.11.0-150300.3.3.2 pam_apparmor-2.13.6-150300.3.11.2 pam_apparmor-debuginfo-2.13.6-150300.3.11.2 perl-apparmor-2.13.6-150300.3.11.2 perl-apparmor-debuginfo-2.13.6-150300.3.11.2 python3-apparmor-2.13.6-150300.3.11.2 python3-apparmor-debuginfo-2.13.6-150300.3.11.2 python3-ldb-2.4.1-150300.3.10.1 python3-ldb-debuginfo-2.4.1-150300.3.10.1 python3-ldb-devel-2.4.1-150300.3.10.1 python3-sssd-config-1.16.1-150300.23.17.3 python3-sssd-config-debuginfo-1.16.1-150300.23.17.3 python3-talloc-2.3.3-150300.3.3.2 python3-talloc-debuginfo-2.3.3-150300.3.3.2 python3-talloc-devel-2.3.3-150300.3.3.2 python3-tdb-1.4.4-150300.3.3.2 python3-tdb-debuginfo-1.4.4-150300.3.3.2 python3-tevent-0.11.0-150300.3.3.2 python3-tevent-debuginfo-0.11.0-150300.3.3.2 samba-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ad-dc-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ad-dc-libs-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-libs-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-debugsource-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-dsdb-modules-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-dsdb-modules-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-gpupdate-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ldb-ldap-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ldb-ldap-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-python3-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-python3-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-tool-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-winbind-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-winbind-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-winbind-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-winbind-libs-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 sssd-1.16.1-150300.23.17.3 sssd-ad-1.16.1-150300.23.17.3 sssd-ad-debuginfo-1.16.1-150300.23.17.3 sssd-common-1.16.1-150300.23.17.3 sssd-common-debuginfo-1.16.1-150300.23.17.3 sssd-dbus-1.16.1-150300.23.17.3 sssd-dbus-debuginfo-1.16.1-150300.23.17.3 sssd-debugsource-1.16.1-150300.23.17.3 sssd-ipa-1.16.1-150300.23.17.3 sssd-ipa-debuginfo-1.16.1-150300.23.17.3 sssd-krb5-1.16.1-150300.23.17.3 sssd-krb5-common-1.16.1-150300.23.17.3 sssd-krb5-common-debuginfo-1.16.1-150300.23.17.3 sssd-krb5-debuginfo-1.16.1-150300.23.17.3 sssd-ldap-1.16.1-150300.23.17.3 sssd-ldap-debuginfo-1.16.1-150300.23.17.3 sssd-proxy-1.16.1-150300.23.17.3 sssd-proxy-debuginfo-1.16.1-150300.23.17.3 sssd-tools-1.16.1-150300.23.17.3 sssd-tools-debuginfo-1.16.1-150300.23.17.3 sssd-winbind-idmap-1.16.1-150300.23.17.3 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.17.3 talloc-debugsource-2.3.3-150300.3.3.2 talloc-man-2.3.3-150300.3.3.1 tdb-debugsource-1.4.4-150300.3.3.2 tdb-tools-1.4.4-150300.3.3.2 tdb-tools-debuginfo-1.4.4-150300.3.3.2 tevent-debugsource-0.11.0-150300.3.3.2 tevent-man-0.11.0-150300.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ceph-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): krb5-32bit-1.19.2-150300.8.3.2 krb5-32bit-debuginfo-1.19.2-150300.8.3.2 libapparmor1-32bit-2.13.6-150300.3.11.1 libapparmor1-32bit-debuginfo-2.13.6-150300.3.11.1 libldb2-32bit-2.4.1-150300.3.10.1 libldb2-32bit-debuginfo-2.4.1-150300.3.10.1 libtalloc2-32bit-2.3.3-150300.3.3.2 libtalloc2-32bit-debuginfo-2.3.3-150300.3.3.2 libtdb1-32bit-1.4.4-150300.3.3.2 libtdb1-32bit-debuginfo-1.4.4-150300.3.3.2 libtevent0-32bit-0.11.0-150300.3.3.2 libtevent0-32bit-debuginfo-0.11.0-150300.3.3.2 pam_apparmor-32bit-2.13.6-150300.3.11.2 pam_apparmor-32bit-debuginfo-2.13.6-150300.3.11.2 samba-ad-dc-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ad-dc-libs-32bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-32bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-libs-32bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-devel-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-32bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-winbind-libs-32bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): apparmor-abstractions-2.13.6-150300.3.11.2 apparmor-docs-2.13.6-150300.3.11.2 apparmor-parser-lang-2.13.6-150300.3.11.2 apparmor-profiles-2.13.6-150300.3.11.2 apparmor-utils-2.13.6-150300.3.11.2 apparmor-utils-lang-2.13.6-150300.3.11.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): apparmor-debugsource-2.13.6-150300.3.11.2 apparmor-parser-2.13.6-150300.3.11.2 apparmor-parser-debuginfo-2.13.6-150300.3.11.2 krb5-1.19.2-150300.8.3.2 krb5-debuginfo-1.19.2-150300.8.3.2 krb5-debugsource-1.19.2-150300.8.3.2 ldb-debugsource-2.4.1-150300.3.10.1 libapparmor-debugsource-2.13.6-150300.3.11.1 libapparmor1-2.13.6-150300.3.11.1 libapparmor1-debuginfo-2.13.6-150300.3.11.1 libldb2-2.4.1-150300.3.10.1 libldb2-debuginfo-2.4.1-150300.3.10.1 libsss_certmap0-1.16.1-150300.23.17.3 libsss_certmap0-debuginfo-1.16.1-150300.23.17.3 libsss_idmap0-1.16.1-150300.23.17.3 libsss_idmap0-debuginfo-1.16.1-150300.23.17.3 libsss_nss_idmap0-1.16.1-150300.23.17.3 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.17.3 libtalloc2-2.3.3-150300.3.3.2 libtalloc2-debuginfo-2.3.3-150300.3.3.2 libtdb1-1.4.4-150300.3.3.2 libtdb1-debuginfo-1.4.4-150300.3.3.2 libtevent0-0.11.0-150300.3.3.2 libtevent0-debuginfo-0.11.0-150300.3.3.2 pam_apparmor-2.13.6-150300.3.11.2 pam_apparmor-debuginfo-2.13.6-150300.3.11.2 sssd-1.16.1-150300.23.17.3 sssd-common-1.16.1-150300.23.17.3 sssd-common-debuginfo-1.16.1-150300.23.17.3 sssd-debugsource-1.16.1-150300.23.17.3 sssd-krb5-common-1.16.1-150300.23.17.3 sssd-krb5-common-debuginfo-1.16.1-150300.23.17.3 sssd-ldap-1.16.1-150300.23.17.3 sssd-ldap-debuginfo-1.16.1-150300.23.17.3 talloc-debugsource-2.3.3-150300.3.3.2 tdb-debugsource-1.4.4-150300.3.3.2 tevent-debugsource-0.11.0-150300.3.3.2 - SUSE Linux Enterprise Micro 5.1 (noarch): apparmor-abstractions-2.13.6-150300.3.11.2 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.4+git.324.8332acf1a63-150300.3.25.3 ctdb-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-debugsource-4.15.4+git.324.8332acf1a63-150300.3.25.3 References: https://www.suse.com/security/cve/CVE-2020-27840.html https://www.suse.com/security/cve/CVE-2021-20277.html https://www.suse.com/security/cve/CVE-2021-20316.html https://www.suse.com/security/cve/CVE-2021-36222.html https://www.suse.com/security/cve/CVE-2021-43566.html https://www.suse.com/security/cve/CVE-2021-44141.html https://www.suse.com/security/cve/CVE-2021-44142.html https://www.suse.com/security/cve/CVE-2022-0336.html https://bugzilla.suse.com/1139519 https://bugzilla.suse.com/1183572 https://bugzilla.suse.com/1183574 https://bugzilla.suse.com/1188571 https://bugzilla.suse.com/1191227 https://bugzilla.suse.com/1191532 https://bugzilla.suse.com/1192684 https://bugzilla.suse.com/1193690 https://bugzilla.suse.com/1194859 https://bugzilla.suse.com/1195048 From sle-updates at lists.suse.com Tue Feb 1 20:45:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:45:28 +0100 (CET) Subject: SUSE-SU-2022:0284-1: critical: Security update for samba Message-ID: <20220201204528.24D7BFE0E@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0284-1 Rating: critical References: #1194859 Cross-References: CVE-2021-44142 CVSS scores: CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-284=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-284=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-284=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-284=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-284=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-284=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-284=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libdcerpc-binding0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-python3-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-core-devel-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debugsource-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-python3-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-core-devel-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debugsource-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libdcerpc-binding0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-python3-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-core-devel-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debugsource-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-python3-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-core-devel-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debugsource-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-python3-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-core-devel-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debugsource-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-4.9.5+git.483.212a7ebca6b-3.64.1 ctdb-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debugsource-4.9.5+git.483.212a7ebca6b-3.64.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-python3-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ceph-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ceph-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-core-devel-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debugsource-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 - SUSE Enterprise Storage 6 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 - SUSE CaaS Platform 4.0 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-binding0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc-samr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-4.9.5+git.483.212a7ebca6b-3.64.1 libdcerpc0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-krb5pac0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-nbt0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr-standard0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-4.9.5+git.483.212a7ebca6b-3.64.1 libndr0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-4.9.5+git.483.212a7ebca6b-3.64.1 libnetapi0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-credentials0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-errors0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-hostconfig0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-passdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-python3-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamdb0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbconf0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-4.9.5+git.483.212a7ebca6b-3.64.1 libsmbldap2-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-4.9.5+git.483.212a7ebca6b-3.64.1 libtevent-util0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-4.9.5+git.483.212a7ebca6b-3.64.1 libwbclient0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-4.9.5+git.483.212a7ebca6b-3.64.1 samba-ad-dc-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-4.9.5+git.483.212a7ebca6b-3.64.1 samba-client-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-core-devel-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-debugsource-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-4.9.5+git.483.212a7ebca6b-3.64.1 samba-dsdb-modules-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python3-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-4.9.5+git.483.212a7ebca6b-3.64.1 samba-winbind-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 References: https://www.suse.com/security/cve/CVE-2021-44142.html https://bugzilla.suse.com/1194859 From sle-updates at lists.suse.com Tue Feb 1 20:46:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:46:45 +0100 (CET) Subject: SUSE-RU-2022:0278-1: Test update for SUSE:SLE-15-SP2:Update (trivial) Message-ID: <20220201204645.48FECFE0E@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-15-SP2:Update (trivial) ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0278-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a trivial test update for SUSE:SLE-15-SP2:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-278=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-trivial-5.1-33.2 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Tue Feb 1 20:49:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Feb 2022 21:49:09 +0100 (CET) Subject: SUSE-RU-2022:0281-1: Test update for SUSE:SLE-15-SP2:Update (interactive) Message-ID: <20220201204909.607DAFE0E@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-15-SP2:Update (interactive) ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0281-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a interactive test update for SUSE:SLE-15-SP2:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-281=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-interactive-5.1-33.2 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Wed Feb 2 07:57:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 08:57:38 +0100 (CET) Subject: SUSE-CU-2022:105-1: Recommended update of suse/sle15 Message-ID: <20220202075738.CED04FE02@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:105-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.84 Container Release : 9.5.84 Severity : moderate Type : recommended References : 1194522 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated From sle-updates at lists.suse.com Wed Feb 2 08:06:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 09:06:33 +0100 (CET) Subject: SUSE-CU-2022:106-1: Recommended update of suse/sle15 Message-ID: <20220202080633.72A60FE02@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:106-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.150300.17.8.69 Container Release : 150300.17.8.69 Severity : moderate Type : recommended References : 1194522 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - glibc-2.31-9.9.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated From sle-updates at lists.suse.com Wed Feb 2 08:06:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 09:06:42 +0100 (CET) Subject: SUSE-CU-2022:107-1: Security update of suse/sle15 Message-ID: <20220202080642.5C942FE02@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:107-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.150300.17.8.70 Container Release : 150300.17.8.70 Severity : important Type : security References : 1139519 1183572 1183574 1188571 1191227 1191532 1192684 1193690 1194859 1195048 CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-36222 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 1 16:35:51 2022 Summary: Security update for samba Type: security Severity: important References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). The following package changes have been done: - krb5-1.19.2-150300.8.3.2 updated From sle-updates at lists.suse.com Wed Feb 2 14:19:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:19:22 +0100 (CET) Subject: SUSE-SU-2022:0296-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP4) Message-ID: <20220202141922.7213AFE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0296-1 Rating: important References: #1186061 #1191529 #1192036 #1193863 #1194680 Cross-References: CVE-2018-25020 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-3702 CVE-2021-23134 CVE-2021-42739 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25670 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25670 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25671 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-23134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-23134 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-296=1 SUSE-SLE-Live-Patching-12-SP4-2022-297=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_68-default-14-2.2 kgraft-patch-4_12_14-95_71-default-13-2.2 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-23134.html https://www.suse.com/security/cve/CVE-2021-42739.html https://bugzilla.suse.com/1186061 https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1193863 https://bugzilla.suse.com/1194680 From sle-updates at lists.suse.com Wed Feb 2 14:21:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:21:48 +0100 (CET) Subject: SUSE-SU-2022:0298-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP4) Message-ID: <20220202142148.614F3FE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0298-1 Rating: important References: #1191529 #1192036 #1193863 Cross-References: CVE-2018-25020 CVE-2020-3702 CVE-2021-42739 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-298=1 SUSE-SLE-Live-Patching-12-SP4-2022-299=1 SUSE-SLE-Live-Patching-12-SP4-2022-300=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_74-default-10-2.2 kgraft-patch-4_12_14-95_77-default-9-2.2 kgraft-patch-4_12_14-95_80-default-7-2.2 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-42739.html https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1193863 From sle-updates at lists.suse.com Wed Feb 2 14:23:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:23:56 +0100 (CET) Subject: SUSE-RU-2022:0302-1: moderate: Recommended update for rpmlint, rpmlint-mini, obs-service-format_spec_file Message-ID: <20220202142356.38C4AFE0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpmlint, rpmlint-mini, obs-service-format_spec_file ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0302-1 Rating: moderate References: #1195085 SLE-18915 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for rpmlint, rpmlint-mini, obs-service-format_spec_file fixes the following issues: obs-service-format_spec_file: - Synchronize the license identifiers from SPDX (spdx.org). (jsc#SLE-18915) rpmlint: - Accept any license ending with a '+' as indicated in the SPDX syntax. (bsc#1195085) - Remove licenses ending with '+' from the valid license array - Rebuild rpmlint with the new obs-service-format_spec_file. rpmlint-mini: - Rebuild rpmlint-mini with the new obs-service-format_spec_file and rpmlint. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-302=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-302=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): rpmlint-1.10-7.35.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-150300.18.8.2 rpmlint-mini-debuginfo-1.10-150300.18.8.2 rpmlint-mini-debugsource-1.10-150300.18.8.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): rpmlint-1.10-7.35.1 References: https://bugzilla.suse.com/1195085 From sle-updates at lists.suse.com Wed Feb 2 14:25:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:25:21 +0100 (CET) Subject: SUSE-SU-2022:0289-1: important: Security update for the Linux Kernel Message-ID: <20220202142521.147CEFE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0289-1 Rating: important References: #1071995 #1184209 #1191271 #1193255 #1193660 #1193669 #1193727 #1193767 #1193901 #1193927 #1194001 #1194087 #1194094 #1194302 #1194516 #1194517 #1194529 #1194888 #1194985 Cross-References: CVE-2021-4083 CVE-2021-4135 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-44733 CVE-2021-45485 CVE-2021-45486 CVE-2022-0185 CVE-2022-0322 CVSS scores: CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4149 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2021-45485 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-0185 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0322 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP2 SUSE Linux Enterprise Micro 5.0 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 9 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4083: Fixed race condition in Unix domain socket garbage collection that could lead to read memory after free (bsc#1193727). - CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927). - CVE-2021-4149: Fixed improper lock operation in btrfs that allowed users to crash the kernel or deadlock the system (bsc#1194001). - CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302). - CVE-2021-4202: Fixed race condition in nci_request() that could cause use-after-free (bsc#1194529). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel that occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses (bsc#1194094). - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c (bnc#1194087). - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985). The following non-security bugs were fixed: - ext4: Avoid trim error on fs with small groups (bsc#1191271). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - kabi/severities: Add a kabi exception for drivers/tee/tee - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - media: Revert "media: uvcvideo: Set unique vdev name based in type" (bsc#1193255). - moxart: fix potential use-after-free on remove path (bsc#1194516). - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901). - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901). - tpm: fix potential NULL pointer access in tpm_del_char_device (bsc#1184209, bsc#1193660). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2022-289=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-289=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-68.1 cluster-md-kmp-rt-debuginfo-5.3.18-68.1 dlm-kmp-rt-5.3.18-68.1 dlm-kmp-rt-debuginfo-5.3.18-68.1 gfs2-kmp-rt-5.3.18-68.1 gfs2-kmp-rt-debuginfo-5.3.18-68.1 kernel-rt-5.3.18-68.1 kernel-rt-debuginfo-5.3.18-68.1 kernel-rt-debugsource-5.3.18-68.1 kernel-rt-devel-5.3.18-68.1 kernel-rt-devel-debuginfo-5.3.18-68.1 kernel-rt_debug-5.3.18-68.1 kernel-rt_debug-debuginfo-5.3.18-68.1 kernel-rt_debug-debugsource-5.3.18-68.1 kernel-rt_debug-devel-5.3.18-68.1 kernel-rt_debug-devel-debuginfo-5.3.18-68.1 kernel-syms-rt-5.3.18-68.1 ocfs2-kmp-rt-5.3.18-68.1 ocfs2-kmp-rt-debuginfo-5.3.18-68.1 - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-68.1 kernel-source-rt-5.3.18-68.1 - SUSE Linux Enterprise Micro 5.0 (x86_64): kernel-rt-5.3.18-68.1 kernel-rt-debuginfo-5.3.18-68.1 kernel-rt-debugsource-5.3.18-68.1 References: https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4135.html https://www.suse.com/security/cve/CVE-2021-4149.html https://www.suse.com/security/cve/CVE-2021-4197.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2021-45485.html https://www.suse.com/security/cve/CVE-2021-45486.html https://www.suse.com/security/cve/CVE-2022-0185.html https://www.suse.com/security/cve/CVE-2022-0322.html https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1184209 https://bugzilla.suse.com/1191271 https://bugzilla.suse.com/1193255 https://bugzilla.suse.com/1193660 https://bugzilla.suse.com/1193669 https://bugzilla.suse.com/1193727 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193901 https://bugzilla.suse.com/1193927 https://bugzilla.suse.com/1194001 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194094 https://bugzilla.suse.com/1194302 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194517 https://bugzilla.suse.com/1194529 https://bugzilla.suse.com/1194888 https://bugzilla.suse.com/1194985 From sle-updates at lists.suse.com Wed Feb 2 14:28:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:28:46 +0100 (CET) Subject: SUSE-SU-2022:0301-1: important: Security update for unbound Message-ID: <20220202142846.CF15BFE0E@maintenance.suse.de> SUSE Security Update: Security update for unbound ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0301-1 Rating: important References: #1076963 #1112009 #1112033 #1179191 #1185382 #1185383 #1185384 #1185385 #1185386 #1185387 #1185388 #1185389 #1185390 #1185391 #1185392 #1185393 Cross-References: CVE-2019-25031 CVE-2019-25032 CVE-2019-25033 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2020-28935 CVSS scores: CVE-2019-25031 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-25031 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2019-25032 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25032 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25033 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25033 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25034 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25034 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2019-25035 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25035 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2019-25036 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-25036 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25037 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-25037 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25038 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25038 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25039 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25039 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25040 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-25040 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25041 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-25041 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25042 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25042 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2020-28935 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-28935 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves 13 vulnerabilities and has three fixes is now available. Description: This update for unbound fixes the following issues: - CVE-2019-25031: Fixed configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack (bsc#1185382). - CVE-2019-25032: Fixed integer overflow in the regional allocator via regional_alloc (bsc#1185383). - CVE-2019-25033: Fixed integer overflow in the regional allocator via the ALIGN_UP macro (bsc#1185384). - CVE-2019-25034: Fixed integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write (bsc#1185385). - CVE-2019-25035: Fixed out-of-bounds write in sldns_bget_token_par (bsc#1185386). - CVE-2019-25036: Fixed assertion failure and denial of service in synth_cname (bsc#1185387). - CVE-2019-25037: Fixed assertion failure and denial of service in dname_pkt_copy via an invalid packet (bsc#1185388). - CVE-2019-25038: Fixed integer overflow in a size calculation in dnscrypt/dnscrypt.c (bsc#1185389). - CVE-2019-25039: Fixed integer overflow in a size calculation in respip/respip.c (bsc#1185390). - CVE-2019-25040: Fixed infinite loop via a compressed name in dname_pkt_copy (bsc#1185391). - CVE-2019-25041: Fixed assertion failure via a compressed name in dname_pkt_copy (bsc#1185392). - CVE-2019-25042: Fixed out-of-bounds write via a compressed name in rdata_copy (bsc#1185393). - CVE-2020-28935: Fixed symbolic link traversal when writing PID file (bsc#1179191). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-301=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-301=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-301=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-301=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libunbound2-1.6.8-3.9.1 libunbound2-debuginfo-1.6.8-3.9.1 unbound-anchor-1.6.8-3.9.1 unbound-anchor-debuginfo-1.6.8-3.9.1 unbound-debuginfo-1.6.8-3.9.1 unbound-debugsource-1.6.8-3.9.1 unbound-devel-1.6.8-3.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libunbound2-1.6.8-3.9.1 libunbound2-debuginfo-1.6.8-3.9.1 unbound-anchor-1.6.8-3.9.1 unbound-anchor-debuginfo-1.6.8-3.9.1 unbound-debuginfo-1.6.8-3.9.1 unbound-debugsource-1.6.8-3.9.1 unbound-devel-1.6.8-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libunbound2-1.6.8-3.9.1 libunbound2-debuginfo-1.6.8-3.9.1 unbound-anchor-1.6.8-3.9.1 unbound-anchor-debuginfo-1.6.8-3.9.1 unbound-debuginfo-1.6.8-3.9.1 unbound-debugsource-1.6.8-3.9.1 unbound-devel-1.6.8-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libunbound2-1.6.8-3.9.1 libunbound2-debuginfo-1.6.8-3.9.1 unbound-anchor-1.6.8-3.9.1 unbound-anchor-debuginfo-1.6.8-3.9.1 unbound-debuginfo-1.6.8-3.9.1 unbound-debugsource-1.6.8-3.9.1 unbound-devel-1.6.8-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-25031.html https://www.suse.com/security/cve/CVE-2019-25032.html https://www.suse.com/security/cve/CVE-2019-25033.html https://www.suse.com/security/cve/CVE-2019-25034.html https://www.suse.com/security/cve/CVE-2019-25035.html https://www.suse.com/security/cve/CVE-2019-25036.html https://www.suse.com/security/cve/CVE-2019-25037.html https://www.suse.com/security/cve/CVE-2019-25038.html https://www.suse.com/security/cve/CVE-2019-25039.html https://www.suse.com/security/cve/CVE-2019-25040.html https://www.suse.com/security/cve/CVE-2019-25041.html https://www.suse.com/security/cve/CVE-2019-25042.html https://www.suse.com/security/cve/CVE-2020-28935.html https://bugzilla.suse.com/1076963 https://bugzilla.suse.com/1112009 https://bugzilla.suse.com/1112033 https://bugzilla.suse.com/1179191 https://bugzilla.suse.com/1185382 https://bugzilla.suse.com/1185383 https://bugzilla.suse.com/1185384 https://bugzilla.suse.com/1185385 https://bugzilla.suse.com/1185386 https://bugzilla.suse.com/1185387 https://bugzilla.suse.com/1185388 https://bugzilla.suse.com/1185389 https://bugzilla.suse.com/1185390 https://bugzilla.suse.com/1185391 https://bugzilla.suse.com/1185392 https://bugzilla.suse.com/1185393 From sle-updates at lists.suse.com Wed Feb 2 14:31:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:31:47 +0100 (CET) Subject: SUSE-SU-2022:0295-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) Message-ID: <20220202143147.8154EFE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0295-1 Rating: important References: #1191529 #1192036 #1193529 #1194461 #1194737 Cross-References: CVE-2020-3702 CVE-2021-4028 CVE-2021-4154 CVE-2021-42739 CVE-2022-0185 CVSS scores: CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-4028 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4154 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0185 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-59_13 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842). - CVE-2021-4028: Fixed use-after-free in RDMA listen() that could lead to DoS or privilege escalation by a local attacker (bsc#1193167). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-294=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-295=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_13-default-8-150300.2.2 kernel-livepatch-5_3_18-59_13-default-debuginfo-8-150300.2.2 kernel-livepatch-5_3_18-59_5-default-8-150300.2.2 kernel-livepatch-5_3_18-59_5-default-debuginfo-8-150300.2.2 kernel-livepatch-SLE15-SP3_Update_1-debugsource-8-150300.2.2 kernel-livepatch-SLE15-SP3_Update_3-debugsource-8-150300.2.2 References: https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-4028.html https://www.suse.com/security/cve/CVE-2021-4154.html https://www.suse.com/security/cve/CVE-2021-42739.html https://www.suse.com/security/cve/CVE-2022-0185.html https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1193529 https://bugzilla.suse.com/1194461 https://bugzilla.suse.com/1194737 From sle-updates at lists.suse.com Wed Feb 2 14:33:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:33:48 +0100 (CET) Subject: SUSE-RU-2022:0303-1: moderate: Recommended update for hplip Message-ID: <20220202143348.D13C3FE0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for hplip ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0303-1 Rating: moderate References: #1193656 #1193718 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for hplip fixes the following issues: - Replace keyserver with `pgp.surf.nl` (bsc#1193656) - Add build dependency on `python-rpm-macros` (bsc#1193718) - Update hplip to version 3.21.10 and added support for the following new printers: * HP Color LaserJet Enterprise M455dn * HP Color LaserJet Enterprise MFP M480f * HP Color LaserJet Managed E45028dn * HP Color LaserJet Managed MFP E47528f * HP DesignJet Z6 Pro 64in * HP DesignJet Z9 Pro 64in * HP DeskJet Ink Advantage Ultra 4800 All-in-One Printer series * HP ENVY Inspire 7200e series * HP ENVY Inspire 7900e series * HP Envy 6400 series * HP Lasejet M211d * HP LaserJet Enterprise M406dn * HP LaserJet Enterprise M407dn * HP LaserJet Enterprise MFP M430f * HP LaserJet Enterprise MFP M431f * HP LaserJet M109a * HP LaserJet M109w * HP LaserJet M109we * HP LaserJet M110a * HP LaserJet M110w * HP LaserJet M110we * HP LaserJet M111a * HP LaserJet M111w * HP LaserJet M111we * HP LaserJet M112a * HP LaserJet M112w * HP LaserJet M112we * HP LaserJet M212dwe * HP LaserJet MFP M139a * HP LaserJet MFP M139w * HP LaserJet MFP M139we * HP LaserJet MFP M140a * HP LaserJet MFP M140w * HP LaserJet MFP M140we * HP LaserJet MFP M141a * HP LaserJet MFP M141w * HP LaserJet MFP M141we * HP LaserJet MFP M142a * HP LaserJet MFP M142w * HP LaserJet MFP M142we * HP LaserJet MFP M232d * HP LaserJet MFP M232dw * HP LaserJet MFP M232dwc * HP LaserJet MFP M232sdn * HP LaserJet MFP M232sdw * HP LaserJet MFP M233d * HP LaserJet MFP M233dw * HP LaserJet MFP M233sdn * HP LaserJet MFP M233sdw * HP LaserJet MFP M234dw * HP LaserJet MFP M234dwe * HP LaserJet MFP M234sdn * HP LaserJet MFP M234sdne * HP LaserJet MFP M234sdw * HP LaserJet MFP M234sdwe * HP LaserJet MFP M235d * HP LaserJet MFP M235dw * HP LaserJet MFP M235dwe * HP LaserJet MFP M235sdn * HP LaserJet MFP M235sdne * HP LaserJet MFP M235sdw * HP LaserJet MFP M235sdwe * HP LaserJet MFP M236d * HP LaserJet MFP M236dw * HP LaserJet MFP M236sdn * HP LaserJet MFP M236sdw * HP LaserJet MFP M237d * HP LaserJet MFP M237dw * HP LaserJet MFP M237dwe * HP LaserJet MFP M237sdn * HP LaserJet MFP M237sdne * HP LaserJet MFP M237sdw * HP LaserJet MFP M237sdwe * HP LaserJet Managed E40040dn * HP LaserJet Managed MFP E42540f * HP Laserjet M207d * HP Laserjet M207dw * HP Laserjet M208d * HP Laserjet M208dw * HP Laserjet M209d * HP Laserjet M209dw * HP Laserjet M209dwe * HP Laserjet M210d * HP Laserjet M210dw * HP Laserjet M210dwe * HP Laserjet M211dw * HP Laserjet M212d * HP Laserjet M212dw * HP PageWide XL 3920 MFP * HP PageWide XL 3920 MFP * HP PageWide XL 4200 Multifunction Printer * HP PageWide XL 4200 Multifunction Printer * HP PageWide XL 4200 Printer * HP PageWide XL 4200 Printer * HP PageWide XL 4700 Multifunction Printer * HP PageWide XL 4700 Multifunction Printer * HP PageWide XL 4700 Printer * HP PageWide XL 4700 Printer * HP PageWide XL 5200 Multifunction Printer * HP PageWide XL 5200 Multifunction Printer * HP PageWide XL 5200 Printer * HP PageWide XL 5200 Printer * HP PageWide XL 8200 Printer * HP PageWide XL 8200 Printer * HP PageWide XL Pro 5200 PS MFP series * HP PageWide XL Pro 8200 PS MFP series * HP Smart Tank 500 series * HP Smart Tank 530 series * HP Smart Tank 750 * HP Smart Tank 7600 * HP Smart Tank 790 * HP Smart Tank Plus 570 series * HP Smart Tank Plus 6000 * HP Smart Tank Plus 660-670 * HP Smart Tank Plus 7000 * HP Smart Tank Plus 710-720 - Remove libtool archives - Fixes to the built artifacts: * Disabled image processor build with the configure option `--disable-imageProcessor-build` * Remove executable bit in `%{_datadir}/hplip/` * Ignore duplicate files in `hplip-rpmlintrc ("__init__.*.pyc?")` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-303=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-303=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): hplip-3.21.10-4.3.1 hplip-debuginfo-3.21.10-4.3.1 hplip-debugsource-3.21.10-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): hplip-debuginfo-3.21.10-4.3.1 hplip-debugsource-3.21.10-4.3.1 hplip-devel-3.21.10-4.3.1 hplip-hpijs-3.21.10-4.3.1 hplip-hpijs-debuginfo-3.21.10-4.3.1 hplip-sane-3.21.10-4.3.1 hplip-sane-debuginfo-3.21.10-4.3.1 References: https://bugzilla.suse.com/1193656 https://bugzilla.suse.com/1193718 From sle-updates at lists.suse.com Wed Feb 2 14:35:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:35:20 +0100 (CET) Subject: SUSE-SU-2022:0291-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2) Message-ID: <20220202143520.CAAB8FE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0291-1 Rating: important References: #1186061 #1191529 #1192036 #1194461 #1194680 #1194737 Cross-References: CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-3702 CVE-2021-23134 CVE-2021-4154 CVE-2021-42739 CVE-2022-0185 CVSS scores: CVE-2020-25670 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25670 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25671 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-23134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-23134 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4154 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0185 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_52 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-290=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-291=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_49-default-14-2.2 kernel-livepatch-5_3_18-24_49-default-debuginfo-14-2.2 kernel-livepatch-5_3_18-24_52-default-13-2.2 kernel-livepatch-5_3_18-24_52-default-debuginfo-13-2.2 kernel-livepatch-SLE15-SP2_Update_10-debugsource-14-2.2 kernel-livepatch-SLE15-SP2_Update_11-debugsource-13-2.2 References: https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-23134.html https://www.suse.com/security/cve/CVE-2021-4154.html https://www.suse.com/security/cve/CVE-2021-42739.html https://www.suse.com/security/cve/CVE-2022-0185.html https://bugzilla.suse.com/1186061 https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1194461 https://bugzilla.suse.com/1194680 https://bugzilla.suse.com/1194737 From sle-updates at lists.suse.com Wed Feb 2 14:37:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:37:43 +0100 (CET) Subject: SUSE-SU-2022:0293-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) Message-ID: <20220202143743.42F1CFE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0293-1 Rating: important References: #1186061 #1191529 #1192036 #1193529 #1194461 #1194680 #1194737 Cross-References: CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-3702 CVE-2021-23134 CVE-2021-4028 CVE-2021-4154 CVE-2021-42739 CVE-2022-0185 CVSS scores: CVE-2020-25670 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25670 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25671 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-23134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-23134 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4028 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4154 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0185 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-57 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842). - CVE-2021-4028: Fixed use-after-free in RDMA listen() that could lead to DoS or privilege escalation by a local attacker (bsc#1193167). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-293=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-57-default-10-3.2 kernel-livepatch-5_3_18-57-default-debuginfo-10-3.2 kernel-livepatch-SLE15-SP3_Update_0-debugsource-10-3.2 References: https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-23134.html https://www.suse.com/security/cve/CVE-2021-4028.html https://www.suse.com/security/cve/CVE-2021-4154.html https://www.suse.com/security/cve/CVE-2021-42739.html https://www.suse.com/security/cve/CVE-2022-0185.html https://bugzilla.suse.com/1186061 https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1193529 https://bugzilla.suse.com/1194461 https://bugzilla.suse.com/1194680 https://bugzilla.suse.com/1194737 From sle-updates at lists.suse.com Wed Feb 2 14:39:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:39:56 +0100 (CET) Subject: SUSE-RU-2022:0307-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220202143956.10F95FE0E@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0307-1 Rating: moderate References: #1173103 #1191285 ECO-3319 Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Fix the regression of docker_container state module (bsc#1191285) scap-security-guide: - Updated to 0.1.59 release (jsc#ECO-3319) - Support for Debian 11 - NERC CIP profiles for OCP4 and RHCOS - HIPAA profile for SUSE Linux Enterprise 15 - Delta Tailoring Files for STIG profiles spacecmd: - Version 4.3.5-1 * require python macros for building Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-BETA-2022-307=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA (all): salt-common-3000+ds-1+2.21.1 salt-minion-3000+ds-1+2.21.1 scap-security-guide-debian-0.1.59-2.9.1 spacecmd-4.3.5-2.21.1 References: https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1191285 From sle-updates at lists.suse.com Wed Feb 2 14:41:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:41:32 +0100 (CET) Subject: SUSE-SU-2022:0310-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20220202144132.2004FFE20@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0310-1 Rating: moderate References: #1173103 #1191285 #1191454 #1192487 #1193600 #1193688 Cross-References: CVE-2021-39226 CVE-2021-43813 CVSS scores: CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update fixes the following issues: grafana: - Update to version 7.5.12: * Fix markdown path traversal (#42969, bsc#1193688, CVE-2021-43813) - Recreate tarballs using the makefile to update the npm and go modules required - Update to version 7.5.11: * Fix Snapshot authentication bypass (bsc#1191454, CVE-2021-39226) * Fix certs issue (#40002) * Release v7.5.11 (#124) * Fix static path matching issue in macaron * OAuth: add docs for disableAutoLogin param (#38752) (#38894) * Fix #747; remove 'other variables'. (#37866) (#37878) * Update alert docs (#33658) (#33659) * [7.5.x] Docs: added documentation for the "prepare time series"-transformation. (#36836) * cherry picked dc5778c303ca555b70e8ca8c28e95997e26ecfc1 (#36813) * "Release: Updated versions in package to 7.5.10" (#36792) * [v7.5.x] Transformations: add 'prepare time series' transformer (#36749) * Remove verify-drone from windows (#36775) * Update queries.md (#31941) (#36764) * Updated content to specify method to use to get keyboard shortcuts; (#36084) (#36087) * ReleaseNotes: Updated changelog and release notes for 7.5.9 (#36057) (#36077) * "Release: Updated versions in package to 7.5.9" (#36056) * Login: Fixes Unauthorized message showing when on login page or snapshot page (#35311) (#35880) * ReleaseNotes: Updated changelog and release notes for 7.5.8 (#35703) (#35822) * CI: Upgrade pipeline tool to use main (#35804) * CI: try to force v7.5.x instead of master (#35799) * CI: supports move from master to main in 7.5.x release branch (#35747) * "Release: Updated versions in package to 7.5.8" (#35701) * Chore: Bump acorn and lodash-es (#35650) * Snapshots: Remove dashboard links from snapshots (#35567) (#35585) * [v7.5.x] Datasource: Allow configuring `MaxConnsPerHost` (#35519) * Remove docs sync from v7.5.x (#35443) * "Release: Updated versions in package to 7.5.7" (#35412) * Add max_idle_connections_per_host to config (#35365) * Update go.sum to fix failing enterprise pipeline (#35353) * [v7.5.x] HTTP Client: Introduce `go-conntrack` (#35321) * Fix Markdown syntax in enterprise/license/_index.md (#34683) (#35210) * Update annotations.md (#33218) (#35138) * Docs: Add query caching to enterprise docs page (#34751) (#35025) * [7.5.x] Admin: hide per role counts for licensed users (#34994) * cleanup shortcodes, image paths (#34827) * Security: Upgrade Thrift dependency (#34698) (#34702) * Docs: Fix Quick Start link on Geting Started Influx page (#34549) (#34603) * Add link to release notes v7.5.7 (#34460) (#34474) * Update 7.5.x landing page (#34447) * ReleaseNotes: Updated changelog and release notes for 7.5.7 (#34383) (#34428) - Update to 7.5.10 * [v7.5.x] Transformations: add "prepare time series" transformer. [#36749] - Update to 7.5.9 * Login: Fix Unauthorized message that is displayed on sign-in or snapshot page. [#35880] kiwi-desc-saltboot: - Update to version 0.1.1639488226.7c9eab9 * Enable one-time autosign grains for SLE12 and SLE11 clients mgr-cfg: - Version 4.3.3-1 * Fix python selinux package name depending on build target (bsc#1193600) * Do not build python 2 package for SLE15SP4 and higher mgr-custom-info: - Version 4.3.3-1 * require python macros for building mgr-osad: - Version 4.3.3-1 * require python macros for building * Do not build python 2 package for SLE15SP4 and higher mgr-push: - Version 4.3.2-1 * Do not build python 2 package for SLE15SP4 and higher mgr-virtualization: - Version 4.3.2-1 * require python macros for building * Do not build python 2 package for SLE15SP4 and higher python-hwdata: - Require python macros for building rhnlib: - Version 4.3.2-1 * do not build python 2 package for SLE15 salt: - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Fix the regression of docker_container state module (bsc#1191285) spacecmd: - Version 4.3.5-1 * require python macros for building spacewalk-client-tools: - Version 4.3.5-1 * require python macros for building * do not build python 2 package for SLE15 spacewalk-koan: - Version 4.3.2-1 * Do not build python 2 package for SLE15SP4 and higher spacewalk-oscap: - Version 4.3.2-1 * require python macros for building * Do not build python 2 package for SLE15SP4 and higher spacewalk-remote-utils: - Version 4.3.2-1 * require python macros for building suseRegisterInfo: - Version 4.3.2-1 * require python macros for building * Do not build python 2 package for SLE15 and higher uyuni-common-libs: - Version 4.3.2-1 * Read modularity data from DISTTAG tag as fallback (bsc#1192487) * Add decompression of zck files to fileutils * require python macros for building zypp-plugin-spacewalk: - 1.0.11 * require python macros for building Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2022-310=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): grafana-7.5.12-4.18.1 python2-salt-3000-49.41.3 python2-uyuni-common-libs-4.3.2-3.24.1 python3-salt-3000-49.41.3 salt-3000-49.41.3 salt-doc-3000-49.41.3 salt-minion-3000-49.41.3 - SUSE Manager Tools 12-BETA (noarch): kiwi-desc-saltboot-0.1.1639488226.7c9eab9-4.12.1 mgr-cfg-4.3.3-4.18.2 mgr-cfg-actions-4.3.3-4.18.2 mgr-cfg-client-4.3.3-4.18.2 mgr-cfg-management-4.3.3-4.18.2 mgr-custom-info-4.3.3-4.12.1 mgr-osad-4.3.3-4.21.2 mgr-push-4.3.2-4.12.2 mgr-virtualization-host-4.3.2-4.12.2 python2-hwdata-2.3.5-15.9.1 python2-mgr-cfg-4.3.3-4.18.2 python2-mgr-cfg-actions-4.3.3-4.18.2 python2-mgr-cfg-client-4.3.3-4.18.2 python2-mgr-cfg-management-4.3.3-4.18.2 python2-mgr-osa-common-4.3.3-4.21.2 python2-mgr-osad-4.3.3-4.21.2 python2-mgr-push-4.3.2-4.12.2 python2-mgr-virtualization-common-4.3.2-4.12.2 python2-mgr-virtualization-host-4.3.2-4.12.2 python2-rhnlib-4.3.2-24.21.1 python2-spacewalk-check-4.3.5-55.36.2 python2-spacewalk-client-setup-4.3.5-55.36.2 python2-spacewalk-client-tools-4.3.5-55.36.2 python2-spacewalk-koan-4.3.2-27.12.1 python2-spacewalk-oscap-4.3.2-22.12.1 python2-suseRegisterInfo-4.3.2-28.18.1 python2-zypp-plugin-spacewalk-1.0.11-33.18.1 spacecmd-4.3.5-41.30.1 spacewalk-check-4.3.5-55.36.2 spacewalk-client-setup-4.3.5-55.36.2 spacewalk-client-tools-4.3.5-55.36.2 spacewalk-koan-4.3.2-27.12.1 spacewalk-oscap-4.3.2-22.12.1 spacewalk-remote-utils-4.3.2-27.12.2 suseRegisterInfo-4.3.2-28.18.1 zypp-plugin-spacewalk-1.0.11-33.18.1 References: https://www.suse.com/security/cve/CVE-2021-39226.html https://www.suse.com/security/cve/CVE-2021-43813.html https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1191285 https://bugzilla.suse.com/1191454 https://bugzilla.suse.com/1192487 https://bugzilla.suse.com/1193600 https://bugzilla.suse.com/1193688 From sle-updates at lists.suse.com Wed Feb 2 14:44:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:44:45 +0100 (CET) Subject: SUSE-RU-2022:0308-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220202144445.E4156FE0E@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0308-1 Rating: moderate References: #1190781 ECO-3319 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Don't check for cached pillar errors on state.apply (bsc#1190781) scap-security-guide: - Updated to 0.1.59 release (jsc#ECO-3319) - Support for Debian 11 - NERC CIP profiles for OCP4 and RHCOS - HIPAA profile for SUSE Linux Enterprise 15 - Delta Tailoring Files for STIG profiles spacecmd: - Version 4.3.5-1 * require python macros for building Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-BETA-2022-308=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (all): salt-common-3003.3+ds-1+2.30.1 salt-minion-3003.3+ds-1+2.30.1 scap-security-guide-debian-0.1.59-2.9.1 spacecmd-4.3.5-2.23.1 References: https://bugzilla.suse.com/1190781 From sle-updates at lists.suse.com Wed Feb 2 14:46:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:46:27 +0100 (CET) Subject: SUSE-SU-2022:0288-1: important: Security update for the Linux Kernel Message-ID: <20220202144627.7F297FE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0288-1 Rating: important References: #1065729 #1071995 #1154353 #1154492 #1156395 #1167773 #1176447 #1176774 #1177437 #1190256 #1191271 #1192931 #1193255 #1193328 #1193669 #1193727 #1193767 #1193901 #1193927 #1194001 #1194027 #1194302 #1194493 #1194516 #1194517 #1194518 #1194529 #1194580 #1194584 #1194586 #1194587 #1194589 #1194590 #1194591 #1194592 #1194888 #1194953 #1194985 #1195062 SLE-13294 SLE-13533 SLE-14777 SLE-15172 SLE-16683 SLE-23432 SLE-8464 Cross-References: CVE-2021-4083 CVE-2021-4135 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-44733 CVE-2021-46283 CVE-2022-0185 CVE-2022-0322 CVSS scores: CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4149 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2021-46283 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0185 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0322 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that solves 9 vulnerabilities, contains 7 features and has 30 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4083: Fixed race condition in Unix domain socket garbage collection that could lead to read memory after free (bsc#1193727). - CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927). - CVE-2021-4149: Fixed improper lock operation in btrfs that allowed users to crash the kernel or deadlock the system (bsc#1194001). - CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302). - CVE-2021-4202: Fixed race condition in nci_request() that could cause use-after-free (bsc#1194529). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel that occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-46283: Fixed missing initialization in nf_tables_newset in net/netfilter/nf_tables_api.c that could cause a denial of service (bnc#1194518). - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985). The following non-security bugs were fixed: - acpi: APD: Check for NULL pointer after calling devm_ioremap() (git-fixes). - acpi: Add stubs for wakeup handler functions (git-fixes). - acpi: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (git-fixes). - alsa: PCM: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - alsa: ctl: Fix copy of updated id with element read/write (git-fixes). - alsa: drivers: opl3: Fix incorrect use of vp->state (git-fixes). - alsa: hda/hdmi: Disable silent stream on GLK (git-fixes). - alsa: hda/realtek - Add headset Mic support for Lenovo ALC897 platform (git-fixes). - alsa: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (git-fixes). - alsa: hda/realtek: Add a quirk for HP OMEN 15 mute LED (git-fixes). - alsa: hda/realtek: Add quirk for ASRock NUC Box 1100 (git-fixes). - alsa: hda/realtek: Amp init fixup for HP ZBook 15 G6 (git-fixes). - alsa: hda/realtek: Fix quirk for Clevo NJ51CU (git-fixes). - alsa: hda/realtek: Fix quirk for TongFang PHxTxX1 (git-fixes). - alsa: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers (git-fixes). - alsa: hda/realtek: Headset fixup for Clevo NH77HJQ (git-fixes). - alsa: hda: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - alsa: hda: Make proper use of timecounter (git-fixes). - alsa: jack: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - alsa: jack: Check the return value of kstrdup() (git-fixes). - alsa: oss: fix compile error when OSS_DEBUG is enabled (git-fixes). - alsa: pcm: oss: Fix negative period/buffer sizes (git-fixes). - alsa: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (git-fixes). - alsa: pcm: oss: Limit the period size to 16MB (git-fixes). - alsa: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID (git-fixes). - alsa: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk (git-fixes). - amd/display: downgrade validation failure log level (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asoc: codecs: wcd934x: handle channel mappping list correctly (git-fixes). - asoc: codecs: wcd934x: return correct value from mixer put (git-fixes). - asoc: codecs: wcd934x: return error code correctly from hw_params (git-fixes). - asoc: codecs: wsa881x: fix return values from kcontrol put (git-fixes). - asoc: cs42l42: Correct configuring of switch inversion from ts-inv (git-fixes). - asoc: cs42l42: Disable regulators if probe fails (git-fixes). - asoc: cs42l42: Use device_property API instead of of_property (git-fixes). - asoc: fsl_asrc: refine the check of available clock divider (git-fixes). - asoc: fsl_mqs: fix MODULE_ALIAS (git-fixes). - asoc: mediatek: Check for error clk pointer (git-fixes). - asoc: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s (git-fixes). - asoc: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() (git-fixes). - asoc: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer (git-fixes). - asoc: rt5663: Handle device_property_read_u32_array error codes (git-fixes). - asoc: samsung: idma: Check of ioremap return value (git-fixes). - asoc: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked() (git-fixes). - asoc: sunxi: fix a sound binding broken reference (git-fixes). - asoc: tegra: Fix kcontrol put callback in ADMAIF (git-fixes). - asoc: tegra: Fix kcontrol put callback in AHUB (git-fixes). - asoc: tegra: Fix kcontrol put callback in DMIC (git-fixes). - asoc: tegra: Fix kcontrol put callback in DSPK (git-fixes). - asoc: tegra: Fix kcontrol put callback in I2S (git-fixes). - asoc: tegra: Fix wrong value type in ADMAIF (git-fixes). - asoc: tegra: Fix wrong value type in DMIC (git-fixes). - asoc: tegra: Fix wrong value type in DSPK (git-fixes). - asoc: tegra: Fix wrong value type in I2S (git-fixes). - asoc: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA (git-fixes). - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile (git-fixes). - atlantic: Fix buff_ring OOB in aq_ring_rx_clean (git-fixes). - ax25: NPD bug when detaching AX25 device (git-fixes). - backlight: qcom-wled: Fix off-by-one maximum with default num_strings (git-fixes). - backlight: qcom-wled: Override default length with qcom,enabled-strings (git-fixes). - backlight: qcom-wled: Pass number of elements to read to read_u32_array (git-fixes). - backlight: qcom-wled: Validate enabled string indices in DT (git-fixes). - batman-adv: mcast: do not send link-local multicast to mcast routers (git-fixes). - blk-cgroup: synchronize blkg creation against policy deactivation (bsc#1194584). - block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - bluetooth: L2CAP: Fix using wrong mode (git-fixes). - bluetooth: bfusb: fix division by zero in send path (git-fixes). - bluetooth: btmtksdio: fix resume failure (git-fixes). - bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (git-fixes). - bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (git-fixes). - bluetooth: hci_bcm: Check for error irq (git-fixes). - bluetooth: hci_qca: Stop IBS timer during BT OFF (git-fixes). - bluetooth: stop proccessing malicious adv data (git-fixes). - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (git-fixes). - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (git-fixes). - can: kvaser_usb: get CAN clock frequency from device (git-fixes). - can: sja1000: fix use after free in ems_pcmcia_add_card() (git-fixes). - can: softing: softing_startstop(): fix set but not used variable warning (git-fixes). - can: softing_cs: softingcs_probe(): fix memleak on registration failure (git-fixes). - can: usb_8dev: remove unused member echo_skb from struct usb_8dev_priv (git-fixes). - can: xilinx_can: xcan_probe(): check for error irq (git-fixes). - char/mwave: Adjust io port register size (git-fixes). - clk: Do not parent clks until the parent is fully registered (git-fixes). - clk: Gemini: fix struct name in kernel-doc (git-fixes). - clk: bcm-2835: Pick the closest clock rate (git-fixes). - clk: bcm-2835: Remove rounding up the dividers (git-fixes). - clk: imx8mn: Fix imx8mn_clko1_sels (git-fixes). - clk: imx: pllv1: fix kernel-doc notation for struct clk_pllv1 (git-fixes). - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (git-fixes). - clk: qcom: regmap-mux: fix parent clock lookup (git-fixes). - clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell (git-fixes). - crypto: caam - replace this_cpu_ptr with raw_cpu_ptr (git-fixes). - crypto: mxs-dcp - Use sg_mapping_iter to copy data (git-fixes). - crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() (git-fixes). - crypto: qat - do not ignore errors from enable_vf2pf_comms() (git-fixes). - crypto: qat - fix reuse of completion variable (git-fixes). - crypto: qat - handle both source of interrupt in VF ISR (git-fixes). - crypto: qce - fix uaf on qce_ahash_register_one (git-fixes). - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (git-fixes). - crypto: stm32/cryp - fix double pm exit (git-fixes). - crypto: stm32/cryp - fix lrw chaining mode (git-fixes). - crypto: stm32/cryp - fix xts and race condition in crypto_engine requests (git-fixes). - debugfs: lockdown: Allow reading debugfs files that are not world readable (bsc#1193328). - device property: Fix documentation for FWNODE_GRAPH_DEVICE_DISABLED (git-fixes). - dm crypt: document encrypted keyring key option (git-fixes). - dm writecache: add "cleaner" and "max_age" to Documentation (git-fixes). - dm writecache: advance the number of arguments when reporting max_age (git-fixes). - dm writecache: fix performance degradation in ssd mode (git-fixes). - dm writecache: flush origin device when writing and cache is full (git-fixes). - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() (git-fixes). - dmaengine: at_xdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (git-fixes). - dmaengine: at_xdmac: Fix concurrency over xfers_list (git-fixes). - dmaengine: at_xdmac: Fix lld view setting (git-fixes). - dmaengine: at_xdmac: Print debug message after realeasing the lock (git-fixes). - dmaengine: bestcomm: fix system boot lockups (git-fixes). - dmaengine: idxd: add module parameter to force disable of SVA (bsc#1192931). - dmaengine: idxd: enable SVA feature for IOMMU (bsc#1192931). - dmaengine: pxa/mmp: stop referencing config->slave_id (git-fixes). - dmaengine: st_fdma: fix MODULE_ALIAS (git-fixes). - documentation: ACPI: Fix data node reference documentation (git-fixes). - documentation: dmaengine: Correctly describe dmatest with channel unset (git-fixes). - documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (git-fixes). - drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (git-fixes). - drm/amd/display: Fix for the no Audio bug with Tiled Displays (git-fixes). - drm/amd/display: Update bounding box states (v2) (git-fixes). - drm/amd/display: Update number of DCN3 clock states (git-fixes). - drm/amd/display: add connector type check for CRC source set (git-fixes). - drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled (git-fixes). - drm/amd/display: fix incorrect CM/TF programming sequence in dwb (git-fixes). - drm/amd/display: fix missing writeback disablement if plane is removed (git-fixes). - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (git-fixes). - drm/amdgpu: Fix a printing message (git-fixes). - drm/amdgpu: Fix amdgpu_ras_eeprom_init() (git-fixes). - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE (git-fixes). - drm/amdgpu: revert "Add autodump debugfs node for gpu reset v8" (git-fixes). - drm/amdkfd: Account for SH/SE count when setting up cu masks (git-fixes). - drm/amdkfd: Check for null pointer after calling kmemdup (git-fixes). - drm/ast: potential dereference of null pointer (git-fixes). - drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode (git-fixes). - drm/bridge: analogix_dp: Make PSR-exit block less (git-fixes). - drm/bridge: display-connector: fix an uninitialized pointer in probe() (git-fixes). - drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit (git-fixes). - drm/bridge: ti-sn65dsi86: Set max register for regmap (git-fixes). - drm/display: fix possible null-pointer dereference in dcn10_set_clock() (git-fixes). - drm/exynos: Always initialize mapping in exynos_drm_register_dma() (git-fixes). - drm/i915/fb: Fix rounding error in subsampled plane size calculation (git-fixes). - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm/dpu: fix safe status debugfs file (git-fixes). - drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660 (git-fixes). - drm/msm/dsi: set default num_data_lanes (git-fixes). - drm/msm/mdp5: fix cursor-related warnings (git-fixes). - drm/msm: mdp4: drop vblank get/put from prepare/complete_commit (git-fixes). - drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture() (git-fixes). - drm/panel: innolux-p079zca: Delete panel on attach() failure (git-fixes). - drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure (git-fixes). - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (git-fixes). - drm/rockchip: dsi: Disable PLL clock on bind error (git-fixes). - drm/rockchip: dsi: Fix unbalanced clock on probe error (git-fixes). - drm/rockchip: dsi: Hold pm-runtime across bind/unbind (git-fixes). - drm/rockchip: dsi: Reconfigure hardware on resume() (git-fixes). - drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get (git-fixes). - drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY (git-fixes). - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence (git-fixes). - drm/tegra: vic: Fix DMA API misuse (git-fixes). - drm/vboxvideo: fix a NULL vs IS_ERR() check (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered up during bind (git-fixes). - drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET (git-fixes). - drm/vc4: hdmi: Set a default HSM rate (git-fixes). - drm: fix null-ptr-deref in drm_dev_init_release() (git-fixes). - drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers (git-fixes). - drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock (git-fixes). - eeprom: idt_89hpesx: Put fwnode in matching case during ->probe() (git-fixes). - eeprom: idt_89hpesx: Restore printing the unsupported fwnode name (git-fixes). - ext4: Avoid trim error on fs with small groups (bsc#1191271). - ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - firmware: Update Kconfig help text for Google firmware (git-fixes). - firmware: arm_scmi: pm: Propagate return value to caller (git-fixes). - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (git-fixes). - firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available() (git-fixes). - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries (git-fixes). - firmware: qemu_fw_cfg: fix kobject leak in probe error path (git-fixes). - firmware: qemu_fw_cfg: fix sysfs information leak (git-fixes). - firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (git-fixes). - firmware: smccc: Fix check for ARCH_SOC_ID not implemented (git-fixes). - firmware: tegra: Fix error application of sizeof() to pointer (git-fixes). - firmware: tegra: Reduce stack usage (git-fixes). - firmware_loader: fix pre-allocated buf built-in firmware use (git-fixes). - floppy: Fix hang in watchdog when disk is ejected (git-fixes). - flow_offload: return EOPNOTSUPP for the unsupported mpls action type (bsc#1154353). - fuse: Pass correct lend value to filemap_write_and_wait_range() (bsc#1194953). - gpiolib: acpi: Make set-debounce-timeout failures non fatal (git-fixes). - gpu: host1x: Add back arm_iommu_detach_device() (git-fixes). - hid: add USB_HID dependancy to hid-chicony (git-fixes). - hid: add USB_HID dependancy to hid-prodikeys (git-fixes). - hid: asus: Add depends on USB_HID to HID_ASUS Kconfig option (git-fixes). - hid: bigbenff: prevent null pointer dereference (git-fixes). - hid: google: add eel USB id (git-fixes). - hid: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad (git-fixes). - hid: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc (git-fixes). - hid: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init (git-fixes). - hid: hid-uclogic-params: Invalid parameter check in uclogic_params_init (git-fixes). - hid: quirks: Add quirk for the Microsoft Surface 3 type-cover (git-fixes). - hwmon: (lm90) Add basic support for TI TMP461 (git-fixes). - hwmon: (lm90) Add max6654 support to lm90 driver (git-fixes). - hwmon: (lm90) Do not report 'busy' status bit as alarm (git-fixes). - hwmon: (lm90) Drop critical attribute support for MAX6654 (git-fixes). - hwmon: (lm90) Fix usage of CONFIG2 register in detect function (git-fixes). - hwmon: (lm90) Introduce flag indicating extended temperature support (git-fixes). - i2c: rk3x: Handle a spurious start completion interrupt flag (git-fixes). - i2c: validate user data in compat ioctl (git-fixes). - i3c: fix incorrect address slot lookup on 64-bit (git-fixes). - i3c: master: dw: check return of dw_i3c_master_get_free_pos() (git-fixes). - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (git-fixes). - i40e: Fix for displaying message regarding NVM version (git-fixes). - i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes). - i40e: Fix to not show opcode msg on unsuccessful VF MAC change (git-fixes). - i40e: fix use-after-free in i40e_sync_filters_subtask() (git-fixes). - iavf: Fix limit of total number of queues to active queues of VF (git-fixes). - iavf: restore MSI state on reset (git-fixes). - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes). - ieee802154: fix error return code in ieee802154_add_iface() (git-fixes). - ieee802154: fix error return code in ieee802154_llsec_getparams() (git-fixes). - ieee802154: hwsim: Fix memory leak in hwsim_add_one (git-fixes). - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others (git-fixes). - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() (git-fixes). - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi (git-fixes). - igb: Fix removal of unicast MAC filters of VFs (git-fixes). - igbvf: fix double free in `igbvf_probe` (git-fixes). - igc: Fix typo in i225 LTR functions (jsc#SLE-13533). - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (git-fixes). - iio: ad7768-1: Call iio_trigger_notify_done() on error (git-fixes). - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (git-fixes). - iio: at91-sama5d2: Fix incorrect sign extension (git-fixes). - iio: dln2-adc: Fix lockdep complaint (git-fixes). - iio: dln2: Check return value of devm_iio_trigger_register() (git-fixes). - iio: itg3200: Call iio_trigger_notify_done() on error (git-fixes). - iio: kxsd9: Do not return error code in trigger handler (git-fixes). - iio: ltr501: Do not return error code in trigger handler (git-fixes). - iio: mma8452: Fix trigger reference couting (git-fixes). - iio: stk3310: Do not return error code in interrupt handler (git-fixes). - iio: trigger: Fix reference counting (git-fixes). - iio: trigger: stm32-timer: fix MODULE_ALIAS (git-fixes). - input: appletouch - initialize work before device registration (git-fixes). - input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes). - input: elantech - fix stack out of bound access in elantech_change_report_id() (git-fixes). - input: i8042 - add deferred probe support (bsc#1190256). - input: i8042 - enable deferred probe quirk for ASUS UM325UA (bsc#1190256). - input: max8925_onkey - do not mark comment as kernel-doc (git-fixes). - input: spaceball - fix parsing of movement data packets (git-fixes). - input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes). - input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes). - ionic: Initialize the 'lif->dbid_inuse' bitmap (bsc#1167773). - isofs: Fix out of bound access for corrupted isofs image (bsc#1194591). - iwlwifi: fw: correctly limit to monitor dump (git-fixes). - iwlwifi: mvm: Fix scan channel flags settings (git-fixes). - iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing() (git-fixes). - iwlwifi: mvm: avoid static queue number aliasing (git-fixes). - iwlwifi: mvm: disable RX-diversity in powersave (git-fixes). - iwlwifi: mvm: fix 32-bit build in FTM (git-fixes). - iwlwifi: mvm: fix access to BSS elements (git-fixes). - iwlwifi: mvm: test roc running status bits before removing the sta (git-fixes). - iwlwifi: pcie: free RBs during configure (git-fixes). - ixgbe: set X550 MDIO speed before talking to PHY (git-fixes). - kabi/severities: Add a kabi exception for drivers/tee/tee - kmod: make request_module() return an error when autoloading is disabled (git-fixes). - kobject: Restore old behaviour of kobject_del(NULL) (git-fixes). - kobject_uevent: remove warning in init_uevent_argv() (git-fixes). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - libata: add horkage for ASMedia 1092 (git-fixes). - libata: if T_LENGTH is zero, dma direction should be DMA_NONE (git-fixes). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - lockdown: Allow unprivileged users to see lockdown status (git-fixes). - mISDN: change function names to avoid conflicts (git-fixes). - mac80211: Fix monitor MTU limit so that A-MSDUs get through (git-fixes). - mac80211: agg-tx: do not schedule_and_wake_txq() under sta->lock (git-fixes). - mac80211: do not access the IV when it was stripped (git-fixes). - mac80211: fix lookup when adding AddBA extension element (git-fixes). - mac80211: fix regression in SSN handling of addba tx (git-fixes). - mac80211: initialize variable have_higher_than_11mbit (git-fixes). - mac80211: mark TX-during-stop for TX in in_reconfig (git-fixes). - mac80211: send ADDBA requests using the tid/queue of the aggregation session (git-fixes). - mac80211: track only QoS data frames for admission control (git-fixes). - mac80211: validate extended element ID is present (git-fixes). - mailbox: hi3660: convert struct comments to kernel-doc notation (git-fixes). - media: Revert "media: uvcvideo: Set unique vdev name based in type" (bsc#1193255). - media: aspeed: Update signal status immediately to ensure sane hw state (git-fixes). - media: aspeed: fix mode-detect always time out at 2nd run (git-fixes). - media: cpia2: fix control-message timeouts (git-fixes). - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes). - media: dib8000: Fix a memleak in dib8000_init() (git-fixes). - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes). - media: dw2102: Fix use after free (git-fixes). - media: em28xx: fix control-message timeouts (git-fixes). - media: em28xx: fix memory leak in em28xx_init_dev (git-fixes). - media: flexcop-usb: fix control-message timeouts (git-fixes). - media: hantro: Fix probe func error path (git-fixes). - media: i2c: imx274: fix trivial typo expsoure/exposure (git-fixes). - media: i2c: imx274: fix trivial typo obainted/obtained (git-fixes). - media: imx-pxp: Initialize the spinlock prior to using it (git-fixes). - media: mceusb: fix control-message timeouts (git-fixes). - media: msi001: fix possible null-ptr-deref in msi001_probe() (git-fixes). - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (git-fixes). - media: pvrusb2: fix control-message timeouts (git-fixes). - media: rcar-csi2: Correct the selection of hsfreqrange (git-fixes). - media: rcar-csi2: Optimize the selection PHTW register (git-fixes). - media: redrat3: fix control-message timeouts (git-fixes). - media: s2255: fix control-message timeouts (git-fixes). - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (git-fixes). - media: si2157: Fix "warm" tuner state detection (git-fixes). - media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() (git-fixes). - media: stk1160: fix control-message timeouts (git-fixes). - media: streamzap: remove unnecessary ir_raw_event_reset and handle (git-fixes). - media: uvcvideo: fix division by zero at stream start (git-fixes). - media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()' (git-fixes). - memblock: ensure there is no overflow in memblock_overlaps_region() (git-fixes). - memory: emif: Remove bogus debugfs error handling (git-fixes). - mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (git-fixes). - misc: fastrpc: Add missing lock before accessing find_vma() (git-fixes). - misc: fastrpc: fix improper packet size calculation (git-fixes). - misc: lattice-ecp3-config: Fix task hung when firmware load failed (git-fixes). - mmc: meson-mx-sdio: add IRQ check (git-fixes). - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (git-fixes). - mmc: sdhci-esdhc-imx: disable CMDQ support (git-fixes). - mmc: sdhci-pci: Add PCI ID for Intel ADL (git-fixes). - mmc: sdhci-tegra: Fix switch to HS400ES mode (git-fixes). - moxart: fix potential use-after-free on remove path (bsc#1194516). - mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode (git-fixes). - mt76: mt7915: fix an off-by-one bound check (git-fixes). - mtd: rawnand: fsmc: Fix timing computation (git-fixes). - mtd: rawnand: fsmc: Take instruction delay into account (git-fixes). - mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip() (git-fixes). - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (git-fixes). - mwifiex: Fix possible ABBA deadlock (git-fixes). - mwifiex: Try waking the firmware until we get an interrupt (git-fixes). - net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources (jsc#SLE-8464). - net/mlx5: Set command entry semaphore up once got index free (jsc#SLE-15172). - net/mlx5e: Fix wrong features assignment in case of error (git-fixes). - net/mlx5e: Wrap the tx reporter dump callback to extract the sq (jsc#SLE-15172). - net/sched: fq_pie: prevent dismantle issue (jsc#SLE-15172). - net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1176774). - net: create netdev->dev_addr assignment helpers (git-fixes). - net: ena: Fix error handling when calculating max IO queues number (bsc#1154492). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1154492). - net: ena: Fix wrong rx request id by resetting device (git-fixes). - net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (jsc#SLE-14777). - net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes). - net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). - netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone (bsc#1176447). - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (git-fixes). - nfc: fix segfault in nfc_genl_dump_devices_done (git-fixes). - nfc: st21nfca: Fix memory leak in device probe and remove (git-fixes). - nfs: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - nfs: Fix pagecache invalidation after COPY/CLONE (git-fixes). - nfsd: Fix nsfd startup race (again) (git-fixes). - nfsd: Fix zero-length NFSv3 WRITEs (git-fixes). - nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups (bsc#1176447). - nvme-tcp: block BH in sk state_change sk callback (git-fixes). - nvme-tcp: can't set sk_user_data without write_lock (git-fixes). - nvme-tcp: check sgl supported by target (git-fixes). - nvme-tcp: do not update queue count when failing to set io queues (git-fixes). - nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU (git-fixes). - nvme-tcp: fix crash triggered with a dataless request submission (git-fixes). - nvme-tcp: fix error codes in nvme_tcp_setup_ctrl() (git-fixes). - nvme-tcp: fix io_work priority inversion (git-fixes). - nvme-tcp: fix possible data corruption with bio merges (git-fixes). - nvme-tcp: fix possible req->offset corruption (git-fixes). - nvme-tcp: fix wrong setting of request iov_iter (git-fixes). - nvme-tcp: get rid of unused helper function (git-fixes). - nvme-tcp: pair send_mutex init with destroy (git-fixes). - nvme-tcp: pass multipage bvec to request iov_iter (git-fixes). - nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME (git-fixes). - pci/acpi: Fix acpi_pci_osc_control_set() kernel-doc comment (git-fixes). - pci/msi: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes). - pci/msi: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes). - pci/msi: Mask MSI-X vectors only on success (git-fixes). - pci: cadence: Add cdns_plat_pcie_probe() missing return (git-fixes). - pci: dwc: Do not remap invalid res (git-fixes). - pci: mvebu: Check for errors from pci_bridge_emul_init() call (git-fixes). - pci: mvebu: Do not modify PCI IO type bits in conf_write (git-fixes). - pci: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on emulated bridge (git-fixes). - pci: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge (git-fixes). - pci: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge (git-fixes). - pci: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space (git-fixes). - pci: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device (git-fixes). - pci: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes). - pci: xgene: Fix IB window setup (git-fixes). - pcmcia: fix setting of kthread task states (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (git-fixes). - pcnet32: Use pci_resource_len to validate PCI resource (git-fixes). - pinctrl: mediatek: fix global-out-of-bounds issue (git-fixes). - pinctrl: qcom: spmi-gpio: correct parent irqspec translation (git-fixes). - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (git-fixes). - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (git-fixes). - pipe: increase minimum default pipe size to 2 pages (bsc#1194587). - platform/x86: apple-gmux: use resource_size() with res (git-fixes). - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (git-fixes). - pm: runtime: Defer suspending suppliers (git-fixes). - pm: sleep: Do not assume that "mem" is always present (git-fixes). - power: reset: ltc2952: Fix use of floating point literals (git-fixes). - power: supply: core: Break capacity loop (git-fixes). - power: supply: max17042_battery: Clear status bits in interrupt handler (git-fixes). - powerpc/64s: fix program check interrupt emergency stack path (bsc#1156395). - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901). - powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC (bsc#1156395). - powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729). - powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729). - powerpc/pseries/cpuhp: cache node corrections (bsc#1065729). - powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729). - powerpc/pseries/mobility: ignore ibm, platform-facilities updates (bsc#1065729). - powerpc/traps: do not enable irqs in _exception (bsc#1065729). - powerpc/xive: Add missing null check after calling kmalloc (bsc#1177437 jsc#SLE-13294 git-fixes). - powerpc: add interrupt_cond_local_irq_enable helper (bsc#1065729). - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901). - pwm: mxs: Do not modify HW state in .probe() after the PWM chip was registered (git-fixes). - pwm: tiecap: Drop .free() callback (git-fixes). - qlcnic: potential dereference null pointer of rx_queue->page_ring (git-fixes). - quota: check block number when reading the block in quota file (bsc#1194589). - quota: correct error number in free_dqentry() (bsc#1194590). - random: fix data race on crng init time (git-fixes). - random: fix data race on crng_node_pool (git-fixes). - rdma/hns: Replace kfree() with kvfree() (jsc#SLE-14777). - regmap: Call regmap_debugfs_exit() prior to _init() (git-fixes). - rndis_host: support Hytera digital radios (git-fixes). - rpmsg: core: Clean up resources on announce_create failure (git-fixes). - rtl8xxxu: Fix the handling of TX A-MPDU aggregation (git-fixes). - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (git-fixes). - rtw88: use read_poll_timeout instead of fixed sleep (git-fixes). - rtw88: wow: build wow function only if CONFIG_PM is on (git-fixes). - rtw88: wow: fix size access error of probe request (git-fixes). - sata: nv: fix debug format string mismatch (git-fixes). - select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027). - selftests: KVM: Explicitly use movq to read xmm registers (git-fixes). - selinux: fix potential memleak in selinux_add_opt() (git-fixes). - seq_buf: Fix overflow in seq_buf_putmem_hex() (git-fixes). - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 (git-fixes). - serial: pl011: Add ACPI SBSA UART match id (git-fixes). - serial: tty: uartlite: fix console setup (git-fixes). - sfc: Check null pointer of rx_queue->page_ring (git-fixes). - sfc: The RX page_ring is optional (git-fixes). - sfc: falcon: Check null pointer of rx_queue->page_ring (git-fixes). - sfc_ef100: potential dereference of null pointer (jsc#SLE-16683). - shmem: shmem_writepage() split unlikely i915 THP (git-fixes). - slimbus: qcom: fix potential NULL dereference in qcom_slim_prg_slew() (git-fixes). - soc/tegra: fuse: Fix bitwise vs. logical OR warning (git-fixes). - soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (git-fixes). - soc: fsl: dpio: rename the enqueue descriptor variable (git-fixes). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - soc: fsl: dpio: use an explicit NULL instead of 0 (git-fixes). - soc: fsl: dpio: use the combined functions to protect critical zone (git-fixes). - spi: change clk_disable_unprepare to clk_unprepare (git-fixes). - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (git-fixes). - spi: spi-rspi: Drop redeclaring ret variable in qspi_transfer_in() (git-fixes). - staging: emxx_udc: Fix passing of NULL to dma_alloc_coherent() (git-fixes). - staging: fbtft: Do not spam logs when probe is deferred (git-fixes). - staging: fbtft: Rectify GPIO handling (git-fixes). - staging: fieldbus: anybuss: jump to correct label in an error path (git-fixes). - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (git-fixes). - staging: rtl8192e: return error code from rtllib_softmac_init() (git-fixes). - staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() (git-fixes). - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (git-fixes). - string.h: fix incompatibility between FORTIFY_SOURCE and KASAN (git-fixes). - thermal/drivers/imx8mm: Enable ADC when enabling monitor (git-fixes). - thermal/drivers/int340x: Do not set a wrong tcc offset on resume (git-fixes). - thermal: core: Reset previous low and high trip during thermal zone init (git-fixes). - tpm: add request_locality before write TPM_INT_ENABLE (git-fixes). - tpm: fix potential NULL pointer access in tpm_del_char_device (git-fixes). - tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes). - tracing/uprobes: Check the return value of kstrdup() for tu->filename (git-fixes). - tracing: Add test for user space strings when filtering on string pointers (git-fixes). - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes). - tty: max310x: fix flexible_array.cocci warnings (git-fixes). - tty: serial: atmel: Call dma_async_issue_pending() (git-fixes). - tty: serial: atmel: Check return code of dmaengine_submit() (git-fixes). - tty: serial: earlycon dependency (git-fixes). - tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup (git-fixes). - tty: serial: uartlite: allow 64 bit address (git-fixes). - tty: synclink_gt: rename a conflicting function name (git-fixes). - udf: Fix crash after seekdir (bsc#1194592). - uio: uio_dmem_genirq: Catch the Exception (git-fixes). - usb: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status (git-fixes). - usb: NO_LPM quirk Lenovo Powered USB-C Travel Hub (git-fixes). - usb: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) (git-fixes). - usb: cdc-acm: fix break reporting (git-fixes). - usb: cdc-acm: fix racy tty buffer accesses (git-fixes). - usb: chipidea: fix interrupt deadlock (git-fixes). - usb: core: Fix bug in resuming hub's handling of wakeup requests (git-fixes). - usb: core: config: fix validation of wMaxPacketValue entries (git-fixes). - usb: core: config: using bit mask instead of individual bits (git-fixes). - usb: dwc2: check return value after calling platform_get_resource() (git-fixes). - usb: dwc3: gadget: Continue to process pending requests (git-fixes). - usb: dwc3: gadget: Ignore EP queue requests during bus reset (git-fixes). - usb: dwc3: gadget: Reclaim extra TRBs after request completion (git-fixes). - usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield (git-fixes). - usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression (git-fixes). - usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one (git-fixes). - usb: dwc3: ulpi: fix checkpatch warning (git-fixes). - usb: ftdi-elan: fix memory leak on device disconnect (git-fixes). - usb: gadget: bRequestType is a bitfield, not a enum (git-fixes). - usb: gadget: composite: Allow bMaxPower=0 if self-powered (git-fixes). - usb: gadget: detect too-big endpoint 0 requests (git-fixes). - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear (git-fixes). - usb: gadget: u_ether: fix race in setting MAC address in setup phase (git-fixes). - usb: gadget: zero allocate endpoint 0 buffers (git-fixes). - usb: mtu3: add memory barrier before set GPD's HWO (git-fixes). - usb: mtu3: fix interval value for intr and isoc (git-fixes). - usb: mtu3: fix list_head check warning (git-fixes). - usb: mtu3: set interval of FS intr and isoc endpoint (git-fixes). - usb: serial: cp210x: fix CP2105 GPIO registration (git-fixes). - usb: serial: option: add Telit FN990 compositions (git-fixes). - usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes). - usb: xhci: Extend support for runtime power management for AMD's Yellow carp (git-fixes). - usermodehelper: reset umask to default before executing user process (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - video: backlight: Drop maximum brightness override for brightness zero (git-fixes). - watchdog: Fix OMAP watchdog early handling (git-fixes). - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (git-fixes). - wcn36xx: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (git-fixes). - wcn36xx: Release DMA channel descriptor allocations (git-fixes). - wcn36xx: handle connection loss indication (git-fixes). - wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma (git-fixes). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/platform/uv: Add more to secondary CPU kdump info (bsc#1194493). - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes). - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (git-fixes). - xhci: avoid race between disable slot command and host runtime suspend (git-fixes). - xhci: fix unsafe memory usage in xhci tracing (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-288=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-288=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-150300.71.1 kernel-source-rt-5.3.18-150300.71.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.71.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.71.1 dlm-kmp-rt-5.3.18-150300.71.1 dlm-kmp-rt-debuginfo-5.3.18-150300.71.1 gfs2-kmp-rt-5.3.18-150300.71.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.71.1 kernel-rt-5.3.18-150300.71.1 kernel-rt-debuginfo-5.3.18-150300.71.1 kernel-rt-debugsource-5.3.18-150300.71.1 kernel-rt-devel-5.3.18-150300.71.1 kernel-rt-devel-debuginfo-5.3.18-150300.71.1 kernel-rt_debug-debuginfo-5.3.18-150300.71.1 kernel-rt_debug-debugsource-5.3.18-150300.71.1 kernel-rt_debug-devel-5.3.18-150300.71.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.71.1 kernel-syms-rt-5.3.18-150300.71.1 ocfs2-kmp-rt-5.3.18-150300.71.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.71.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): kernel-rt-5.3.18-150300.71.1 kernel-rt-debuginfo-5.3.18-150300.71.1 kernel-rt-debugsource-5.3.18-150300.71.1 References: https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4135.html https://www.suse.com/security/cve/CVE-2021-4149.html https://www.suse.com/security/cve/CVE-2021-4197.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2021-46283.html https://www.suse.com/security/cve/CVE-2022-0185.html https://www.suse.com/security/cve/CVE-2022-0322.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154492 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176774 https://bugzilla.suse.com/1177437 https://bugzilla.suse.com/1190256 https://bugzilla.suse.com/1191271 https://bugzilla.suse.com/1192931 https://bugzilla.suse.com/1193255 https://bugzilla.suse.com/1193328 https://bugzilla.suse.com/1193669 https://bugzilla.suse.com/1193727 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193901 https://bugzilla.suse.com/1193927 https://bugzilla.suse.com/1194001 https://bugzilla.suse.com/1194027 https://bugzilla.suse.com/1194302 https://bugzilla.suse.com/1194493 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194517 https://bugzilla.suse.com/1194518 https://bugzilla.suse.com/1194529 https://bugzilla.suse.com/1194580 https://bugzilla.suse.com/1194584 https://bugzilla.suse.com/1194586 https://bugzilla.suse.com/1194587 https://bugzilla.suse.com/1194589 https://bugzilla.suse.com/1194590 https://bugzilla.suse.com/1194591 https://bugzilla.suse.com/1194592 https://bugzilla.suse.com/1194888 https://bugzilla.suse.com/1194953 https://bugzilla.suse.com/1194985 https://bugzilla.suse.com/1195062 From sle-updates at lists.suse.com Wed Feb 2 14:51:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:51:32 +0100 (CET) Subject: SUSE-SU-2022:0292-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP2) Message-ID: <20220202145132.A4DD2FE0E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0292-1 Rating: important References: #1191529 #1192036 #1194461 #1194737 Cross-References: CVE-2020-3702 CVE-2021-4154 CVE-2021-42739 CVE-2022-0185 CVSS scores: CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-4154 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0185 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_64 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2021-4154: Fixed option parsing with cgroups version 1 (bsc#1193842). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-292=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_64-default-10-2.2 kernel-livepatch-5_3_18-24_64-default-debuginfo-10-2.2 kernel-livepatch-SLE15-SP2_Update_13-debugsource-10-2.2 References: https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-4154.html https://www.suse.com/security/cve/CVE-2021-42739.html https://www.suse.com/security/cve/CVE-2022-0185.html https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1194461 https://bugzilla.suse.com/1194737 From sle-updates at lists.suse.com Wed Feb 2 14:53:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:53:26 +0100 (CET) Subject: SUSE-SU-2022:0311-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20220202145326.92DA8FE0E@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0311-1 Rating: moderate References: #1190781 #1191454 #1192487 #1193600 #1193688 Cross-References: CVE-2021-39226 CVE-2021-43813 CVSS scores: CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update fixes the following issues: ansible: - Require python macros for building grafana: - Update to version 7.5.12: * Fix markdown path traversal (#42969, bsc#1193688, CVE-2021-43813) - Recreate tarballs using the makefile to update the npm and go modules required - Update to version 7.5.11: * Fix Snapshot authentication bypass (bsc#1191454, CVE-2021-39226) * Fix certs issue (#40002) * Release v7.5.11 (#124) * Fix static path matching issue in macaron * OAuth: add docs for disableAutoLogin param (#38752) (#38894) * Fix #747; remove 'other variables'. (#37866) (#37878) * Update alert docs (#33658) (#33659) * [7.5.x] Docs: added documentation for the "prepare time series"-transformation. (#36836) * cherry picked dc5778c303ca555b70e8ca8c28e95997e26ecfc1 (#36813) * "Release: Updated versions in package to 7.5.10" (#36792) * [v7.5.x] Transformations: add 'prepare time series' transformer (#36749) * Remove verify-drone from windows (#36775) * Update queries.md (#31941) (#36764) * Updated content to specify method to use to get keyboard shortcuts wh??? (#36084) (#36087) * ReleaseNotes: Updated changelog and release notes for 7.5.9 (#36057) (#36077) * "Release: Updated versions in package to 7.5.9" (#36056) * Login: Fixes Unauthorized message showing when on login page or snapshot page (#35311) (#35880) * ReleaseNotes: Updated changelog and release notes for 7.5.8 (#35703) (#35822) * CI: Upgrade pipeline tool to use main (#35804) * CI: try to force v7.5.x instead of master (#35799) * CI: supports move from master to main in 7.5.x release branch (#35747) * "Release: Updated versions in package to 7.5.8" (#35701) * Chore: Bump acorn and lodash-es (#35650) * Snapshots: Remove dashboard links from snapshots (#35567) (#35585) * [v7.5.x] Datasource: Allow configuring `MaxConnsPerHost` (#35519) * Remove docs sync from v7.5.x (#35443) * "Release: Updated versions in package to 7.5.7" (#35412) * Add max_idle_connections_per_host to config (#35365) * Update go.sum to fix failing enterprise pipeline (#35353) * [v7.5.x] HTTP Client: Introduce `go-conntrack` (#35321) * Fix Markdown syntax in enterprise/license/_index.md (#34683) (#35210) * Update annotations.md (#33218) (#35138) * Docs: Add query caching to enterprise docs page (#34751) (#35025) * [7.5.x] Admin: hide per role counts for licensed users (#34994) * cleanup shortcodes, image paths (#34827) * Security: Upgrade Thrift dependency (#34698) (#34702) * Docs: Fix Quick Start link on Geting Started Influx page (#34549) (#34603) * Add link to release notes v7.5.7 (#34460) (#34474) * Update 7.5.x landing page (#34447) * ReleaseNotes: Updated changelog and release notes for 7.5.7 (#34383) (#34428) - Update to 7.5.10 * [v7.5.x] Transformations: add "prepare time series" transformer. [#36749] - Update to 7.5.9 * Login: Fix Unauthorized message that is displayed on sign-in or snapshot page. [#35880] - Drop drop-grafana-aws-sdk-0.3.0-module.patch (upstream) mgr-cfg: - Version 4.3.4-1 * Fix installation problem for SLE15SP4 due missing python-selinux * Fix python selinux package name depending on build target (bsc#1193600) * Do not build python 2 package for SLE15SP4 and higher mgr-custom-info: - Version 4.3.3-1 * require python macros for building mgr-osad: - Version 4.3.3-1 * require python macros for building * Do not build python 2 package for SLE15SP4 and higher mgr-push: - Version 4.3.2-1 * Do not build python 2 package for SLE15SP4 and higher mgr-virtualization: - Version 4.3.2-1 * require python macros for building * Do not build python 2 package for SLE15SP4 and higher python-hwdata: - Require python macros for building rhnlib: - Version 4.3.2-1 * do not build python 2 package for SLE15 salt: - Don't check for cached pillar errors on state.apply (bsc#1190781) spacecmd: - Version 4.3.5-1 * require python macros for building spacewalk-client-tools: - Version 4.3.5-1 * require python macros for building * do not build python 2 package for SLE15 spacewalk-koan: - Version 4.3.2-1 * Do not build python 2 package for SLE15SP4 and higher spacewalk-oscap: - Version 4.3.2-1 * require python macros for building * Do not build python 2 package for SLE15SP4 and higher spacewalk-remote-utils: - Version 4.3.2-1 * require python macros for building suseRegisterInfo: - Version 4.3.2-1 * require python macros for building * Do not build python 2 package for SLE15 and higher uyuni-common-libs: - Version 4.3.2-1 * Read modularity data from DISTTAG tag as fallback (bsc#1192487) * Add decompression of zck files to fileutils * require python macros for building zypp-plugin-spacewalk: - 1.0.11 * require python macros for building Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2022-311=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): grafana-7.5.12-159000.4.18.3 python3-salt-3003.3-159000.8.47.2 python3-uyuni-common-libs-4.3.2-159000.3.24.4 salt-3003.3-159000.8.47.2 salt-api-3003.3-159000.8.47.2 salt-cloud-3003.3-159000.8.47.2 salt-doc-3003.3-159000.8.47.2 salt-master-3003.3-159000.8.47.2 salt-minion-3003.3-159000.8.47.2 salt-proxy-3003.3-159000.8.47.2 salt-ssh-3003.3-159000.8.47.2 salt-standalone-formulas-configuration-3003.3-159000.8.47.2 salt-syndic-3003.3-159000.8.47.2 - SUSE Manager Tools 15-BETA (noarch): ansible-2.9.21-159000.3.6.2 ansible-doc-2.9.21-159000.3.6.2 mgr-cfg-4.3.4-159000.4.20.2 mgr-cfg-actions-4.3.4-159000.4.20.2 mgr-cfg-client-4.3.4-159000.4.20.2 mgr-cfg-management-4.3.4-159000.4.20.2 mgr-custom-info-4.3.3-159000.4.12.3 mgr-osad-4.3.3-159000.4.21.4 mgr-push-4.3.2-159000.4.12.4 mgr-virtualization-host-4.3.2-159000.4.12.3 python3-hwdata-2.3.5-159000.5.10.3 python3-mgr-cfg-4.3.4-159000.4.20.2 python3-mgr-cfg-actions-4.3.4-159000.4.20.2 python3-mgr-cfg-client-4.3.4-159000.4.20.2 python3-mgr-cfg-management-4.3.4-159000.4.20.2 python3-mgr-osa-common-4.3.3-159000.4.21.4 python3-mgr-osad-4.3.3-159000.4.21.4 python3-mgr-push-4.3.2-159000.4.12.4 python3-mgr-virtualization-common-4.3.2-159000.4.12.3 python3-mgr-virtualization-host-4.3.2-159000.4.12.3 python3-rhnlib-4.3.2-159000.6.21.3 python3-spacewalk-check-4.3.5-159000.6.36.5 python3-spacewalk-client-setup-4.3.5-159000.6.36.5 python3-spacewalk-client-tools-4.3.5-159000.6.36.5 python3-spacewalk-koan-4.3.2-159000.6.12.3 python3-spacewalk-oscap-4.3.2-159000.6.12.3 python3-suseRegisterInfo-4.3.2-159000.6.18.3 python3-zypp-plugin-spacewalk-1.0.11-159000.6.18.3 salt-bash-completion-3003.3-159000.8.47.2 salt-fish-completion-3003.3-159000.8.47.2 salt-zsh-completion-3003.3-159000.8.47.2 spacecmd-4.3.5-159000.6.30.3 spacewalk-check-4.3.5-159000.6.36.5 spacewalk-client-setup-4.3.5-159000.6.36.5 spacewalk-client-tools-4.3.5-159000.6.36.5 spacewalk-koan-4.3.2-159000.6.12.3 spacewalk-oscap-4.3.2-159000.6.12.3 spacewalk-remote-utils-4.3.2-159000.6.12.3 suseRegisterInfo-4.3.2-159000.6.18.3 zypp-plugin-spacewalk-1.0.11-159000.6.18.3 References: https://www.suse.com/security/cve/CVE-2021-39226.html https://www.suse.com/security/cve/CVE-2021-43813.html https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1191454 https://bugzilla.suse.com/1192487 https://bugzilla.suse.com/1193600 https://bugzilla.suse.com/1193688 From sle-updates at lists.suse.com Wed Feb 2 14:55:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:55:13 +0100 (CET) Subject: SUSE-RU-2022:0305-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220202145513.B2D8BFE0E@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0305-1 Rating: moderate References: #1190781 ECO-3319 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Don't check for cached pillar errors on state.apply (bsc#1190781) scap-security-guide: - Updated to 0.1.59 release (jsc#ECO-3319) - Support for Debian 11 - NERC CIP profiles for OCP4 and RHCOS - HIPAA profile for SUSE Linux Enterprise 15 - Delta Tailoring Files for STIG profiles spacecmd: - Version 4.3.5-1 * require python macros for building Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-20.04-CLIENT-TOOLS-BETA-2022-305=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (all): salt-common-3003.3+ds-1+2.33.1 salt-minion-3003.3+ds-1+2.33.1 scap-security-guide-ubuntu-0.1.59-2.9.1 spacecmd-4.3.5-2.24.1 References: https://bugzilla.suse.com/1190781 From sle-updates at lists.suse.com Wed Feb 2 14:58:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 15:58:24 +0100 (CET) Subject: SUSE-RU-2022:0304-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220202145824.7066DFE0E@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0304-1 Rating: moderate References: #1190781 ECO-3319 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Don't check for cached pillar errors on state.apply (bsc#1190781) scap-security-guide: - Updated to 0.1.59 release (jsc#ECO-3319) - Support for Debian 11 - NERC CIP profiles for OCP4 and RHCOS - HIPAA profile for SUSE Linux Enterprise 15 - Delta Tailoring Files for STIG profiles spacecmd: - Version 4.3.5-1 * require python macros for building Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-18.04-CLIENT-TOOLS-BETA-2022-304=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (all): salt-common-3003.3+ds-1+27.48.1 salt-minion-3003.3+ds-1+27.48.1 scap-security-guide-ubuntu-0.1.59-2.9.1 spacecmd-4.3.5-2.30.1 References: https://bugzilla.suse.com/1190781 From sle-updates at lists.suse.com Wed Feb 2 17:19:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 18:19:08 +0100 (CET) Subject: SUSE-RU-2022:0312-1: moderate: Recommended update for rrdtool Message-ID: <20220202171908.1FADCFE02@maintenance.suse.de> SUSE Recommended Update: Recommended update for rrdtool ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0312-1 Rating: moderate References: #1189375 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rrdtool fixes the following issues: - Remove umask usage as it creates issues and it's not thread safe. (bsc#1189375) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-312=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-312=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-312=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): librrd8-1.7.0-6.3.1 librrd8-debuginfo-1.7.0-6.3.1 perl-rrdtool-1.7.0-6.3.1 perl-rrdtool-debuginfo-1.7.0-6.3.1 rrdtool-1.7.0-6.3.1 rrdtool-debuginfo-1.7.0-6.3.1 rrdtool-debugsource-1.7.0-6.3.1 rrdtool-devel-1.7.0-6.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): perl-rrdtool-1.7.0-6.3.1 perl-rrdtool-debuginfo-1.7.0-6.3.1 rrdtool-debuginfo-1.7.0-6.3.1 rrdtool-debugsource-1.7.0-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): librrd8-1.7.0-6.3.1 librrd8-debuginfo-1.7.0-6.3.1 perl-rrdtool-1.7.0-6.3.1 perl-rrdtool-debuginfo-1.7.0-6.3.1 rrdtool-1.7.0-6.3.1 rrdtool-debuginfo-1.7.0-6.3.1 rrdtool-debugsource-1.7.0-6.3.1 rrdtool-devel-1.7.0-6.3.1 References: https://bugzilla.suse.com/1189375 From sle-updates at lists.suse.com Wed Feb 2 17:20:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 18:20:19 +0100 (CET) Subject: SUSE-RU-2022:0313-1: moderate: Recommended update for infinipath-psm Message-ID: <20220202172019.A4F2FFE02@maintenance.suse.de> SUSE Recommended Update: Recommended update for infinipath-psm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0313-1 Rating: moderate References: #1047218 #1133133 #1160270 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for infinipath-psm fixes the following issues: - Fix compilation with GCC10. (bsc#1160270) - Disable LTO. (bsc#1133133) - Fix build date. (bsc#1047218) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-313=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-313=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-313=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): infinipath-psm-debugsource-3.3-5.3.1 infinipath-psm-devel-3.3-5.3.1 libinfinipath4-3.3-5.3.1 libinfinipath4-debuginfo-3.3-5.3.1 libpsm_infinipath1-3.3-5.3.1 libpsm_infinipath1-debuginfo-3.3-5.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): infinipath-psm-debugsource-3.3-5.3.1 infinipath-psm-devel-3.3-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): infinipath-psm-debugsource-3.3-5.3.1 libinfinipath4-3.3-5.3.1 libinfinipath4-debuginfo-3.3-5.3.1 libpsm_infinipath1-3.3-5.3.1 libpsm_infinipath1-debuginfo-3.3-5.3.1 References: https://bugzilla.suse.com/1047218 https://bugzilla.suse.com/1133133 https://bugzilla.suse.com/1160270 From sle-updates at lists.suse.com Wed Feb 2 17:21:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Feb 2022 18:21:12 +0100 (CET) Subject: SUSE-RU-2022:0314-1: moderate: Recommended update for trento-premium Message-ID: <20220202172112.098C0FE02@maintenance.suse.de> SUSE Recommended Update: Recommended update for trento-premium ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0314-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for trento-premium fixes the following issues: Release 0.8.1 fixes these issues: - web pod crashing when receiving unexpected data - Recover and handle panics in projectors - Fix parse azure cloud data Release 0.8.0 fixes these issues: - Cloud provider name is missing from the host's Cloud Detail section - Allow --help as non-root for install-agent.sh - 'Select All' and 'Deselect All' are missing in Filters 'Health status...' - Cross reference the related variables between the helm charts - Add mTLS agent/server configuration to the installers and the helm chart - Run npx prettier formatting on e2e test files - Add new e2e tests for the checks catalog view - Add provider field in the cloud details section - Check results pruning command and cron job - Store runner check results in the database - Projected events are skipped if events are coming almost in parallel - Filters not visualized when they are set in the URI - Individual checks are not properly highlighted when selected in the cluster settings modal - DB address appears as `` in the demo environment - Health overview should give information about all the hosts - Premium badge in the checks catalog out of place - Obsolete database info in Hosts detail view after un\_registration - Duplicate database after unregistration and registration process - page 'Pacemaker Clusters' not reloaded automatically after tag removed - Fix tag removal when filtering - Fix health container numbers and pagination numbers - Set table filters properly when the page is reloaded in a new tab - Fix checkbox not shown as selected inside tables - Replace premium check position to description column - Fix error in prune checks chart declaration - Create the premium detecion service mocks properly - Telemetry context: `apiHost` is a confusing name - Add tests to the cmd line and env variables usage Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-314=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-314=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-314=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): trento-premium-0.8.1+git.dev69.1643724601.92fd00b-150300.3.5.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): trento-premium-0.8.1+git.dev69.1643724601.92fd00b-150300.3.5.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): trento-premium-0.8.1+git.dev69.1643724601.92fd00b-150300.3.5.1 References: From sle-updates at lists.suse.com Thu Feb 3 07:28:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Feb 2022 08:28:33 +0100 (CET) Subject: SUSE-IU-2022:237-1: Security update of suse-sles-15-chost-byos-v20220201-hvm-ssd-x86_64 Message-ID: <20220203072833.A10D0FE02@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-chost-byos-v20220201-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:237-1 Image Tags : suse-sles-15-chost-byos-v20220201-hvm-ssd-x86_64:20220201 Image Release : Severity : critical Type : security References : 1021918 1027496 1029961 1029961 1029961 1040589 1047218 1047233 1050625 1050625 1065600 1065729 1078466 1080040 1085235 1085308 1085917 1087078 1087082 1089870 1100394 1101149 1102252 1102408 1102408 1102640 1105412 1106014 1108488 1113013 1125011 1125671 1129898 1129962 1131314 1131553 1133374 1133407 1134353 1138715 1138746 1140565 1144912 1146705 1148868 1149032 1149813 1149954 1152308 1152489 1153687 1154353 1154393 1154790 1154837 1154935 1157818 1158812 1158817 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1159886 1160309 1160438 1160439 1160452 1160462 1161268 1162581 1162964 1163019 1163592 1163840 1164713 1164719 1167471 1167756 1167773 1168481 1168894 1168952 1169122 1169348 1170092 1170094 1170774 1170858 1171420 1171479 1171962 1172091 1172115 1172199 1172234 1172236 1172240 1172308 1172380 1172382 1172383 1172384 1172385 1172386 1172442 1172478 1172505 1172670 1172863 1172863 1172973 1172974 1173074 1173485 1173489 1173612 1173641 1173746 1173760 1173886 1173942 1174016 1174016 1174075 1174161 1174386 1174504 1174514 1174641 1174697 1175081 1175289 1175441 1175448 1175449 1175519 1175534 1175821 1175970 1176081 1176201 1176206 1176262 1176370 1176389 1176395 1176473 1176673 1176682 1176684 1176708 1176711 1176720 1176784 1176785 1176846 1176934 1176940 1177120 1177125 1177211 1177222 1177238 1177238 1177275 1177275 1177411 1177427 1177427 1177460 1177460 1177583 1177583 1177666 1177883 1177976 1178168 1178174 1178181 1178182 1178219 1178272 1178372 1178386 1178401 1178490 1178491 1178561 1178565 1178577 1178589 1178590 1178591 1178624 1178675 1178683 1178684 1178762 1178775 1178801 1178801 1178886 1178910 1178910 1178934 1178935 1178966 1178966 1178969 1179014 1179015 1179045 1179071 1179082 1179083 1179083 1179107 1179140 1179141 1179222 1179222 1179264 1179265 1179382 1179415 1179419 1179428 1179429 1179454 1179466 1179467 1179468 1179477 1179484 1179508 1179509 1179601 1179610 1179616 1179660 1179663 1179666 1179694 1179721 1179745 1179756 1179805 1179816 1179847 1179847 1179877 1179878 1179895 1179908 1179909 1179909 1179960 1179961 1180008 1180020 1180027 1180028 1180029 1180030 1180031 1180032 1180038 1180052 1180058 1180064 1180073 1180077 1180083 1180086 1180125 1180176 1180243 1180401 1180401 1180403 1180432 1180433 1180434 1180435 1180478 1180501 1180523 1180559 1180562 1180596 1180603 1180663 1180676 1180686 1180721 1180851 1180933 1181001 1181011 1181032 1181108 1181126 1181131 1181158 1181173 1181283 1181283 1181299 1181306 1181309 1181328 1181328 1181349 1181351 1181358 1181371 1181443 1181504 1181505 1181535 1181536 1181553 1181571 1181594 1181610 1181622 1181622 1181639 1181641 1181645 1181677 1181679 1181696 1181730 1181730 1181732 1181732 1181747 1181749 1181753 1181831 1181843 1181854 1181874 1181911 1181933 1181944 1181976 1182016 1182057 1182066 1182117 1182137 1182140 1182168 1182175 1182244 1182246 1182262 1182263 1182279 1182309 1182324 1182328 1182331 1182333 1182362 1182372 1182379 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182421 1182422 1182425 1182431 1182451 1182471 1182476 1182577 1182604 1182629 1182629 1182651 1182672 1182715 1182716 1182717 1182791 1182846 1182904 1182936 1182947 1182950 1182968 1182975 1183022 1183024 1183063 1183064 1183069 1183070 1183085 1183094 1183268 1183370 1183371 1183374 1183374 1183421 1183453 1183456 1183457 1183509 1183589 1183593 1183628 1183646 1183686 1183696 1183732 1183738 1183761 1183775 1183791 1183797 1183800 1183826 1183855 1183858 1183933 1183936 1183939 1184085 1184120 1184124 1184124 1184167 1184168 1184170 1184192 1184193 1184194 1184196 1184198 1184208 1184211 1184326 1184358 1184388 1184391 1184393 1184397 1184399 1184400 1184401 1184435 1184439 1184505 1184507 1184509 1184511 1184512 1184514 1184583 1184611 1184614 1184614 1184616 1184644 1184650 1184675 1184690 1184758 1184761 1184768 1184804 1184804 1184829 1184912 1184942 1184962 1184967 1184994 1184994 1184997 1184997 1185016 1185046 1185113 1185157 1185239 1185244 1185248 1185302 1185325 1185331 1185345 1185377 1185405 1185405 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185524 1185540 1185562 1185588 1185611 1185642 1185677 1185698 1185725 1185726 1185726 1185758 1185762 1185807 1185859 1185860 1185861 1185862 1185898 1185910 1185958 1185987 1185991 1185993 1186004 1186012 1186015 1186037 1186049 1186060 1186062 1186109 1186111 1186114 1186347 1186382 1186397 1186429 1186433 1186434 1186447 1186463 1186482 1186484 1186489 1186503 1186602 1186687 1186791 1186910 1186975 1187038 1187050 1187060 1187105 1187153 1187167 1187210 1187212 1187215 1187224 1187270 1187273 1187292 1187338 1187364 1187365 1187366 1187367 1187400 1187425 1187452 1187466 1187512 1187529 1187554 1187595 1187601 1187654 1187668 1187704 1187738 1187760 1187911 1187921 1187937 1187993 1188018 1188062 1188063 1188063 1188067 1188116 1188127 1188156 1188160 1188161 1188172 1188217 1188218 1188219 1188220 1188282 1188282 1188291 1188344 1188401 1188435 1188563 1188601 1188623 1188651 1188651 1188713 1188763 1188838 1188876 1188881 1188891 1188983 1188985 1188986 1189031 1189057 1189097 1189145 1189206 1189241 1189262 1189287 1189291 1189297 1189373 1189373 1189376 1189378 1189378 1189380 1189399 1189400 1189465 1189465 1189480 1189521 1189521 1189552 1189632 1189683 1189702 1189706 1189743 1189803 1189841 1189841 1189846 1189879 1189882 1189884 1189884 1189938 1189983 1189984 1189996 1190023 1190023 1190025 1190052 1190059 1190062 1190067 1190115 1190117 1190159 1190159 1190199 1190225 1190234 1190325 1190351 1190356 1190358 1190373 1190374 1190375 1190406 1190432 1190440 1190465 1190467 1190479 1190523 1190534 1190534 1190543 1190552 1190576 1190595 1190596 1190598 1190598 1190601 1190620 1190626 1190645 1190670 1190679 1190705 1190712 1190717 1190717 1190739 1190746 1190758 1190784 1190785 1190793 1190815 1190826 1190858 1190915 1190933 1190975 1190984 1191015 1191121 1191172 1191193 1191193 1191200 1191240 1191242 1191252 1191260 1191286 1191292 1191315 1191317 1191324 1191334 1191355 1191370 1191434 1191480 1191500 1191563 1191566 1191609 1191675 1191690 1191790 1191800 1191804 1191922 1191961 1191987 1192045 1192146 1192161 1192248 1192267 1192337 1192379 1192400 1192436 1192554 1192557 1192559 1192688 1192717 1192775 1192781 1192790 1192802 1193170 1193436 1193480 1193481 1193488 1193521 1193845 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 928700 928701 954813 CVE-2015-3414 CVE-2015-3415 CVE-2016-10228 CVE-2017-9271 CVE-2017-9271 CVE-2018-3639 CVE-2018-9517 CVE-2019-15890 CVE-2019-16884 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19921 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-19977 CVE-2019-20218 CVE-2019-20806 CVE-2019-20838 CVE-2019-20916 CVE-2019-20934 CVE-2019-25013 CVE-2019-3874 CVE-2019-3900 CVE-2020-0433 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-10756 CVE-2020-10781 CVE-2020-11080 CVE-2020-11668 CVE-2020-11947 CVE-2020-12049 CVE-2020-12400 CVE-2020-12401 CVE-2020-12403 CVE-2020-12762 CVE-2020-12770 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-13659 CVE-2020-13754 CVE-2020-13765 CVE-2020-13987 CVE-2020-13988 CVE-2020-14155 CVE-2020-14343 CVE-2020-14364 CVE-2020-14364 CVE-2020-14372 CVE-2020-15257 CVE-2020-15358 CVE-2020-15436 CVE-2020-15437 CVE-2020-15469 CVE-2020-15863 CVE-2020-16092 CVE-2020-17437 CVE-2020-17438 CVE-2020-24370 CVE-2020-24371 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-25084 CVE-2020-25211 CVE-2020-25613 CVE-2020-25624 CVE-2020-25625 CVE-2020-25632 CVE-2020-25639 CVE-2020-25647 CVE-2020-25648 CVE-2020-25659 CVE-2020-25669 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-25707 CVE-2020-25723 CVE-2020-25723 CVE-2020-26116 CVE-2020-26137 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2020-26558 CVE-2020-27068 CVE-2020-27170 CVE-2020-27171 CVE-2020-27617 CVE-2020-27618 CVE-2020-27673 CVE-2020-27749 CVE-2020-27777 CVE-2020-27779 CVE-2020-27786 CVE-2020-27815 CVE-2020-27825 CVE-2020-27835 CVE-2020-28374 CVE-2020-28493 CVE-2020-28915 CVE-2020-28916 CVE-2020-28974 CVE-2020-29129 CVE-2020-29129 CVE-2020-29130 CVE-2020-29130 CVE-2020-29361 CVE-2020-29368 CVE-2020-29371 CVE-2020-29374 CVE-2020-29443 CVE-2020-29562 CVE-2020-29568 CVE-2020-29569 CVE-2020-29573 CVE-2020-29651 CVE-2020-29660 CVE-2020-29661 CVE-2020-35503 CVE-2020-35504 CVE-2020-35505 CVE-2020-35506 CVE-2020-35512 CVE-2020-35519 CVE-2020-36158 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-36242 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2020-36385 CVE-2020-36386 CVE-2020-3702 CVE-2020-3702 CVE-2020-4788 CVE-2020-6829 CVE-2020-8608 CVE-2020-8625 CVE-2020-9327 CVE-2021-0089 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-0941 CVE-2021-20181 CVE-2021-20193 CVE-2021-20203 CVE-2021-20219 CVE-2021-20221 CVE-2021-20225 CVE-2021-20231 CVE-2021-20232 CVE-2021-20233 CVE-2021-20255 CVE-2021-20257 CVE-2021-20257 CVE-2021-20305 CVE-2021-20320 CVE-2021-20322 CVE-2021-21284 CVE-2021-21284 CVE-2021-21285 CVE-2021-21285 CVE-2021-21334 CVE-2021-22543 CVE-2021-22555 CVE-2021-22876 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-23133 CVE-2021-23134 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-25214 CVE-2021-25215 CVE-2021-25217 CVE-2021-25219 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-27379 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28690 CVE-2021-28692 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28701 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVE-2021-28950 CVE-2021-28964 CVE-2021-28965 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-30465 CVE-2021-30465 CVE-2021-3156 CVE-2021-3177 CVE-2021-31799 CVE-2021-31810 CVE-2021-31916 CVE-2021-32066 CVE-2021-32399 CVE-2021-32760 CVE-2021-32760 CVE-2021-33033 CVE-2021-33034 CVE-2021-33200 CVE-2021-3326 CVE-2021-3347 CVE-2021-3348 CVE-2021-33560 CVE-2021-33574 CVE-2021-33624 CVE-2021-33909 CVE-2021-33910 CVE-2021-33910 CVE-2021-3416 CVE-2021-3419 CVE-2021-3426 CVE-2021-3426 CVE-2021-3428 CVE-2021-3444 CVE-2021-34556 CVE-2021-34693 CVE-2021-3483 CVE-2021-3491 CVE-2021-34981 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3527 CVE-2021-3537 CVE-2021-3541 CVE-2021-35477 CVE-2021-3580 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-35942 CVE-2021-3595 CVE-2021-3609 CVE-2021-3611 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3656 CVE-2021-3659 CVE-2021-3669 CVE-2021-3672 CVE-2021-3679 CVE-2021-3682 CVE-2021-3712 CVE-2021-3712 CVE-2021-3713 CVE-2021-37159 CVE-2021-3732 CVE-2021-3733 CVE-2021-3737 CVE-2021-3744 CVE-2021-3744 CVE-2021-3748 CVE-2021-3752 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3760 CVE-2021-3764 CVE-2021-3764 CVE-2021-3772 CVE-2021-38160 CVE-2021-38185 CVE-2021-38185 CVE-2021-38198 CVE-2021-38204 CVE-2021-39537 CVE-2021-40490 CVE-2021-40490 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41617 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-43527 CVE-2021-43618 CVE-2021-43784 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 ----------------------------------------------------------------- The container suse-sles-15-chost-byos-v20220201-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2810-1 Released: Tue Oct 29 14:56:44 2019 Summary: Security update for runc Type: security Severity: moderate References: 1131314,1131553,1152308,CVE-2019-16884 This update for runc fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) Non-security issues fixed: - Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:944-1 Released: Tue Apr 7 15:49:33 2020 Summary: Security update for runc Type: security Severity: moderate References: 1149954,1160452,CVE-2019-19921 This update for runc fixes the following issues: runc was updated to v1.0.0~rc10 - CVE-2019-19921: Fixed a mount race condition with shared mounts (bsc#1160452). - Fixed an issue where podman run hangs when spawned by salt-minion process (bsc#1149954). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:305-1 Released: Thu Feb 4 15:00:37 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the base products. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:341-1 Released: Mon Feb 8 17:39:53 2021 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1177211,1181571,CVE-2020-26116 This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs (bsc#1177211). - Skip test for RECENT_DATE (bsc#1181571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:415-1 Released: Wed Feb 10 11:53:27 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1180176 This update for cloud-init fixes the following issues: - Update cloud-init-write-routes.patch (bsc#1180176) + Follow up to previous changes. Fix order of operations error to make gateway comparison between subnet configuration and route configuration valuable rather than self-comparing. - Add cloud-init-sle12-compat.patch (jsc#PM-2335) - Python 3.4 compatibility in setup.py - Disable some test for mock version compatibility ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:435-1 Released: Thu Feb 11 14:47:25 2021 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Type: security Severity: important References: 1174075,1176708,1178801,1178969,1180243,1180401,1181730,1181732,CVE-2020-15257,CVE-2021-21284,CVE-2021-21285 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969). - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) - CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730) Non-security issues fixed: - Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285). - Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401) - Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243 - Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708 - Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14 - Enable fish-completion - Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) - Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708 - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires. - Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support). - Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly. - Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243 - Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:438-1 Released: Thu Feb 11 16:33:54 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1144912,1149032,1163840,1168952,1172199,1173074,1173942,1176395,1176846,1177666,1178182,1178272,1178372,1178589,1178590,1178684,1178886,1179071,1179107,1179140,1179141,1179419,1179429,1179508,1179509,1179601,1179616,1179663,1179666,1179745,1179877,1179878,1179895,1179960,1179961,1180008,1180027,1180028,1180029,1180030,1180031,1180032,1180052,1180086,1180559,1180562,1180676,1181001,1181158,1181349,1181504,1181553,1181645,CVE-2019-20806,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-10781,CVE-2020-11668,CVE-2020-15436,CVE-2020-15437,CVE-2020-25211,CVE-2020-25639,CVE-2020-25669,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27835,CVE-2020-28374,CVE-2020-28915,CVE-2020-28974,CVE-2020-29371,CVE-2020-29568,CVE-2020-29569,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2021-3347,CVE-2021-3348 The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504). - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395). - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-10781: A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable (bnc#1173074). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c where uninitialized memory leaks to userspace (bnc#1179429). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). - CVE-2019-20806: Fixed a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service (bnc#1172199). The following non-security bugs were fixed: - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840 bsc#1179071). - blk-mq: make sure that line break can be printed (bsc#1163840 bsc#1179071). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1181349). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191). - kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032). - nbd: Fix memory leak in nbd_add_socket (bsc#1181504). - net/x25: prevent a couple of overflows (bsc#1178590). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/dasd: fix hanging device offline processing (bsc#1144912). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1178272). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:441-1 Released: Thu Feb 11 16:35:04 2021 Summary: Optional update for python3-jsonschema Type: optional Severity: low References: 1180403 This update provides the python3 variant of the jsonschema module to the SUSE Linux Enterprise 15 SP2 Basesystem module. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:501-1 Released: Thu Feb 18 05:32:54 2021 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1180501 This update for openssh fixes the following issues: - Fixed a crash which sometimes occured on connection termination, caused by accessing freed memory (bsc#1180501) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:507-1 Released: Thu Feb 18 09:34:49 2021 Summary: Security update for bind Type: security Severity: important References: 1182246,CVE-2020-8625 This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:516-1 Released: Thu Feb 18 14:42:51 2021 Summary: Recommended update for docker, golang-github-docker-libnetwork Type: recommended Severity: moderate References: 1178801,1180401,1182168 This update for docker, golang-github-docker-libnetwork fixes the following issues: - A libnetwork firewalld integration enhancement was broken, disable it (bsc#1178801,bsc#1180401,bsc#1182168) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:529-1 Released: Fri Feb 19 14:53:47 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177 This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:580-1 Released: Wed Feb 24 11:16:42 2021 Summary: Optional update for python-cffi Type: optional Severity: low References: 1182471 This update for python-cffi fixes the following issues: - Restored compatibility with Python 2.7 update (bsc#1182471) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:654-1 Released: Fri Feb 26 20:01:10 2021 Summary: Security update for python-Jinja2 Type: security Severity: important References: 1181944,1182244,CVE-2020-28493 This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have been called with untrusted user data (bsc#1181944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:685-1 Released: Tue Mar 2 19:06:08 2021 Summary: Security update for grub2 Type: security Severity: important References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263,CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 This update for grub2 fixes the following issues: grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:689-1 Released: Tue Mar 2 19:08:40 2021 Summary: Security update for bind Type: security Severity: important References: 1180933 This update for bind fixes the following issues: - dnssec-keygen can no longer generate HMAC keys. Use tsig-keygen instead. [bsc#1180933] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:696-1 Released: Wed Mar 3 18:17:53 2021 Summary: Security update for python-cryptography Type: security Severity: important References: 1182066,CVE-2020-36242 This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:740-1 Released: Tue Mar 9 16:09:58 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065600,1163592,1178401,1178762,1179014,1179015,1179045,1179082,1179428,1179660,1180058,1181747,1181753,1181843,1182140,1182175,CVE-2020-29368,CVE-2020-29374,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932 The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). The following non-security bugs were fixed: - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886) The in-tree KMP that is built with SLE kernels have a different scriptlet that is embedded in kernel-binary.spec.in rather than *.sh files. - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead. - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:755-1 Released: Tue Mar 9 17:11:22 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:770-1 Released: Thu Mar 11 20:24:05 2021 Summary: Security update for libsolv, libzypp, yast2-installation, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179847,1179909,1181328,1181622,1182629,CVE-2017-9271 This update for libsolv, libzypp, yast2-installation, zypper fixes the following issues: Update zypper to version 1.14.43: - doc: give more details about creating versioned package locks (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) - Prefer /run over /var/run. Update libzypp to 17.25.8: - Try to provide a mounted /proc in --root installs (bsc#1181328) Some systemd tools require /proc to be mounted and fail if it's not there. - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names (bsc#1179847) This allows to use the RH and SUSE patch categrory names synonymously: (recommended = bugfix) and (optional = feature = enhancement). - Fix %posttrans script execution (fixes #265) The scripts are execuable. No need to call them through 'sh -c'. - Commit: Fix rpmdb compat symlink in case rpm got removed. - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location ob the rpmdatabase to use. - BuildRequires: libsolv-devel >= 0.7.17. - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#1179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) Update yast2-installation to 4.0.77: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) Update libsolv to 0.7.17: - repo_write: fix handling of nested flexarray - improve choicerule generation a bit more to cover more cases - harden testcase parser against repos being added too late - support python-3.10 - check %_dbpath macro in rpmdb code - handle default/visible/langonly attributes in comps parser - support multiple collections in updateinfo parser - add '-D' option in rpmdb2solv to set the dbpath ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:890-1 Released: Fri Mar 19 15:51:41 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:931-1 Released: Wed Mar 24 12:10:41 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:933-1 Released: Wed Mar 24 12:16:14 2021 Summary: Security update for ruby2.5 Type: security Severity: important References: 1177125,1177222,CVE-2020-25613 This update for ruby2.5 fixes the following issues: - CVE-2020-25613: Fixed a potential HTTP Request Smuggling in WEBrick (bsc#1177125). - Enable optimizations also on ARM64 (bsc#1177222) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:934-1 Released: Wed Mar 24 12:18:21 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:951-1 Released: Thu Mar 25 14:36:20 2021 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1178490 This update for rsyslog fixes the following issues: - Fix groupname retrieval for large groups. (bsc#1178490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:956-1 Released: Thu Mar 25 19:19:02 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179816,1179847,1179909,1180077,1180663,1180721,1181328,1181622,1182629,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.43: - doc: give more details about creating versioned package locks (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) - Fix source-download commands help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) - Prefer /run over /var/run. Update libzypp to 17.25.8: - Try to provide a mounted /proc in --root installs (bsc#1181328) Some systemd tools require /proc to be mounted and fail if it's not there. - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names (bsc#1179847) This allows to use the RH and SUSE patch categrory names synonymously: (recommended = bugfix) and (optional = feature = enhancement). - Add missing includes for GCC 11 compatibility. - Fix %posttrans script execution (fixes #265) The scripts are execuable. No need to call them through 'sh -c'. - Commit: Fix rpmdb compat symlink in case rpm got removed. - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location ob the rpmdatabase to use. - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#1179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:985-1 Released: Tue Mar 30 14:43:43 2021 Summary: Recommended update for the Azure SDK and CLI Type: recommended Severity: moderate References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659 This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:991-1 Released: Wed Mar 31 13:28:37 2021 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1182324 This update for vim provides the following fixes: - Install SUSE vimrc in /usr. (bsc#1182324) - Source correct suse.vimrc file. (bsc#1182324) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:994-1 Released: Wed Mar 31 13:36:18 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1181283 This update for cloud-init fixes the following issues: - Does no longer include the sudoers.d directory twice (bsc#1181283) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1164-1 Released: Tue Apr 13 14:01:58 2021 Summary: Security update for open-iscsi Type: security Severity: important References: 1173886,1179908,1183421,CVE-2020-13987,CVE-2020-13988,CVE-2020-17437,CVE-2020-17438 This update for open-iscsi fixes the following issues: - CVE-2020-17437: uIP Out-of-Bounds Write (bsc#1179908) - CVE-2020-17438: uIP Out-of-Bounds Write (bsc#1179908) - CVE-2020-13987: uIP Out-of-Bounds Read (bsc#1179908) - CVE-2020-13988: uIP Integer Overflow (bsc#1179908) - Enabled no-wait ('-W') iscsiadm option for iscsi login service (bsc#1173886, bsc#1183421) - Added the ability to perform async logins (bsc#1173886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1244-1 Released: Fri Apr 16 14:46:04 2021 Summary: Security update for qemu Type: security Severity: important References: 1129962,1154790,1172383,1172384,1172385,1172386,1172478,1173612,1174386,1174641,1175441,1176673,1176682,1176684,1178174,1178565,1178934,1179466,1179467,1179468,1180523,1181108,1181639,1181933,1182137,1182425,1182577,1182968,CVE-2020-11947,CVE-2020-12829,CVE-2020-13361,CVE-2020-13362,CVE-2020-13659,CVE-2020-13765,CVE-2020-14364,CVE-2020-15469,CVE-2020-15863,CVE-2020-16092,CVE-2020-25084,CVE-2020-25624,CVE-2020-25625,CVE-2020-25723,CVE-2020-27617,CVE-2020-28916,CVE-2020-29129,CVE-2020-29130,CVE-2020-29443,CVE-2021-20181,CVE-2021-20203,CVE-2021-20221,CVE-2021-20257,CVE-2021-3416 This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386 - Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fix buffer overflow in the XGMAC device (CVE-2020-15863 bsc#1174386) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092 bsc#1174641) - Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Drop the 'ampersand 0x25 shift altgr' line in pt-br keymap file (bsc#1129962) - Fix migration failure with error message: 'error while loading state section id 3(ram) (bsc#1154790) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478) - Fix OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) - Tweaks to spec file for better formatting, and remove not needed BuildRequires for e2fsprogs-devel and libpcap-devel - Use '%service_del_postun_without_restart' instead of '%service_del_postun' to avoid 'Failed to try-restart qemu-ga at .service' error while updating the qemu-guest-agent. (bsc#1178565) - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1250-1 Released: Mon Apr 19 08:58:00 2021 Summary: Security update for xen Type: security Severity: important References: 1178591,1182431,CVE-2021-27379 This update for xen fixes the following issues: - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1271-1 Released: Tue Apr 20 14:06:07 2021 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1181696,1183761 This update for grub2 fixes the following issues: - Fix a migration issue due to a lower build number in higher service packs. (bsc#1183761) - Fix executable stack marking in `grub-emu`. (bsc#1181696) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1275-1 Released: Tue Apr 20 14:31:26 2021 Summary: Security update for sudo Type: security Severity: important References: 1183936,CVE-2021-3156 This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1280-1 Released: Tue Apr 20 14:34:19 2021 Summary: Security update for ruby2.5 Type: security Severity: moderate References: 1184644,CVE-2021-28965 This update for ruby2.5 fixes the following issues: - Update to 2.5.9 - CVE-2021-28965: XML round-trip vulnerability in REXML (bsc#1184644) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1293-1 Released: Wed Apr 21 14:06:36 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1181283,1184085 This update for cloud-init fixes the following issues: - Fixed an issue, where the bonding options were wrongly configured in SLE and openSUSE (bsc#1184085) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1425-1 Released: Thu Apr 29 06:23:08 2021 Summary: Optional update for tcpdump Type: optional Severity: low References: 1183800 This update for tcpdump fixes the following issues: - Disabled five regression tests that fail with libpcap > 1.8.1 (bsc#1183800) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1451-1 Released: Fri Apr 30 08:08:45 2021 Summary: Recommended update for dhcp Type: recommended Severity: moderate References: 1185157 This update for dhcp fixes the following issues: - Use '/run' instead of '/var/run' for PIDFile in 'dhcrelay.service'. (bsc#1185157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1471-1 Released: Tue May 4 08:36:57 2021 Summary: Security update for bind Type: security Severity: important References: 1183453,1185345,CVE-2021-25214,CVE-2021-25215 This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - make /usr/bin/delv in bind-tools position independent (bsc#1183453). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:33 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1557-1 Released: Tue May 11 09:50:00 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1183374,CVE-2021-3426 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1566-1 Released: Wed May 12 09:39:16 2021 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1162964,1184400 This update for chrony fixes the following issues: - Fix build with glibc-2.31 (bsc#1162964) - Use /run instead of /var/run for PIDFile in chronyd.service (bsc#1184400) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1573-1 Released: Wed May 12 12:02:58 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1047233,1173485,1176720,1177411,1178181,1179454,1181032,1182672,1182715,1182716,1182717,1183022,1183063,1183069,1183509,1183593,1183646,1183686,1183696,1183775,1184120,1184167,1184168,1184170,1184192,1184193,1184194,1184196,1184198,1184208,1184211,1184388,1184391,1184393,1184397,1184509,1184511,1184512,1184514,1184583,1184650,1184942,1185113,1185244,1185248,CVE-2020-0433,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27673,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-20219,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-29650,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483 The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193). - CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170). - CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192). - CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775). - CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696). - CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069). - CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). The following non-security bugs were fixed: - Revert 'rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)' This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032). - hv_netvsc: remove ndo_poll_controller (bsc#1185248). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514). - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1672-1 Released: Thu May 20 13:44:41 2021 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1021918,1089870,1168894,1169122,1169348,1170092,1170094,1170858,1176370,1178491,1180478,1181351,1181610,1181679,1181911,1182904,1182950,1183732,1183826,1184829,1184912 This update for supportutils fixes the following issues: - Collects rotated logs with different compression types (bsc#1180478) - Captures now IBM Power bootlist (jsc#SLE-15557) - Fixed some errors with supportutils in combination with the btrfs filesystem (bsc#1168894) - Fixed an issue with ntp.txt, when it contains large binary data (bsc#1169122) - Checks package signatures in rpm.txt (bsc#1021918) - Optimize find (bsc#1184912) - Using zypper --xmlout (bsc#1181351) - Error fix for sysfs.txt (bsc#1089870) - Added list-timers to systemd.txt (bsc#1169348) - Including nfs4 in search (bsc#1184829) - [powerpc] Collect dynamic_debug log files for ibmvNIC #98 (bsc#1183826) - Fixed mismatched taint flags (bsc#1178491) - Removed redundant fdisk code that can cause timeout issues (bsc#1181679) - Supportconfig processes -f without hanging (bsc#1182904) - Collect logs for power specific components (using iprconfig) pr#94 (bsc#1182950) - [powerpc] Collect logs for power specific components (HNV) pr#88 (bsc#1181911) - Includes NVMe information with OPTION_NVME=1 in nvme.txt (bsc#1176370, SLE-15932) - No longer truncates boot log (bsc#1181610) - Collects rotated logs with different compression types (bsc#1180478) - Capture IBM Power bootlist (SLE-15557) - [powerpc] Collect logs for power specific components #72 (bscn#1176895) - Fixed btrfs errors (bsc#1168894) - Large ntp.txt with binary data (bsc#1169122) - Only include hostinfo details in /etc/motd (bsc#1170092) - Fixed CPU load average calculation (bsc#1170094) - Understands 3rd party packages on SLES or OpenSUSE (bsc#1170858) - Implement persistens host information across reboots (bsc#1183732) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1675-1 Released: Thu May 20 15:00:23 2021 Summary: Recommended update for snappy Type: recommended Severity: moderate References: 1080040,1184507 This update for snappy fixes the following issues: Update from version 1.1.3 to 1.1.8 - Small performance improvements. - Removed `snappy::string` alias for `std::string`. - Improved `CMake` configuration. - Improved packages descriptions. - Fix RPM groups. - Aarch64 fixes - PPC speedups - PIE improvements - Fix license install. (bsc#1080040) - Fix a 1% performance regression when snappy is used in PIE executable. - Improve compression performance by 5%. - Improve decompression performance by 20%. - Use better download URL. - Fix a build issue for tensorflow2. (bsc#1184507) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1757-1 Released: Tue May 25 14:26:03 2021 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libsolv and libzypp fixes the following issues: libsolv: Upgrade from version 0.7.17 to version 0.7.19 - Fix rare segfault in `resolve_jobrules()` that could happen if new rules are learned. - Fix memory leaks in error cases - Fix error handling in `solv_xfopen_fd()` - Fix regex code on win32 - fixed memory leak in choice rule generation - `repo_add_conda`: add a flag to skip version 2 packages. libzypp: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1773-1 Released: Wed May 26 17:22:21 2021 Summary: Recommended update for python3 Type: recommended Severity: low References: This update for python3 fixes the following issues: - Make sure to close the import_failed.map file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1809-1 Released: Mon May 31 16:24:59 2021 Summary: Security update for curl Type: security Severity: moderate References: 1177976,1183933,1186114,CVE-2021-22876,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials (bsc#1183933). - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Fix for SFTP uploads when it results in empty uploaded files (bsc#1177976). - Allow partial chain verification (jsc#SLE-17956). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1823-1 Released: Tue Jun 1 14:23:00 2021 Summary: Security update for python-py Type: security Severity: moderate References: 1179805,1184505,CVE-2020-29651 This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1841-1 Released: Wed Jun 2 16:30:17 2021 Summary: Security update for dhcp Type: security Severity: important References: 1186382,CVE-2021-25217 This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1846-1 Released: Fri Jun 4 08:46:37 2021 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1185910 This update for mozilla-nss fixes the following issue: - Provide some missing binaries from `mozilla-nss` not added in `SLE-Module-Basesystem_15-SP3`. (bsc#1185910) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1895-1 Released: Tue Jun 8 16:06:22 2021 Summary: Security update for qemu Type: security Severity: important References: 1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1179484,1182846,1182975,CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419 This update for qemu fixes the following issues: - Fix OOB access during mmio operations (CVE-2020-13754, bsc#1172382) - Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380) - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1953-1 Released: Thu Jun 10 16:18:50 2021 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1161268,1172308 This update for gpg2 fixes the following issues: - Fixed an issue where the gpg-agent's ssh-agent does not handle flags in signing requests properly (bsc#1161268 and bsc#1172308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1954-1 Released: Fri Jun 11 10:45:09 2021 Summary: Security update for containerd, docker, runc Type: security Severity: important References: 1168481,1175081,1175821,1181594,1181641,1181677,1181730,1181732,1181749,1182451,1182476,1182947,1183024,1183855,1184768,1184962,1185405,CVE-2021-21284,CVE-2021-21285,CVE-2021-21334,CVE-2021-30465 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594) * Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476). * CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) * CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730). * btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081) runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962). * Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821). * Fixed /dev/null is not available (bsc#1168481). * CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405). containerd was updated to v1.4.4 * CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397). * Handle a requirement from docker (bsc#1181594). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2091-1 Released: Mon Jun 21 10:45:13 2021 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1181173 This update for wget fixes the following issue: - When running recursively, wget will verify the length of the whole URL when saving the files. This will make it overwrite files with truncated names, throwing the following message: 'The name is too long,... trying to shorten'. (bsc#1181173) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2143-1 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Type: security Severity: important References: 1187060,CVE-2021-3580 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2155-1 Released: Thu Jun 24 15:38:25 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2179-1 Released: Mon Jun 28 17:36:37 2021 Summary: Recommended update for thin-provisioning-tools Type: recommended Severity: moderate References: 1184124 This update for thin-provisioning-tools fixes the following issues: - Link as position-independent executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2191-1 Released: Mon Jun 28 18:38:12 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1186791 This update for patterns-microos provides the following fix: - Add zypper-migration-plugin to the default pattern. (bsc#1186791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2211-1 Released: Wed Jun 30 15:58:09 2021 Summary: Security update for dbus-1 Type: security Severity: important References: 1187105,CVE-2020-35512 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2223-1 Released: Thu Jul 1 12:15:26 2021 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1173760 This update for chrony fixes the following issues: - Fixed an issue when chrony aborts in FIPS mode due to MD5. (bsc#1173760) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2246-1 Released: Mon Jul 5 15:17:49 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400 This update for systemd fixes the following issues: cgroup: Parse infinity properly for memory protections. (bsc#1167471) cgroup: Make empty assignments reset to default. (bsc#1167471) cgroup: Support 0-value for memory protection directives. (bsc#1167471) core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935) bus-unit-util: Add proper 'MemorySwapMax' serialization. core: Accept MemorySwapMax= properties that are scaled. execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967) core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: Set execute bits. (bsc#1178561) udev: Rework network device renaming. Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available'' mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) core: fix output (logging) for mount units (#7603) (bsc#1187400) udev requires systemd in its %post (bsc#1185958) cgroup: Parse infinity properly for memory protections (bsc#1167471) cgroup: Make empty assignments reset to default (bsc#1167471) cgroup: Support 0-value for memory protection directives (bsc#1167471) Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2286-1 Released: Fri Jul 9 17:38:53 2021 Summary: Recommended update for dosfstools Type: recommended Severity: moderate References: 1172863 This update for dosfstools fixes the following issue: - Fixed a bug that was causing an installation issue when trying to create an EFI partition on an NVMe-over-Fabrics device (bsc#1172863) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2401-1 Released: Tue Jul 20 04:30:03 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1183939,1184758 This update for cloud-init contains the following: - Change log file creation mode to 640. (bsc#1183939) - Do not write the generated password to the log file. (bsc#1184758) - Allow purging cache when Python when version change detected. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2412-1 Released: Tue Jul 20 15:25:21 2021 Summary: Security update for containerd Type: security Severity: moderate References: 1188282,CVE-2021-32760 This update for containerd fixes the following issues: - CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2421-1 Released: Wed Jul 21 11:01:01 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1176081,1179610,1183738,1184611,1184675,1185642,1185725,1185859,1185860,1185861,1185862,1185898,1185987,1186060,1186062,1186111,1186463,1186484,1187038,1187050,1187215,1187452,1187554,1187595,1187601,1188062,1188116,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26558,CVE-2020-36385,CVE-2020-36386,CVE-2021-0129,CVE-2021-0512,CVE-2021-0605,CVE-2021-22555,CVE-2021-23133,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-33624,CVE-2021-33909,CVE-2021-34693,CVE-2021-3491,CVE-2021-3609 The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116 ). - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). - CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215). - CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554). - CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1187601). - CVE-2021-0512: In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1187595). - CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (bnc#1179610). - CVE-2021-34693: net/can/bcm.c in the Linux kernel allowed local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized (bnc#1187452). - CVE-2020-36385: An issue was discovered in the Linux kernel drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050). - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463). - CVE-2020-36386: An issue was discovered in the Linux kernel net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf (bnc#1187038). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets (bnc#1185861). - CVE-2021-33200: kernel/bpf/verifier.c enforced incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (bnc#1186484). - CVE-2021-33034: net/bluetooth/hci_event.c had a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value (bnc#1186111). - CVE-2020-26139: An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and made it easier to exploit other vulnerabilities in connected clients (bnc#1186062). - CVE-2021-23134: Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability (bnc#1186060). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-26141: The Wi-Fi implementation did not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol (bnc#1185987). - CVE-2020-26145: The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration (bnc#1185860). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. () - CVE-2021-3491: The io_uring subsystem allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc//mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. (bnc#1185642). - CVE-2021-23133: A race condition in SCTP sockets (net/sctp/socket.c) could lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket (bnc#1184675). - CVE-2021-32399: net/bluetooth/hci_request.c in the Linux kernel has a race condition for removal of the HCI controller (bnc#1184611 bnc#1185898). The following non-security bugs were fixed: - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725). - af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081). - dm: fix redundant IO accounting for bios that need splitting (bsc#1183738). - kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081). - net/ethernet: Add parse_protocol header_ops support (bsc#1176081). - net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081). - net/mlx5e: Trust kernel regarding transport offset (bsc#1176081). - net/packet: Ask driver for protocol if not provided by user (bsc#1176081). - net/packet: Remove redundant skb->protocol set (bsc#1176081). - net: Do not set transport offset to invalid value (bsc#1176081). - net: Introduce parse_protocol header_ops callback (bsc#1176081). - video: hyperv_fb: Add ratelimit on error message (bsc#1185725). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2440-1 Released: Wed Jul 21 13:48:24 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2461-1 Released: Fri Jul 23 11:22:58 2021 Summary: Security update for qemu Type: security Severity: important References: 1187364,1187365,1187366,1187367,1187529,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3611 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366) - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364) - CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367) - CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365) - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2470-1 Released: Tue Jul 27 10:36:19 2021 Summary: Security update for dbus-1 Type: security Severity: important References: 1172505,CVE-2020-12049 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion (bsc#1172505) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2603-1 Released: Wed Aug 4 10:09:08 2021 Summary: Recommended update for sca-appliance-common, supportutils Type: recommended Severity: moderate References: 1185991,1185993,1186347,1186397,1186687 This update for sca-appliance-common, supportutils fixes the following issues: - Adding ethtool options to the supportconfigt. (jsc#SLE-18239, jsc#SLE-18344) - Fixed and issue when 'lsof' causes performance problems. (bsc#1186687) - Exclude 'rhn.conf' from 'etc.txt' to prevent supportconfig capturing passwords in clear text. (bsc#1186347) - Fix 'analyzevmcore' to supports local directories. (bsc#1186397) - Fix for 'getappcore' checking for valid compression binary. (bsc#1185991) - Fixed 'getappcore' to prevent triggering errors with help message. (bsc#1185993) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2760-1 Released: Tue Aug 17 17:11:14 2021 Summary: Security update for c-ares Type: security Severity: important References: 1188881,CVE-2021-3672 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881) - If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response - Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing - Use unbuffered /dev/urandom for random data to prevent early startup performance issues ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2817-1 Released: Mon Aug 23 15:05:18 2021 Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 Type: security Severity: moderate References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137 This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2829-1 Released: Tue Aug 24 16:19:47 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2871-1 Released: Mon Aug 30 15:46:25 2021 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1187921,1188763 This update for bind fixes the following issues: - Fix an assertion failure in the 'rehash()' function (bsc#1188763) When calculating the new hashtable bitsize, there was an off-by-one error that would allow the new bitsize to be larger than maximum allowed. - tsig-keygen is now used to generate DDNS keys (bsc#1187921) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2937-1 Released: Fri Sep 3 09:18:45 2021 Summary: Security update for libesmtp Type: security Severity: important References: 1160462,1189097,CVE-2019-19977 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2943-1 Released: Fri Sep 3 09:26:18 2021 Summary: Security update for xen Type: security Severity: important References: 1186429,1186433,1186434,1189373,1189376,1189378,1189380,1189882,CVE-2021-0089,CVE-2021-28690,CVE-2021-28692,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28699 This update for xen fixes the following issues: - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429). - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2950-1 Released: Fri Sep 3 11:59:19 2021 Summary: Recommended update for pcre2 Type: recommended Severity: moderate References: 1187937 This update for pcre2 fixes the following issue: - Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937) PHP versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2962-1 Released: Mon Sep 6 18:23:01 2021 Summary: Recommended update for runc Type: recommended Severity: critical References: 1189743 This update for runc fixes the following issues: - Fixed an issue when toolbox container fails to start. (bsc#1189743) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2967-1 Released: Tue Sep 7 09:52:21 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2978-1 Released: Wed Sep 8 11:54:41 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1185611 This update for SUSEConnect fixes the following issues: - Disallow registering via SUSEConnect if the system is managed by SUSE Manager. - Add subscription name to output of 'SUSEConnect --status'. - send payload of GET requests as part of the url, not in the body (see bsc#1185611) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3022-1 Released: Mon Sep 13 10:48:16 2021 Summary: Recommended update for c-ares Type: recommended Severity: important References: 1190225 This update for c-ares fixes the following issue: - Allow '_' as part of DNS response. (bsc#1190225) - 'c-ares' 1.17.2 introduced response validation to prevent a security issue, however it was not listing '_' as a valid character for domain name responses which caused issues when a 'CNAME' referenced a 'SRV' record which contained underscores. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3115-1 Released: Thu Sep 16 14:04:26 2021 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1029961,1174697,1176206,1176934,1179382,1188891,CVE-2020-12400,CVE-2020-12401,CVE-2020-12403,CVE-2020-25648,CVE-2020-6829 This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version. Mozilla NSS was updated to version 3.68: * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports('vsx') with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the ???Staat der Nederlanden Root CA - G3??? root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008???. * bmo#1694291 - Tracing fixes for ECH. update to NSS 3.62 * bmo#1688374 - Fix parallel build NSS-3.61 with make * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt 'cachedCertTable' * bmo#1690583 - Fix CH padding extension size calculation * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail * bmo#1690421 - Install packaged libabigail in docker-builds image * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing * bmo#1674819 - Fixup a51fae403328, enum type may be signed * bmo#1681585 - Add ECH support to selfserv * bmo#1681585 - Update ECH to Draft-09 * bmo#1678398 - Add Export/Import functions for HPKE context * bmo#1678398 - Update HPKE to draft-07 update to NSS 3.61 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. Update to NSS 3.60.1: Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. Update to NSS 3.59.1: * bmo#1679290 - Fix potential deadlock with certain third-party PKCS11 modules Update to NSS 3.59: Notable changes: * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. update to NSS 3.57 * The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097 * The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3 * Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed. * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting 'all' as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. update to NSS 3.54 Notable changes * Support for TLS 1.3 external pre-shared keys (bmo#1603042). * Use ARM Cryptography Extension for SHA256, when available (bmo#1528113) * The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017. * The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3. * A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list. Bugs fixed * bmo#1528113 - Use ARM Cryptography Extension for SHA256. * bmo#1603042 - Add TLS 1.3 external PSK support. * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows. * bmo#1645186 - Add 'certSIGN Root CA G2' root certificate. * bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate. * bmo#1641716 - Add Microsoft's non-EV root certificates. * bmo1621151 - Disable email trust bit for 'O=Government Root Certification Authority; C=TW' root. * bmo#1645199 - Remove AddTrust root certificates. * bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate. * bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root certificate. * bmo#1618402 - Remove Symantec root certificates and disable email trust bit. * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26. * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c. * bmo#1642153 - Fix infinite recursion building NSS. * bmo#1642638 - Fix fuzzing assertion crash. * bmo#1642871 - Enable SSL_SendSessionTicket after resumption. * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs. * bmo#1643557 - Fix numerous compile warnings in NSS. * bmo#1644774 - SSL gtests to use ClearServerCache when resetting self-encrypt keys. * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c. * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3233-1 Released: Mon Sep 27 15:02:21 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1085917,1181299,1181306,1181309,1181535,1181536,1188651,1189552 This update for xfsprogs fixes the following issues: - Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299) - xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency. - mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536) - mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535) - xfs_growfs: Refactor geometry reporting. (bsc#1181306) - xfs_growfs: Allow mounted device node as argument. (bsc#1181299) - xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309) - xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651) - xfs_bmap: Remove '-c' from manpage. (bsc#1189552) - xfs_bmap: Do not reject '-e'. (bsc#1189552) - Implement 'libhandle1' through ECO. (jsc#SLE-20360) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3245-1 Released: Tue Sep 28 13:54:31 2021 Summary: Recommended update for docker Type: recommended Severity: important References: 1190670 This update for docker fixes the following issues: - Return ENOSYS for clone3 in the seccomp profile to avoid breaking containers using glibc 2.34. - Add shell requires for the *-completion subpackages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3265-1 Released: Thu Sep 30 15:42:45 2021 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1186004 This update for cloud-init contains the following fixes: - Update to version 21.2 (bsc#1186004) + Remove patches included upstream and patches no longer needed + Remove SLE 12 compatibility patch, version in SLE 12 is frozen to 20.2 + Forward port: - cloud-init-write-routes.patch - cloud-init-break-resolv-symlink.patch - cloud-init-sysconf-path.patch - cloud-init-no-tempnet-oci.patch + Add \r\n check for SSH keys in Azure (#889) + Revert 'Add support to resize rootfs if using LVM (#721)' (#887) (LP: #1922742) + Azure: adding support for consuming userdata from IMDS (#884) [Anh Vo] + test_upgrade: modify test_upgrade_package to run for more sources (#883) + Fix chef module run failure when chef_license is set (#868) [Ben Hughes] + Azure: Retry net metadata during nic attach for non-timeout errs (#878) [aswinrajamannar] + Azure: Retrieve username and hostname from IMDS (#865) [Thomas Stringer] + Azure: eject the provisioning iso before reporting ready (#861) [Anh Vo] + Use `partprobe` to re-read partition table if available (#856) [Nicolas Bock] (LP: #1920939) + fix error on upgrade caused by new vendordata2 attributes (#869) (LP: #1922739) + add prefer_fqdn_over_hostname config option (#859) [hamalq] (LP: #1921004) + Emit dots on travis to avoid timeout (#867) + doc: Replace remaining references to user-scripts as a config module (#866) [Ryan Harper] + azure: Removing ability to invoke walinuxagent (#799) [Anh Vo] + Add Vultr support (#827) [David Dymko] + Fix unpickle for source paths missing run_dir (#863) [lucasmoura] (LP: #1899299) + sysconfig: use BONDING_MODULE_OPTS on SUSE (#831) [Jens Sandmann] + bringup_static_routes: fix gateway check (#850) [Petr Fedchenkov] + add hamalq user (#860) [hamalq] + Add support to resize rootfs if using LVM (#721) [Eduardo Otubo] (LP: #1799953) + Fix mis-detecting network configuration in initramfs cmdline (#844) (LP: #1919188) + tools/write-ssh-key-fingerprints: do not display empty header/footer (#817) [dermotbradley] + Azure helper: Ensure Azure http handler sleeps between retries (#842) [Johnson Shi] + Fix chef apt source example (#826) [timothegenzmer] + .travis.yml: generate an SSH key before running tests (#848) + write passwords only to serial console, lock down cloud-init-output.log (#847) (LP: #1918303) + Fix apt default integration test (#845) + integration_tests: bump pycloudlib dependency (#846) + Fix stack trace if vendordata_raw contained an array (#837) [eb3095] + archlinux: Fix broken locale logic (#841) [Kristian Klausen] (LP: #1402406) + Integration test for #783 (#832) + integration_tests: mount more paths IN_PLACE (#838) + Fix requiring device-number on EC2 derivatives (#836) (LP: #1917875) + Remove the vi comment from the part-handler example (#835) + net: exclude OVS internal interfaces in get_interfaces (#829) (LP: #1912844) + tox.ini: pass OS_* environment variables to integration tests (#830) + integration_tests: add OpenStack as a platform (#804) + Add flexibility to IMDS api-version (#793) [Thomas Stringer] + Fix the TestApt tests using apt-key on Xenial and Hirsute (#823) [Paride Legovini] (LP: #1916629) + doc: remove duplicate 'it' from nocloud.rst (#825) [V.I. Wood] + archlinux: Use hostnamectl to set the transient hostname (#797) [Kristian Klausen] + cc_keys_to_console.py: Add documentation for recently added config key (#824) [dermotbradley] + Update cc_set_hostname documentation (#818) [Toshi Aoyama] >From 21.1 + Azure: Support for VMs without ephemeral resource disks. (#800) [Johnson Shi] (LP: #1901011) + cc_keys_to_console: add option to disable key emission (#811) [Michael Hudson-Doyle] (LP: #1915460) + integration_tests: introduce lxd_use_exec mark (#802) + azure: case-insensitive UUID to avoid new IID during kernel upgrade (#798) (LP: #1835584) + stale.yml: don't ask submitters to reopen PRs (#816) + integration_tests: fix use of SSH agent within tox (#815) + integration_tests: add UPGRADE CloudInitSource (#812) + integration_tests: use unique MAC addresses for tests (#813) + Update .gitignore (#814) + Port apt cloud_tests to integration tests (#808) + integration_tests: fix test_gh626 on LXD VMs (#809) + Fix attempting to decode binary data in test_seed_random_data test (#806) + Remove wait argument from tests with session_cloud calls (#805) + Datasource for UpCloud (#743) [Antti Myyr??] + test_gh668: fix failure on LXD VMs (#801) + openstack: read the dynamic metadata group vendor_data2.json (#777) [Andrew Bogott] (LP: #1841104) + includedir in suoders can be prefixed by 'arroba' (#783) [Jordi Massaguer Pla] + [VMware] change default max wait time to 15s (#774) [xiaofengw-vmware] + Revert integration test associated with reverted #586 (#784) + Add jordimassaguerpla as contributor (#787) [Jordi Massaguer Pla] + Add Rick Harding to CLA signers (#792) [Rick Harding] + HACKING.rst: add clarifying note to LP CLA process section (#789) + Stop linting cloud_tests (#791) + cloud-tests: update cryptography requirement (#790) [Joshua Powers] + Remove 'remove-raise-on-failure' calls from integration_tests (#788) + Use more cloud defaults in integration tests (#757) + Adding self to cla signers (#776) [Andrew Bogott] + doc: avoid two warnings (#781) [Dan Kenigsberg] + Use proper spelling for Red Hat (#778) [Dan Kenigsberg] + Add antonyc to .github-cla-signers (#747) [Anton Chaporgin] + integration_tests: log image serial if available (#772) + [VMware] Support cloudinit raw data feature (#691) [xiaofengw-vmware] + net: Fix static routes to host in eni renderer (#668) [Pavel Abalikhin] + .travis.yml: don't run cloud_tests in CI (#756) + test_upgrade: add some missing commas (#769) + cc_seed_random: update documentation and fix integration test (#771) (LP: #1911227) + Fix test gh-632 test to only run on NoCloud (#770) (LP: #1911230) + archlinux: fix package upgrade command handling (#768) [Bao Trinh] + integration_tests: add integration test for LP: #1910835 (#761) + Fix regression with handling of IMDS ssh keys (#760) [Thomas Stringer] + integration_tests: log cloud-init version in SUT (#758) + Add ajmyyra as contributor (#742) [Antti Myyr??] + net_convert: add some missing help text (#755) + Missing IPV6_AUTOCONF=no to render sysconfig dhcp6 stateful on RHEL (#753) [Eduardo Otubo] + doc: document missing IPv6 subnet types (#744) [Antti Myyr??] + Add example configuration for datasource `AliYun` (#751) [Xiaoyu Zhong] + integration_tests: add SSH key selection settings (#754) + fix a typo in man page cloud-init.1 (#752) [Amy Chen] + network-config-format-v2.rst: add Netplan Passthrough section (#750) + stale: re-enable post holidays (#749) + integration_tests: port ca_certs tests from cloud_tests (#732) + Azure: Add telemetry for poll IMDS (#741) [Johnson Shi] + doc: move testing section from HACKING to its own doc (#739) + No longer allow integration test failures on travis (#738) + stale: fix error in definition (#740) + integration_tests: set log-cli-level to INFO by default (#737) + PULL_REQUEST_TEMPLATE.md: use backticks around commit message (#736) + stale: disable check for holiday break (#735) + integration_tests: log the path we collect logs into (#733) + .travis.yml: add (most) supported Python versions to CI (#734) + integration_tests: fix IN_PLACE CLOUD_INIT_SOURCE (#731) + cc_ca_certs: add RHEL support (#633) [cawamata] + Azure: only generate config for NICs with addresses (#709) [Thomas Stringer] + doc: fix CloudStack configuration example (#707) [Olivier Lemasle] + integration_tests: restrict test_lxd_bridge appropriately (#730) + Add integration tests for CLI functionality (#729) + Integration test for gh-626 (#728) + Some test_upgrade fixes (#726) + Ensure overriding test vars with env vars works for booleans (#727) + integration_tests: port lxd_bridge test from cloud_tests (#718) + Integration test for gh-632. (#725) + Integration test for gh-671 (#724) + integration-requirements.txt: bump pycloudlib commit (#723) + Drop unnecessary shebang from cmd/main.py (#722) [Eduardo Otubo] + Integration test for LP: #1813396 and #669 (#719) + integration_tests: include timestamp in log output (#720) + integration_tests: add test for LP: #1898997 (#713) + Add integration test for power_state_change module (#717) + Update documentation for network-config-format-v2 (#701) [ggiesen] + sandbox CA Cert tests to not require ca-certificates (#715) [Eduardo Otubo] + Add upgrade integration test (#693) + Integration test for 570 (#712) + Add ability to keep snapshotted images in integration tests (#711) + Integration test for pull #586 (#706) + integration_tests: introduce skipping of tests by OS (#702) + integration_tests: introduce IntegrationInstance.restart (#708) + Add lxd-vm to list of valid integration test platforms (#705) + Adding BOOTPROTO = dhcp to render sysconfig dhcp6 stateful on RHEL (#685) [Eduardo Otubo] + Delete image snapshots created for integration tests (#682) + Parametrize ssh_keys_provided integration test (#700) [lucasmoura] + Drop use_sudo attribute on IntegrationInstance (#694) [lucasmoura] + cc_apt_configure: add riscv64 as a ports arch (#687) [Dimitri John Ledkov] + cla: add xnox (#692) [Dimitri John Ledkov] + Collect logs from integration test runs (#675) >From 20.4.1 + Revert 'ssh_util: handle non-default AuthorizedKeysFile config (#586)' >From 20.4 + tox: avoid tox testenv subsvars for xenial support (#684) + Ensure proper root permissions in integration tests (#664) [James Falcon] + LXD VM support in integration tests (#678) [James Falcon] + Integration test for fallocate falling back to dd (#681) [James Falcon] + .travis.yml: correctly integration test the built .deb (#683) + Ability to hot-attach NICs to preprovisioned VMs before reprovisioning (#613) [aswinrajamannar] + Support configuring SSH host certificates. (#660) [Jonathan Lung] + add integration test for LP: #1900837 (#679) + cc_resizefs on FreeBSD: Fix _can_skip_ufs_resize (#655) [Mina Gali??] (LP: #1901958, #1901958) + DataSourceAzure: push dmesg log to KVP (#670) [Anh Vo] + Make mount in place for tests work (#667) [James Falcon] + integration_tests: restore emission of settings to log (#657) + DataSourceAzure: update password for defuser if exists (#671) [Anh Vo] + tox.ini: only select 'ci' marked tests for CI runs (#677) + Azure helper: Increase Azure Endpoint HTTP retries (#619) [Johnson Shi] + DataSourceAzure: send failure signal on Azure datasource failure (#594) [Johnson Shi] + test_persistence: simplify VersionIsPoppedFromState (#674) + only run a subset of integration tests in CI (#672) + cli: add + -system param to allow validating system user-data on a machine (#575) + test_persistence: add VersionIsPoppedFromState test (#673) + introduce an upgrade framework and related testing (#659) + add + -no-tty option to gpg (#669) [Till Riedel] (LP: #1813396) + Pin pycloudlib to a working commit (#666) [James Falcon] + DataSourceOpenNebula: exclude SRANDOM from context output (#665) + cloud_tests: add hirsute release definition (#662) + split integration and cloud_tests requirements (#652) + faq.rst: add warning to answer that suggests running `clean` (#661) + Fix stacktrace in DataSourceRbxCloud if no metadata disk is found (#632) [Scott Moser] + Make wakeonlan Network Config v2 setting actually work (#626) [dermotbradley] + HACKING.md: unify network-refactoring namespace (#658) [Mina Gali??] + replace usage of dmidecode with kenv on FreeBSD (#621) [Mina Gali??] + Prevent timeout on travis integration tests. (#651) [James Falcon] + azure: enable pushing the log to KVP from the last pushed byte (#614) [Moustafa Moustafa] + Fix launch_kwargs bug in integration tests (#654) [James Falcon] + split read_fs_info into linux & freebsd parts (#625) [Mina Gali??] + PULL_REQUEST_TEMPLATE.md: expand commit message section (#642) + Make some language improvements in growpart documentation (#649) [Shane Frasier] + Revert '.travis.yml: use a known-working version of lxd (#643)' (#650) + Fix not sourcing default 50-cloud-init ENI file on Debian (#598) [WebSpider] + remove unnecessary reboot from gpart resize (#646) [Mina Gali??] + cloudinit: move dmi functions out of util (#622) [Scott Moser] + integration_tests: various launch improvements (#638) + test_lp1886531: don't assume /etc/fstab exists (#639) + Remove Ubuntu restriction from PR template (#648) [James Falcon] + util: fix mounting of vfat on *BSD (#637) [Mina Gali??] + conftest: improve docstring for disable_subp_usage (#644) + doc: add example query commands to debug Jinja templates (#645) + Correct documentation and testcase data for some user-data YAML (#618) [dermotbradley] + Hetzner: Fix instance_id / SMBIOS serial comparison (#640) [Markus Schade] + .travis.yml: use a known-working version of lxd (#643) + tools/build-on-freebsd: fix comment explaining purpose of the script (#635) [Mina Gali??] + Hetzner: initialize instance_id from system-serial-number (#630) [Markus Schade] (LP: #1885527) + Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on static6 (#634) [Eduardo Otubo] + get_interfaces: don't exclude Open vSwitch bridge/bond members (#608) [Lukas M??rdian] (LP: #1898997) + Add config modules for controlling IBM PowerVM RMC. (#584) [Aman306] (LP: #1895979) + Update network config docs to clarify MAC address quoting (#623) [dermotbradley] + gentoo: fix hostname rendering when value has a comment (#611) [Manuel Aguilera] + refactor integration testing infrastructure (#610) [James Falcon] + stages: don't reset permissions of cloud-init.log every boot (#624) (LP: #1900837) + docs: Add how to use cloud-localds to boot qemu (#617) [Joshua Powers] + Drop vestigial update_resolve_conf_file function (#620) [Scott Moser] + cc_mounts: correctly fallback to dd if fallocate fails (#585) (LP: #1897099) + .travis.yml: add integration-tests to Travis matrix (#600) + ssh_util: handle non-default AuthorizedKeysFile config (#586) [Eduardo Otubo] + Multiple file fix for AuthorizedKeysFile config (#60) [Eduardo Otubo] + bddeb: new + -packaging-branch argument to pull packaging from branch (#576) [Paride Legovini] + Add more integration tests (#615) [lucasmoura] + DataSourceAzure: write marker file after report ready in preprovisioning (#590) [Johnson Shi] + integration_tests: emit settings to log during setup (#601) + integration_tests: implement citest tests run in Travis (#605) + Add Azure support to integration test framework (#604) [James Falcon] + openstack: consider product_name as valid chassis tag (#580) [Adrian Vladu] (LP: #1895976) + azure: clean up and refactor report_diagnostic_event (#563) [Johnson Shi] + net: add the ability to blacklist network interfaces based on driver during enumeration of physical network devices (#591) [Anh Vo] + integration_tests: don't error on cloud-init failure (#596) + integration_tests: improve cloud-init.log assertions (#593) + conftest.py: remove top-level import of httpretty (#599) + tox.ini: add integration-tests testenv definition (#595) + PULL_REQUEST_TEMPLATE.md: empty checkboxes need a space (#597) + add integration test for LP: #1886531 (#592) + Initial implementation of integration testing infrastructure (#581) [James Falcon] + Fix name of ntp and chrony service on CentOS and RHEL. (#589) [Scott Moser] (LP: #1897915) + Adding a PR template (#587) [James Falcon] + Azure parse_network_config uses fallback cfg when generate IMDS network cfg fails (#549) [Johnson Shi] + features: refresh docs for easier out-of-context reading (#582) + Fix typo in resolv_conf module's description (#578) [Wac??aw Schiller] + cc_users_groups: minor doc formatting fix (#577) + Fix typo in disk_setup module's description (#579) [Wac??aw Schiller] + Add vendor-data support to seedfrom parameter for NoCloud and OVF (#570) [Johann Queuniet] + boot.rst: add First Boot Determination section (#568) (LP: #1888858) + opennebula.rst: minor readability improvements (#573) [Mina Gali??] + cloudinit: remove unused LOG variables (#574) + create a shutdown_command method in distro classes (#567) [Emmanuel Thom??] + user_data: remove unused constant (#566) + network: Fix type and respect name when rendering vlan in sysconfig. (#541) [Eduardo Otubo] (LP: #1788915, #1826608) + Retrieve SSH keys from IMDS first with OVF as a fallback (#509) [Thomas Stringer] + Add jqueuniet as contributor (#569) [Johann Queuniet] + distros: minor typo fix (#562) + Bump the integration-requirements versioned dependencies (#565) [Paride Legovini] + network-config-format-v1: fix typo in nameserver example (#564) [Stanislas] + Run cloud-init-local.service after the hv_kvp_daemon (#505) [Robert Schweikert] + Add method type hints for Azure helper (#540) [Johnson Shi] + systemd: add Before=shutdown.target when Conflicts=shutdown.target is used (#546) [Paride Legovini] + LXD: detach network from profile before deleting it (#542) [Paride Legovini] (LP: #1776958) + redhat spec: add missing BuildRequires (#552) [Paride Legovini] + util: remove debug statement (#556) [Joshua Powers] + Fix cloud config on chef example (#551) [lucasmoura] >From 20.3 + Azure: Add netplan driver filter when using hv_netvsc driver (#539) [James Falcon] (LP: #1830740) + query: do not handle non-decodable non-gzipped content (#543) + DHCP sandboxing failing on noexec mounted /var/tmp (#521) [Eduardo Otubo] + Update the list of valid ssh keys. (#487) [Ole-Martin Bratteng] (LP: #1877869) + cmd: cloud-init query to handle compressed userdata (#516) (LP: #1889938) + Pushing cloud-init log to the KVP (#529) [Moustafa Moustafa] + Add Alpine Linux support. (#535) [dermotbradley] + Detect kernel version before swap file creation (#428) [Eduardo Otubo] + cli: add devel make-mime subcommand (#518) + user-data: only verify mime-types for TYPE_NEEDED and x-shellscript (#511) (LP: #1888822) + DataSourceOracle: retry twice (and document why we retry at all) (#536) + Refactor Azure report ready code (#468) [Johnson Shi] + tox.ini: pin correct version of httpretty in xenial{,-dev} envs (#531) + Support Oracle IMDSv2 API (#528) [James Falcon] + .travis.yml: run a doc build during CI (#534) + doc/rtd/topics/datasources/ovf.rst: fix doc8 errors (#533) + Fix 'Users and Groups' configuration documentation (#530) [sshedi] + cloudinit.distros: update docstrings of add_user and create_user (#527) + Fix headers for device types in network v2 docs (#532) [Caleb Xavier Berger] + Add AlexBaranowski as contributor (#508) [Aleksander Baranowski] + DataSourceOracle: refactor to use only OPC v1 endpoint (#493) + .github/workflows/stale.yml: s/Josh/Rick/ (#526) + Fix a typo in apt pipelining module (#525) [Xiao Liang] + test_util: parametrize devlist tests (#523) [James Falcon] + Recognize LABEL_FATBOOT labels (#513) [James Falcon] (LP: #1841466) + Handle additional identifier for SLES For HPC (#520) [Robert Schweikert] + Revert 'test-requirements.txt: pin pytest to <6 (#512)' (#515) + test-requirements.txt: pin pytest to <6 (#512) + Add 'tsanghan' as contributor (#504) [tsanghan] + fix brpm building (LP: #1886107) + Adding eandersson as a contributor (#502) [Erik Olof Gunnar Andersson] + azure: disable bouncing hostname when setting hostname fails (#494) [Anh Vo] + VMware: Support parsing DEFAULT-RUN-POST-CUST-SCRIPT (#441) [xiaofengw-vmware] + DataSourceAzure: Use ValueError when JSONDecodeError is not available (#490) [Anh Vo] + cc_ca_certs.py: fix blank line problem when removing CAs and adding new one (#483) [dermotbradley] + freebsd: py37-serial is now py37-pyserial (#492) [Goneri Le Bouder] + ssh exit with non-zero status on disabled user (#472) [Eduardo Otubo] (LP: #1170059) + cloudinit: remove global disable of pylint W0107 and fix errors (#489) + networking: refactor wait_for_physdevs from cloudinit.net (#466) (LP: #1884626) + HACKING.rst: add pytest.param pytest gotcha (#481) + cloudinit: remove global disable of pylint W0105 and fix errors (#480) + Fix two minor warnings (#475) + test_data: fix faulty patch (#476) + cc_mounts: handle missing fstab (#484) (LP: #1886531) + LXD cloud_tests: support more lxd image formats (#482) [Paride Legovini] + Add update_etc_hosts as default module on *BSD (#479) [Adam Dobrawy] + cloudinit: fix tip-pylint failures and bump pinned pylint version (#478) + Added BirknerAlex as contributor and sorted the file (#477) [Alexander Birkner] + Update list of types of modules in cli.rst [saurabhvartak1982] + tests: use markers to configure disable_subp_usage (#473) + Add mention of vendor-data to no-cloud format documentation (#470) [Landon Kirk] + Fix broken link to OpenStack metadata service docs (#467) [Matt Riedemann] + Disable ec2 mirror for non aws instances (#390) [lucasmoura] (LP: #1456277) + cloud_tests: don't pass + -python-version to read-dependencies (#465) + networking: refactor is_physical from cloudinit.net (#457) (LP: #1884619) + Enable use of the caplog fixture in pytest tests, and add a cc_final_message test using it (#461) + RbxCloud: Add support for FreeBSD (#464) [Adam Dobrawy] + Add schema for cc_chef module (#375) [lucasmoura] (LP: #1858888) + test_util: add (partial) testing for util.mount_cb (#463) + .travis.yml: revert to installing ubuntu-dev-tools (#460) + HACKING.rst: add details of net refactor tracking (#456) + .travis.yml: rationalise installation of dependencies in host (#449) + Add dermotbradley as contributor. (#458) [dermotbradley] + net/networking: remove unused functions/methods (#453) + distros.networking: initial implementation of layout (#391) + cloud-init.service.tmpl: use 'rhel' instead of 'redhat' (#452) + Change from redhat to rhel in systemd generator tmpl (#450) [Eduardo Otubo] + Hetzner: support reading user-data that is base64 encoded. (#448) [Scott Moser] (LP: #1884071) + HACKING.rst: add strpath gotcha to testing gotchas section (#446) + cc_final_message: don't create directories when writing boot-finished (#445) (LP: #1883903) + .travis.yml: only store new schroot if something has changed (#440) + util: add ensure_dir_exists parameter to write_file (#443) + printing the error stream of the dhclient process before killing it (#369) [Moustafa Moustafa] + Fix link to the MAAS documentation (#442) [Paride Legovini] (LP: #1883666) + RPM build: disable the dynamic mirror URLs when using a proxy (#437) [Paride Legovini] + util: rename write_file's copy_mode parameter to preserve_mode (#439) + .travis.yml: use $TRAVIS_BUILD_DIR for lxd_image caching (#438) + cli.rst: alphabetise devel subcommands and add net-convert to list (#430) + Default to UTF-8 in /var/log/cloud-init.log (#427) [James Falcon] + travis: cache the chroot we use for package builds (#429) + test: fix all flake8 E126 errors (#425) [Joshua Powers] + Fixes KeyError for bridge with no 'parameters:' setting (#423) [Brian Candler] (LP: #1879673) + When tools.conf does not exist, running cmd 'vmware-toolbox-cmd config get deployPkg enable-custom-scripts', the return code will be EX_UNAVAILABLE(69), on this condition, it should not take it as error. (#413) [chengcheng-chcheng] + Document CloudStack data-server well-known hostname (#399) [Gregor Riepl] + test: move conftest.py to top-level, to cover tests/ also (#414) + Replace cc_chef is_installed with use of subp.is_exe. (#421) [Scott Moser] + Move runparts to subp. (#420) [Scott Moser] + Move subp into its own module. (#416) [Scott Moser] + readme: point at travis-ci.com (#417) [Joshua Powers] + New feature flag functionality and fix includes failing silently (#367) [James Falcon] (LP: #1734939) + Enhance poll imds logging (#365) [Moustafa Moustafa] + test: fix all flake8 E121 and E123 errors (#404) [Joshua Powers] + test: fix all flake8 E241 (#403) [Joshua Powers] + test: ignore flake8 E402 errors in main.py (#402) [Joshua Powers] + cc_grub_dpkg: determine idevs in more robust manner with grub-probe (#358) [Matthew Ruffell] (LP: #1877491) + test: fix all flake8 E741 errors (#401) [Joshua Powers] + tests: add groovy integration tests for ubuntu (#400) + Enable chef_license support for chef infra client (#389) [Bipin Bachhao] + testing: use flake8 again (#392) [Joshua Powers] + enable Puppet, Chef mcollective in default config (#385) [Mina Gali?? (deprecated: Igor Gali??)] (LP: #1880279) + HACKING.rst: introduce .net + > Networking refactor section (#384) + Travis: do not install python3-contextlib2 (dropped dependency) (#388) [Paride Legovini] + HACKING: mention that .github-cla-signers is alpha-sorted (#380) + Add bipinbachhao as contributor (#379) [Bipin Bachhao] + cc_snap: validate that assertions property values are strings (#370) + conftest: implement partial disable_subp_usage (#371) + test_resolv_conf: refresh stale comment (#374) + cc_snap: apply validation to snap.commands properties (#364) + make finding libc platform independent (#366) [Mina Gali?? (deprecated: Igor Gali??)] + doc/rtd/topics/faq: Updates LXD docs links to current site (#368) [TomP] + templater: drop Jinja Python 2 compatibility shim (#353) + cloudinit: minor pylint fixes (#360) + cloudinit: remove unneeded __future__ imports (#362) + migrating momousta lp user to Moustafa-Moustafa GitHub user (#361) [Moustafa Moustafa] + cloud_tests: emit dots on Travis while fetching images (#347) + Add schema to apt configure config (#357) [lucasmoura] (LP: #1858884) + conftest: add docs and tests regarding CiTestCase's subp functionality (#343) + analyze/dump: refactor shared string into variable (#350) + doc: update boot.rst with correct timing of runcmd (#351) + HACKING.rst: change contact info to Rick Harding (#359) [lucasmoura] + HACKING.rst: guide people to add themselves to the CLA file (#349) + HACKING.rst: more unit testing documentation (#354) + .travis.yml: don't run lintian during integration test package builds (#352) + Add test to ensure docs examples are valid cloud-init configs (#355) [James Falcon] (LP: #1876414) + make suse and sles support 127.0.1.1 (#336) [chengcheng-chcheng] + Create tests to validate schema examples (#348) [lucasmoura] (LP: #1876412) + analyze/dump: add support for Amazon Linux 2 log lines (#346) (LP: #1876323) + bsd: upgrade support (#305) [Goneri Le Bouder] + Add lucasmoura as contributor (#345) [lucasmoura] + Add 'therealfalcon' as contributor (#344) [James Falcon] + Adapt the package building scripts to use Python 3 (#231) [Paride Legovini] + DataSourceEc2: use metadata's NIC ordering to determine route-metrics (#342) (LP: #1876312) + .travis.yml: introduce caching (#329) + cc_locale: introduce schema (#335) + doc/rtd/conf.py: bump copyright year to 2020 (#341) + yum_add_repo: Add Centos to the supported distro list (#340) - Fix unit test fail in TestGetPackageMirrorInfo::test_substitution. - Remove python2 compatibility so cloud-init builds fine in Tumbleweed with a recent Jinja2 version. This patch is only applied in TW. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3278-1 Released: Mon Oct 4 09:30:10 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3297-1 Released: Wed Oct 6 16:53:29 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3318-1 Released: Wed Oct 6 19:31:19 2021 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1176473,1181371 This update for sudo fixes the following issues: - Update to sudo 1.8.27 (jsc#SLE-17083). - Fixed special handling of ipa_hostname (bsc#1181371). - Restore sudo ldap behavior to ignore expire dates when SUDOERS_TIMED option is not set in /etc/ldap.conf (bsc#1176473). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3348-1 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3385-1 Released: Tue Oct 12 15:54:31 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3405-1 Released: Wed Oct 13 10:40:32 2021 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1101149,1102252,1125011,1133407,1154837,1164713,1172670,1182309,1183070,1184616,1186037 This update for kdump fixes the following issues: - Install /etc/resolv.conf using its resolved path (bsc#1183070). - Avoid an endless loop when resolving a hostname fails with EAI_AGAIN (bsc#1183070). - Skip kdump-related mounts if there is no /proc/vmcore (bsc#1102252, bsc#1125011). - Make sure that kdump mount points are cleaned up (bsc#1102252, bsc#1125011). - powerpc: Do not reload on CPU hot removal (bsc#1133407). - Do not iterate past end of string (bsc#1186037). - Make sure that initrd.target.wants directory exists (bsc#1172670). - Fix incorrect exit code checking after 'local' with assignment (bsc#1184616). - Add 'bootdev=' to dracut command line (bsc#1182309). - Query systemd network.service to find out if wicked is used (bsc#1182309). - Do not add network-related dracut options if ip= is set explicitly (bsc#1182309, bsc#1188090). - Make sure that the udev runtime directory exists (bsc#1164713). - Prefer by-path and device-mapper aliases over kernel names (bsc#1101149). - Activate udev rules late during boot (bsc#1154837). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3410-1 Released: Wed Oct 13 10:41:36 2021 Summary: Recommended update for xkeyboard-config Type: recommended Severity: moderate References: 1191242 This update for xkeyboard-config fixes the following issue: - Wrong keyboard mapping causing input delays with ABNT2 keyboards. (bsc#1191242) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3447-1 Released: Fri Oct 15 09:05:15 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292,CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986) The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: Prevent probing virtual functions (git-fixes). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - libata: fix ata_host_start() (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - usb: serial: option: add device id for Foxconn T99W265 (git-fixes). - usb: serial: option: add Telit LN920 compositions (git-fixes). - usb: serial: option: remove duplicate USB device ID (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:08 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3506-1 Released: Mon Oct 25 10:20:22 2021 Summary: Security update for containerd, docker, runc Type: security Severity: important References: 1102408,1185405,1187704,1188282,1190826,1191015,1191121,1191334,1191355,1191434,CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.9-ce. (bsc#1191355) See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103 container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355 - CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282) - Install systemd service file as well (bsc#1190826) Update to runc v1.0.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.2 * Fixed a failure to set CPU quota period in some cases on cgroup v1. * Fixed the inability to start a container with the 'adding seccomp filter rule for syscall ...' error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped. * Made release builds reproducible from now on. * Fixed a rare debug log race in runc init, which can result in occasional harmful 'failed to decode ...' errors from runc run or exec. * Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working. Update to runc v1.0.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.1 * Fixed occasional runc exec/run failure ('interrupted system call') on an Azure volume. * Fixed 'unable to find groups ... token too long' error with /etc/group containing lines longer than 64K characters. * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. * cgroup/systemd/v2: don't freeze cgroup on Set. * cgroup/systemd/v1: avoid unnecessary freeze on Set. - fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704 Update to runc v1.0.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0 ! The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). * cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers). * cgroupv2: correctly convert 'number of IOs' statistics in a cgroupv1-compatible way. * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures. * cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. * cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94 * cgroups/systemd: fixed returning 'unit already exists' error from a systemd cgroup manager (regression in rc94) + cgroupv2: support SkipDevices with systemd driver + cgroup/systemd: return, not ignore, stop unit error from Destroy + Make 'runc --version' output sane even when built with go get or otherwise outside of our build scripts. + cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update). + cgroup1: blkio: support BFQ weights. + cgroupv2: set per-device io weights if BFQ IO scheduler is available. Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95 This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). (bsc#1185405) Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Breaking Changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. Regression Fixes: * seccomp: fix 32-bit compilation errors * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code * runc start: fix 'chdir to cwd: permission denied' for some setups ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3545-1 Released: Wed Oct 27 14:46:39 2021 Summary: Recommended update for less Type: recommended Severity: low References: 1190552 This update for less fixes the following issues: - Add missing runtime dependency on package 'which', that is used by lessopen.sh (bsc#1190552) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3613-1 Released: Thu Nov 4 12:26:16 2021 Summary: Security update for qemu Type: security Severity: important References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145,1189702,1189938,CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682,CVE-2021-3713,CVE-2021-3748 This update for qemu fixes the following issues: Security issues fixed: - Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938, CVE-2021-3748) - Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702, CVE-2021-3713) - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3636-1 Released: Tue Nov 9 14:28:40 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: important References: This update for SUSEConnect contains the following fix: - Update to 0.3.32: - Allow --regcode and --instance-data attributes at the same time. (jsc#PCT-164) - Document that 'debug' can also get set in the config file. - --status will also print the subscription name. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3765-1 Released: Mon Nov 22 18:20:22 2021 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1167756,1186975 This update for grub2 fixes the following issues: - Fix boot failure as journaled data not get drained due to abrupt power off after grub-install (bsc#1167756) - Fix boot failure after kdump due to the content of grub.cfg to pending modificaton in xfs journal (bsc#1186975) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3773-1 Released: Tue Nov 23 15:49:30 2021 Summary: Security update for bind Type: security Severity: important References: 1192146,CVE-2021-25219 This update for bind fixes the following issues: - CVE-2021-25219: Fixed lame cache that could have been abused to severely degrade resolver performance (bsc#1192146). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3780-1 Released: Tue Nov 23 23:48:27 2021 Summary: Recommended update for libzypp, zypper, libsolv Type: recommended Severity: moderate References: 1153687,1182372,1183268,1183589,1184326,1184399,1184997,1185325,1186447,1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190356,1190465,1190712,1190815,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper and libsolv fixes the following issues: - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Make sure to keep states alives while transitioning. (bsc#1190199) - May set techpreview variables for testing in /etc/zypp/zypp.conf. - If environment variables are unhandy one may enable the desired techpreview in zypp.conf - CMake/spec: Add option to force SINGLE_RPMTRANS as default for zypper. - Make sure singleTrans is zypper-only for now. - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Fix crashes in logging code when shutting down (bsc#1189031) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Fix solver jobs for PTFs (bsc#1186503) - spec: switch to pkgconfig(openssl) - Show key fpr from signature when signature check fails (bsc#1187224) - Implement alternative single transaction commit strategy. - Use ZYPP_MEDIANETWORK=1 to enable the experimental new media backend. - Implement zchunk download, refactor Downloader backend. - Fix purge-kernels fails (bsc#1187738) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Fix typo in German translations. - Support new reports for singletrans rpm commit. - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Install summary: Show new and removed packages closer to the prompt. - Add need reboot/restart hint to XML install summary (bsc#1188435) - Add comment option for lock command. - Fix obs:// platform guessing for Leap (bsc#1187425) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Let a patch's reboot-needed flag overrule included packages. (bsc#1183268) - Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS' (bsc#1153687) - Protect against strict/relaxed user umask via sudo (bsc#1183589) - zypper-log: protect against thread name indicators in a log. - xml summary: add solvables repository alias. (bsc#1182372) - Fix service detection with cgroupv2 (bsc#1184997) - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) - Allow trusted repos to add additional signing keys (bsc#1184326) - Let negative values wait forever for the zypp lock (bsc#1184399) - Link all executables with -pie (bsc#1186447) - Ship an empty /etc/zypp/needreboot per default (jsc#PM-2645) - choice rules: treat orphaned packages as newest (bc#1190465) - Consolidate reboot-recommendations across tools and stop using /etc/zypp/needreboot (jsc#-SLE-18858) - Disable logger in the child after fork (bsc#1192436) - Check log writer before accessing it (bsc#1192337) - Allow uname-r format in purge kernels keepspec - zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Use procfs to detect nr of open fd's if rlimit is too high (bsc#1191324) - Fix translations (bsc#1191370) - RepoManager: Don't probe for plaindir repo if URL schema is plugin (bsc#1191286) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3787-1 Released: Wed Nov 24 06:00:10 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1189983,1189984,1191500,1191566,1191675 This update for xfsprogs fixes the following issues: - Make libhandle1 an explicit dependency in the xfsprogs-devel package (bsc#1191566) - Remove deprecated barrier/nobarrier mount options from manual pages section 5 (bsc#1191675) - xfs_io: include support for label command (bsc#1191500) - xfs_quota: state command to report all three (-ugp) grace times separately (bsc#1189983) - xfs_admin: add support for external log devices (bsc#1189984) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3809-1 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1189803,1190325,1190440,1190984,1191252,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) - shutdown: Reduce log level of unmounts (bsc#1191252) - pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803) - core: rework how we connect to the bus (bsc#1190325) - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - virt: detect Amazon EC2 Nitro instance (bsc#1190440) - Several fixes for umount - busctl: use usec granularity for the timestamp printed by the busctl monitor command - fix unitialized fields in MountPoint in dm_list_get() - shutdown: explicitly set a log target - mount-util: add mount_option_mangle() - dissect: automatically mark partitions read-only that have a read-only file system - build-sys: require proper libmount version - systemd-shutdown: use log_set_prohibit_ipc(true) - rationalize interface for opening/closing logging - pid1: when we can't log to journal, remember our fallback log target - log: remove LOG_TARGET_SAFE pseudo log target - log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console() - log: add new 'prohibit_ipc' flag to logging system - log: make log_set_upgrade_syslog_to_journal() take effect immediately - dbus: split up bus_done() into seperate functions - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 - virt: if we detect Xen by DMI, trust that over CPUID ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3820-1 Released: Wed Dec 1 13:15:00 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1158817,1189841,1189879,1190598,1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: Update to version 15.0.10: * Add kernel rpm scriptlets * rpm-script: fix bad exit status in OpenQA (bsc#1191922) * cert-script: Deal with existing $cert.delete file (bsc#1191804). * cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480). * cert-script: Only print mokutil output in verbose mode. * inkmp-script(postun): don't pass existing files to weak-modules2 (bsc#1191200) * kernel-scriptlets: skip cert scriptlet on non-UEFI systems (bsc#1191260) * rpm-script: link config also into /boot (bsc#1189879) * Import kernel scriptlets from kernel-source. (bsc#1189841, bsc#1190598) * Provide 'suse-kernel-rpm-scriptlets' Update to version 15.0.7: * 00-system.conf: move br_netfilter softdep to separate file (bsc#1158817) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3838-1 Released: Wed Dec 1 16:07:54 2021 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066 This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3842-1 Released: Wed Dec 1 16:17:54 2021 Summary: Security update for xen Type: security Severity: moderate References: 1189373,1189378,1189632,1192554,1192557,1192559,CVE-2021-28701,CVE-2021-28704,CVE-2021-28705,CVE-2021-28706,CVE-2021-28707,CVE-2021-28708,CVE-2021-28709 This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Integrate bugfixes (bsc#1189373, bsc#1189378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3887-1 Released: Fri Dec 3 09:47:10 2021 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3930-1 Released: Mon Dec 6 11:16:10 2021 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1192790 This update for curl fixes the following issues: - Fix sftp via proxy failure in curl, by preventing libssh from creating socket (bsc#1192790) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3934-1 Released: Mon Dec 6 13:22:27 2021 Summary: Security update for mozilla-nss Type: security Severity: important References: 1193170,CVE-2021-43527 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3969-1 Released: Tue Dec 7 15:31:27 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1085235,1085308,1087078,1087082,1100394,1102640,1105412,1108488,1129898,1133374,1171420,1173489,1174161,1181854,1184804,1185377,1185726,1185758,1186109,1186482,1188172,1188563,1188601,1188838,1188876,1188983,1188985,1189057,1189262,1189291,1189399,1189400,1189706,1189846,1189884,1190023,1190025,1190067,1190117,1190159,1190351,1190479,1190534,1190601,1190717,1191193,1191315,1191317,1191790,1191800,1191961,1192045,1192267,1192379,1192400,1192775,1192781,1192802,CVE-2018-3639,CVE-2018-9517,CVE-2019-3874,CVE-2019-3900,CVE-2020-12770,CVE-2020-3702,CVE-2021-0941,CVE-2021-20320,CVE-2021-20322,CVE-2021-22543,CVE-2021-31916,CVE-2021-33033,CVE-2021-34556,CVE-2021-34981,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-37159,CVE-2021-3732,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38160,CVE-2021-38198,CVE-2021-38204,CVE-2021-40490,CVE-2021-41864,CVE-2021-42008, CVE-2021-42252 The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2018-3639: Fixed a speculative execution that may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1087082) - CVE-2021-20320: Fix a bug that allows a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. (bsc#1190601) - CVE-2021-0941: Fixed A missing sanity check to the current MTU check that may allow a local attacker with special user privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. (bnc#1192045) - CVE-2021-31916: Fixed a bound check failure that could allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash, a leak of internal kernel information, or a privilege escalation problem. (bnc#1192781) - CVE-2021-20322: Fixed a bug that provides to an attacker the ability to quickly scan open UDP ports. (bsc#1191790) - CVE-2021-3772: Fixed an issue that would allow a blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (bsc#1190351) - CVE-2021-34981: Fixed an issue that allows an attacker with a local account to escalate privileges when CAPI (ISDN) hardware connection fails. (bsc#1191961) - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488). - CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898). - CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-37159: Fixed use-after-free and a double free inside hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is called without checking for the NETREG_REGISTERED state (bnc#1188601). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). The following non-security bugs were fixed: - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - hisax: fix spectre issues (bsc#1192802). - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185726). - hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - memcg: enable accounting for file lock caches (bsc#1190115). - mpt3sas: fix spectre issues (bsc#1192802). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854). - net/mlx4_en: Handle TX error CQE (bsc#1181854). - objtool: Do not fail on missing symbol table (bsc#1192379). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846). - ovl: filter of trusted xattr results in audit (bsc#1189846). - ovl: fix dentry leak in ovl_get_redirect (bsc#1189846). - ovl: initialize error in ovl_copy_xattr (bsc#1189846). - ovl: relax WARN_ON() on rename to self (bsc#1189846). - s390/bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4015-1 Released: Mon Dec 13 17:16:00 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187338,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) - CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374) - Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1193481,1193521 This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4171-1 Released: Thu Dec 23 09:55:13 2021 Summary: Security update for runc Type: security Severity: moderate References: 1193436,CVE-2021-43784 This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:5-1 Released: Mon Jan 3 08:29:08 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:36-1 Released: Thu Jan 6 12:48:36 2022 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1193488,954813 This update for libzypp fixes the following issues: - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:49-1 Released: Tue Jan 11 09:19:15 2022 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191690 This update for apparmor fixes the following issues: - Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:72-1 Released: Thu Jan 13 16:13:36 2022 Summary: Recommended update for mozilla-nss and MozillaFirefox Type: recommended Severity: important References: 1193845 This update for mozilla-nss and MozillaFirefox fix the following issues: mozilla-nss: - Update from version 3.68.1 to 3.68.2 (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation MozillaFirefox: - Firefox Extended Support Release 91.4.1 ESR (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation to fix frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various microsoft.com domains ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:84-1 Released: Mon Jan 17 04:40:30 2022 Summary: Recommended update for dosfstools Type: recommended Severity: moderate References: 1172863,1188401 This update for dosfstools fixes the following issues: - To be able to create filesystems compatible with previous version, add -g command line option to mkfs (bsc#1188401) - BREAKING CHANGES: After fixing of bsc#1172863 in the last update, mkfs started to create different images than before. Applications that depend on exact FAT file format (e. g. embedded systems) may be broken in two ways: * The introduction of the alignment may create smaller images than before, with a different positions of important image elements. It can break existing software that expect images in doststools <= 4.1 style. To work around these problems, use '-a' command line argument. * The new image may contain a different geometry values. Geometry sensitive applications expecting doststools <= 4.1 style images can fails to accept different geometry values. There is no direct work around for this problem. But you can take the old image, use 'file -s $IMAGE', check its 'sectors/track' and 'heads', and use them in the newly introduced '-g' command line argument. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:184-1 Released: Tue Jan 25 18:20:56 2022 Summary: Security update for json-c Type: security Severity: important References: 1171479,CVE-2020-12762 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) The following package changes have been done: - SUSEConnect-0.3.32-3.40.1 updated - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - apparmor-parser-2.12.3-7.25.3 updated - bash-4.4-9.14.1 updated - bind-utils-9.16.6-12.57.1 updated - ca-certificates-mozilla-2.44-4.32.1 updated - chrony-pool-suse-3.2-9.24.2 updated - chrony-3.2-9.24.2 updated - cloud-init-config-suse-21.2-5.58.5 updated - cloud-init-21.2-5.58.5 updated - containerd-1.4.11-56.1 updated - cpio-2.12-3.9.1 updated - curl-7.60.0-28.1 updated - dbus-1-1.12.2-3.16.1 updated - dhcp-client-4.3.6.P1-6.11.1 updated - dhcp-4.3.6.P1-6.11.1 updated - docker-20.10.9_ce-156.1 updated - dosfstools-4.1-3.6.1 updated - e2fsprogs-1.43.8-4.26.1 updated - file-magic-5.32-7.14.1 updated - filesystem-15.0-11.3.2 updated - file-5.32-7.14.1 updated - glibc-locale-base-2.26-13.62.1 updated - glibc-locale-2.26-13.62.1 updated - glibc-2.26-13.62.1 updated - gpg2-2.2.5-4.19.8 updated - grub2-i386-pc-2.02-122.7.13 updated - grub2-x86_64-xen-2.02-122.7.13 updated - grub2-2.02-122.7.13 updated - kdump-0.8.16-14.6.1 updated - kernel-default-4.12.14-150.78.1 updated - keyutils-1.6.3-5.6.1 updated - kmod-compat-25-6.10.1 updated - kmod-25-6.10.1 updated - less-530-3.3.2 updated - libapparmor1-2.12.3-7.25.2 updated - libaugeas0-1.10.1-3.3.1 updated - libbind9-1600-9.16.6-12.57.1 updated - libbz2-1-1.0.6-5.11.1 updated - libcap2-2.26-4.6.1 updated - libcares2-1.17.1+20200724-3.17.1 updated - libcom_err2-1.43.8-4.26.1 updated - libcurl4-7.60.0-28.1 updated - libdbus-1-3-1.12.2-3.16.1 updated - libdns1605-9.16.6-12.57.1 updated - libesmtp-1.0.6-150.4.1 updated - libexpat1-2.2.5-3.9.1 updated - libext2fs2-1.43.8-4.26.1 updated - libfreebl3-3.68.2-3.64.2 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-1.8.2-6.55.1 updated - libglib-2_0-0-2.54.3-4.24.1 updated - libgmodule-2_0-0-2.54.3-4.24.1 updated - libgmp10-6.1.2-4.9.1 updated - libgnutls30-3.6.7-6.40.2 updated - libhogweed4-3.4.1-4.18.1 updated - libirs1601-9.16.6-12.57.1 updated - libisc1606-9.16.6-12.57.1 updated - libisccc1600-9.16.6-12.57.1 updated - libisccfg1600-9.16.6-12.57.1 updated - libjson-c3-0.13-3.3.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libkmod2-25-6.10.1 updated - libldap-2_4-2-2.4.46-9.58.1 updated - libldap-data-2.4.46-9.58.1 updated - liblua5_3-5-5.3.6-3.6.1 updated - liblz4-1-1.8.0-3.8.1 updated - libmagic1-5.32-7.14.1 updated - libncurses6-6.1-5.9.1 updated - libnettle6-3.4.1-4.18.1 updated - libnghttp2-14-1.40.0-3.11.1 updated - libns1604-9.16.6-12.57.1 updated - libopeniscsiusr0_2_0-2.0.876-13.42.1 updated - libopenssl1_1-1.1.0i-4.63.1 updated - libp11-kit0-0.23.2-4.13.1 updated - libpcap1-1.8.1-4.5.1 updated - libpcre1-8.45-20.10.1 updated - libpcre2-8-0-10.31-3.3.1 updated - libprocps7-3.3.15-7.19.1 updated - libprotobuf-lite15-3.5.0-5.2.1 added - libpython3_6m1_0-3.6.15-3.91.3 updated - libreadline7-7.0-9.14.1 updated - libruby2_5-2_5-2.5.9-4.20.1 updated - libsigc-2_0-0-2.10.0-3.7.1 updated - libsnappy1-1.1.8-3.3.1 updated - libsolv-tools-0.7.20-3.48.1 updated - libsqlite3-0-3.36.0-3.12.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-234-24.102.1 updated - libudev1-234-24.102.1 updated - libxml2-2-2.9.7-3.37.1 updated - libz1-1.2.11-3.24.1 updated - libzstd1-1.4.4-1.6.1 updated - libzypp-17.29.0-3.81.1 updated - ncurses-utils-6.1-5.9.1 updated - netcfg-11.6-3.3.1 updated - open-iscsi-2.0.876-13.42.1 updated - openssh-7.6p1-9.44.1 updated - openssl-1_1-1.1.0i-4.63.1 updated - p11-kit-tools-0.23.2-4.13.1 updated - p11-kit-0.23.2-4.13.1 updated - pam-1.3.0-6.50.1 updated - procps-3.3.15-7.19.1 updated - python3-Jinja2-2.10.1-3.10.2 updated - python3-asn1crypto-0.24.0-3.2.1 updated - python3-base-3.6.15-3.91.3 updated - python3-bind-9.16.6-12.57.1 updated - python3-blinker-1.4-3.4.1 updated - python3-cffi-1.11.2-4.6.1 updated - python3-cryptography-2.1.4-4.9.2 updated - python3-ecdsa-0.13.3-3.7.1 updated - python3-jsonschema-2.6.0-4.2.2 updated - python3-oauthlib-2.0.6-3.4.1 updated - python3-pyasn1-0.4.2-3.2.1 updated - python3-pycparser-2.17-3.2.1 updated - python3-py-1.5.2-3.3.1 updated - python3-urllib3-1.22-6.12.1 updated - python3-3.6.15-3.91.4 updated - qemu-tools-2.11.2-70.59.1 updated - rsyslog-8.33.1-3.34.2 updated - ruby2.5-stdlib-2.5.9-4.20.1 updated - ruby2.5-2.5.9-4.20.1 updated - runc-1.0.3-27.1 added - sed-4.4-4.3.1 updated - sudo-1.8.27-4.21.4 updated - supportutils-3.1.17-5.34.1 updated - suse-build-key-12.0-8.16.1 updated - suse-module-tools-15.0.10-3.12.1 updated - systemd-sysvinit-234-24.102.1 updated - systemd-234-24.102.1 updated - tar-1.30-3.9.1 updated - tcpdump-4.9.2-3.15.1 updated - terminfo-base-6.1-5.9.1 updated - terminfo-6.1-5.9.1 updated - thin-provisioning-tools-0.7.5-3.3.1 updated - timezone-2021e-75.4.1 updated - udev-234-24.102.1 updated - vim-data-common-8.0.1568-5.14.1 updated - vim-8.0.1568-5.14.1 updated - wget-1.20.3-3.12.1 updated - xen-libs-4.10.4_30-3.68.1 updated - xen-tools-domU-4.10.4_30-3.68.1 updated - xfsprogs-4.15.0-4.52.1 updated - xkeyboard-config-2.23.1-3.9.1 updated - zypper-1.14.50-3.60.1 updated - docker-libnetwork-0.7.0.1+gitr2902_153d0769a118-4.21.2 removed - docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.38.2 removed - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Thu Feb 3 07:48:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Feb 2022 08:48:53 +0100 (CET) Subject: SUSE-CU-2022:108-1: Security update of trento/trento-db Message-ID: <20220203074853.1C56CFE02@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:108-1 Container Tags : trento/trento-db:14.1 , trento/trento-db:14.1-rev1.0.0 , trento/trento-db:14.1-rev1.0.0-build150300.2.2.24 , trento/trento-db:latest Container Release : 150300.2.2.24 Severity : important Type : security References : 1139519 1171479 1178561 1183572 1183574 1183905 1188571 1190515 1191227 1191532 1192423 1192684 1192858 1193181 1193430 1193690 1193759 1194178 1194251 1194362 1194469 1194474 1194476 1194477 1194478 1194479 1194480 1194859 1195048 CVE-2020-12762 CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-36222 CVE-2021-3997 CVE-2021-4122 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2021-45960 CVE-2021-46143 CVE-2022-0336 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 ----------------------------------------------------------------- The container trento/trento-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4165-1 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1193430 This update for kmod fixes the following issues: - Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1183905,1193181 This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:144-1 Released: Thu Jan 20 16:38:23 2022 Summary: Security update for cryptsetup Type: security Severity: moderate References: 1194469,CVE-2021-4122 This update for cryptsetup fixes the following issues: - CVE-2021-4122: Fixed possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery (bsc#1194469). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:184-1 Released: Tue Jan 25 18:20:56 2022 Summary: Security update for json-c Type: security Severity: important References: 1171479,CVE-2020-12762 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 1 16:35:51 2022 Summary: Security update for samba Type: security Severity: important References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). The following package changes have been done: - glibc-locale-base-2.31-9.9.1 updated - libapparmor1-2.13.6-150300.3.11.1 updated - libdevmapper1_03-1.02.163-8.39.1 updated - libexpat1-2.2.5-3.9.1 updated - libjson-c3-0.13-3.3.1 updated - libkmod2-29-4.15.1 updated - glibc-locale-2.31-9.9.1 updated - libcryptsetup12-2.3.7-150300.3.5.1 updated - kmod-29-4.15.1 updated - libcryptsetup12-hmac-2.3.7-150300.3.5.1 updated - systemd-246.16-7.33.1 updated - udev-246.16-7.33.1 updated From sle-updates at lists.suse.com Thu Feb 3 07:49:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Feb 2022 08:49:11 +0100 (CET) Subject: SUSE-CU-2022:109-1: Security update of trento/trento-runner Message-ID: <20220203074911.37BCBFE02@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-runner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:109-1 Container Tags : trento/trento-runner:0.8.1 , trento/trento-runner:0.8.1-rev1.1.0 , trento/trento-runner:0.8.1-rev1.1.0-build150300.3.2.2 , trento/trento-runner:latest Container Release : 150300.3.2.2 Severity : important Type : security References : 1180125 1190566 1190824 1192249 1193179 1193711 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 ----------------------------------------------------------------- The container trento/trento-runner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:4162-1 Released: Wed Dec 22 16:28:38 2021 Summary: Feature update for trento-premium Type: optional Severity: moderate References: This update ships 'trento-premium' monitoring solution for SLES 4 SAP. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:48-1 Released: Tue Jan 11 09:17:57 2022 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1190566,1192249,1193179 This update for python3 fixes the following issues: - Don't use OpenSSL 1.1 on platforms which don't have it. - Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249). - Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+' (bsc#1190566) - Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:314-1 Released: Wed Feb 2 15:01:42 2022 Summary: Recommended update for trento-premium Type: recommended Severity: moderate References: This update for trento-premium fixes the following issues: Release 0.8.1 fixes these issues: - web pod crashing when receiving unexpected data - Recover and handle panics in projectors - Fix parse azure cloud data Release 0.8.0 fixes these issues: - Cloud provider name is missing from the host's Cloud Detail section - Allow --help as non-root for install-agent.sh - 'Select All' and 'Deselect All' are missing in Filters 'Health status...' - Cross reference the related variables between the helm charts - Add mTLS agent/server configuration to the installers and the helm chart - Run npx prettier formatting on e2e test files - Add new e2e tests for the checks catalog view - Add provider field in the cloud details section - Check results pruning command and cron job - Store runner check results in the database - Projected events are skipped if events are coming almost in parallel - Filters not visualized when they are set in the URI - Individual checks are not properly highlighted when selected in the cluster settings modal - DB address appears as `` in the demo environment - Health overview should give information about all the hosts - Premium badge in the checks catalog out of place - Obsolete database info in Hosts detail view after un\_registration - Duplicate database after unregistration and registration process - page 'Pacemaker Clusters' not reloaded automatically after tag removed - Fix tag removal when filtering - Fix health container numbers and pagination numbers - Set table filters properly when the page is reloaded in a new tab - Fix checkbox not shown as selected inside tables - Replace premium check position to description column - Fix error in prune checks chart declaration - Create the premium detecion service mocks properly - Telemetry context: `apiHost` is a confusing name - Add tests to the cmd line and env variables usage The following package changes have been done: - libexpat1-2.2.5-3.9.1 updated - trento-premium-0.8.1+git.dev69.1643724601.92fd00b-150300.3.5.1 updated - python3-base-3.6.15-10.15.1 updated - libpython3_6m1_0-3.6.15-10.15.1 updated - python3-3.6.15-10.15.1 updated - python3-rpm-4.14.3-43.1 updated - ansible-core-2.11.6-150300.1.2 updated - python3-PrettyTable-0.7.2-3.23 removed - python3-ara-1.5.7-1.1 removed - python3-cliff-3.1.0-7.4.6 removed - python3-cmd2-0.8.9-7.4.3 removed - python3-pbr-4.3.0-6.22 removed - python3-pyperclip-1.6.0-1.17 removed - python3-stevedore-1.32.0-7.4.4 removed - python3-wcwidth-0.1.8-3.5.11 removed From sle-updates at lists.suse.com Thu Feb 3 07:49:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Feb 2022 08:49:35 +0100 (CET) Subject: SUSE-CU-2022:111-1: Recommended update of trento/trento-web Message-ID: <20220203074935.B79F5FE02@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:111-1 Container Tags : trento/trento-web:0.8.1 , trento/trento-web:0.8.1-rev1.0.0 , trento/trento-web:0.8.1-rev1.0.0-build150300.2.2.23 , trento/trento-web:latest Container Release : 150300.2.2.23 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:4162-1 Released: Wed Dec 22 16:28:38 2021 Summary: Feature update for trento-premium Type: optional Severity: moderate References: This update ships 'trento-premium' monitoring solution for SLES 4 SAP. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:314-1 Released: Wed Feb 2 15:01:42 2022 Summary: Recommended update for trento-premium Type: recommended Severity: moderate References: This update for trento-premium fixes the following issues: Release 0.8.1 fixes these issues: - web pod crashing when receiving unexpected data - Recover and handle panics in projectors - Fix parse azure cloud data Release 0.8.0 fixes these issues: - Cloud provider name is missing from the host's Cloud Detail section - Allow --help as non-root for install-agent.sh - 'Select All' and 'Deselect All' are missing in Filters 'Health status...' - Cross reference the related variables between the helm charts - Add mTLS agent/server configuration to the installers and the helm chart - Run npx prettier formatting on e2e test files - Add new e2e tests for the checks catalog view - Add provider field in the cloud details section - Check results pruning command and cron job - Store runner check results in the database - Projected events are skipped if events are coming almost in parallel - Filters not visualized when they are set in the URI - Individual checks are not properly highlighted when selected in the cluster settings modal - DB address appears as `` in the demo environment - Health overview should give information about all the hosts - Premium badge in the checks catalog out of place - Obsolete database info in Hosts detail view after un\_registration - Duplicate database after unregistration and registration process - page 'Pacemaker Clusters' not reloaded automatically after tag removed - Fix tag removal when filtering - Fix health container numbers and pagination numbers - Set table filters properly when the page is reloaded in a new tab - Fix checkbox not shown as selected inside tables - Replace premium check position to description column - Fix error in prune checks chart declaration - Create the premium detecion service mocks properly - Telemetry context: `apiHost` is a confusing name - Add tests to the cmd line and env variables usage The following package changes have been done: - trento-premium-0.8.1+git.dev69.1643724601.92fd00b-150300.3.5.1 updated From sle-updates at lists.suse.com Thu Feb 3 14:18:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Feb 2022 15:18:28 +0100 (CET) Subject: SUSE-RU-2022:0317-1: moderate: Recommended update for wicked Message-ID: <20220203141828.7BED3FE02@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0317-1 Rating: moderate References: #1057592 #1156920 #1160654 #1178357 #1181163 #1181812 #1182227 #1183407 #1183495 #1188019 #1189560 #1192164 #1192311 #1192353 #1194392 SLE-9750 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that has 15 recommended fixes and contains one feature can now be installed. Description: This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 Service Pack 3 (bsc#1183407,jsc#SLE-9750) - Parse sysctl files in the correct order - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as "up" when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Add `ethtool --get-permanent-address` option in the client - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-317=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-317=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): wicked-0.6.68-150300.4.5.1 wicked-debuginfo-0.6.68-150300.4.5.1 wicked-debugsource-0.6.68-150300.4.5.1 wicked-service-0.6.68-150300.4.5.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): wicked-0.6.68-150300.4.5.1 wicked-debuginfo-0.6.68-150300.4.5.1 wicked-debugsource-0.6.68-150300.4.5.1 wicked-service-0.6.68-150300.4.5.1 References: https://bugzilla.suse.com/1057592 https://bugzilla.suse.com/1156920 https://bugzilla.suse.com/1160654 https://bugzilla.suse.com/1178357 https://bugzilla.suse.com/1181163 https://bugzilla.suse.com/1181812 https://bugzilla.suse.com/1182227 https://bugzilla.suse.com/1183407 https://bugzilla.suse.com/1183495 https://bugzilla.suse.com/1188019 https://bugzilla.suse.com/1189560 https://bugzilla.suse.com/1192164 https://bugzilla.suse.com/1192311 https://bugzilla.suse.com/1192353 https://bugzilla.suse.com/1194392 From sle-updates at lists.suse.com Thu Feb 3 14:20:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Feb 2022 15:20:19 +0100 (CET) Subject: SUSE-RU-2022:0316-1: moderate: Recommended update for vino Message-ID: <20220203142019.871C9FE02@maintenance.suse.de> SUSE Recommended Update: Recommended update for vino ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0316-1 Rating: moderate References: #1177663 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vino fixes the following issues: - Remove telepathy dbus service because telepathy is disabled (bsc#1177663) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-316=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-316=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): vino-lang-3.22.0-11.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): vino-3.22.0-11.3.1 vino-debuginfo-3.22.0-11.3.1 vino-debugsource-3.22.0-11.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): vino-3.22.0-11.3.1 vino-debuginfo-3.22.0-11.3.1 vino-debugsource-3.22.0-11.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): vino-lang-3.22.0-11.3.1 References: https://bugzilla.suse.com/1177663 From sle-updates at lists.suse.com Thu Feb 3 14:20:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Feb 2022 15:20:51 +0100 (CET) Subject: SUSE-RU-2022:0320-1: important: Recommended update for libqb Message-ID: <20220203142051.6B392FE02@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqb ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0320-1 Rating: important References: #1075418 #1188212 #1192470 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libqb fixes the following issues: - Add libqb-fix-linker-hack.patch to fix incomplete check for needing a work-around, which is wrong for newer binutils. (bsc#1192470, related to bsc#1075418) - log: callsite symbols of main object are also handled in initializer (bsc#1075418) - IPC: server: avoid temporary channel priority loss, up to deadlock-worth (bsc#1188212) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-320=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-320=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-320=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2022-320=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libqb-debugsource-1.0.3+20171226.6d62b64-4.6.1 libqb-devel-1.0.3+20171226.6d62b64-4.6.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): libqb-debugsource-1.0.3+20171226.6d62b64-4.6.1 libqb0-1.0.3+20171226.6d62b64-4.6.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-4.6.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libqb-debugsource-1.0.3+20171226.6d62b64-4.6.1 libqb0-1.0.3+20171226.6d62b64-4.6.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-4.6.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): libqb-debugsource-1.0.3+20171226.6d62b64-4.6.1 libqb0-1.0.3+20171226.6d62b64-4.6.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-4.6.1 References: https://bugzilla.suse.com/1075418 https://bugzilla.suse.com/1188212 https://bugzilla.suse.com/1192470 From sle-updates at lists.suse.com Thu Feb 3 14:21:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Feb 2022 15:21:36 +0100 (CET) Subject: SUSE-RU-2022:0319-1: moderate: Recommended update for cargo-packaging, rustup, sccache Message-ID: <20220203142136.DBB6DFE02@maintenance.suse.de> SUSE Recommended Update: Recommended update for cargo-packaging, rustup, sccache ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0319-1 Rating: moderate References: SLE-22290 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for cargo-packaging, rustup, sccache fixes the following issues: rustup, cargo-packaging and sccache were added to the Development Tools Module. - rustup version 1.24.3~git0.ce5817a9. - cargo-packaging version 1.0.0~git6.d878e38. - sccache version 0.2.15~git1.22a176c. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-319=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): rustup-1.24.3~git1.0a74fef5-150300.7.6.1 rustup-debuginfo-1.24.3~git1.0a74fef5-150300.7.6.1 rustup-debugsource-1.24.3~git1.0a74fef5-150300.7.6.1 sccache-0.2.15~git0.6b6d2f7-150300.7.6.1 sccache-debuginfo-0.2.15~git0.6b6d2f7-150300.7.6.1 sccache-debugsource-0.2.15~git0.6b6d2f7-150300.7.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): cargo-packaging-1.0.0~git6.d878e38-150300.7.3.1 References: From sle-updates at lists.suse.com Thu Feb 3 14:22:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Feb 2022 15:22:04 +0100 (CET) Subject: SUSE-RU-2022:0318-1: moderate: Recommended update for wicked Message-ID: <20220203142204.1A9CBFE02@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0318-1 Rating: moderate References: #1029961 #1057592 #1156920 #1160654 #1177215 #1178357 #1181163 #1181186 #1181812 #1182227 #1183407 #1183495 #1188019 #1189560 #1192164 #1192311 #1192353 #1194392 #954329 SLE-9750 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 19 recommended fixes and contains one feature can now be installed. Description: This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 12 (bsc#1183407,jsc#SLE-9750) - Prepare RPM packaging for merging of /bin and /usr/bin directories, however this merge does not affect SUSE Linux Enterprise 12 (bsc#1029961) - Parse sysctl files in the correct order (bsc#1181186) - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as "up" when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Cleanup and improve ifconfig and ifpolicy access utilities - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Using wicked without nanny is no longer supported and use-nanny=false configuration option was removed - Add `ethtool --get-permanent-address` option in the client - Fix `ifup` to refresh link state of network interface after being unenslaved from an unconfigured master (bsc#954329) - Prevent re-trigger Duplicate Address Detection on address updates when is not needed (bsc#1177215) - Fix Network Information Service configuration (bsc#1181812) - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-318=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-318=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-318=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-318=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-318=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-318=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-318=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): wicked-0.6.68-38.45.1 wicked-debuginfo-0.6.68-38.45.1 wicked-debugsource-0.6.68-38.45.1 wicked-service-0.6.68-38.45.1 - SUSE OpenStack Cloud 8 (x86_64): wicked-0.6.68-38.45.1 wicked-debuginfo-0.6.68-38.45.1 wicked-debugsource-0.6.68-38.45.1 wicked-service-0.6.68-38.45.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): wicked-0.6.68-38.45.1 wicked-debuginfo-0.6.68-38.45.1 wicked-debugsource-0.6.68-38.45.1 wicked-service-0.6.68-38.45.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): wicked-0.6.68-38.45.1 wicked-debuginfo-0.6.68-38.45.1 wicked-debugsource-0.6.68-38.45.1 wicked-service-0.6.68-38.45.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): wicked-0.6.68-38.45.1 wicked-debuginfo-0.6.68-38.45.1 wicked-debugsource-0.6.68-38.45.1 wicked-service-0.6.68-38.45.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): wicked-0.6.68-38.45.1 wicked-debuginfo-0.6.68-38.45.1 wicked-debugsource-0.6.68-38.45.1 wicked-service-0.6.68-38.45.1 - HPE Helion Openstack 8 (x86_64): wicked-0.6.68-38.45.1 wicked-debuginfo-0.6.68-38.45.1 wicked-debugsource-0.6.68-38.45.1 wicked-service-0.6.68-38.45.1 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1057592 https://bugzilla.suse.com/1156920 https://bugzilla.suse.com/1160654 https://bugzilla.suse.com/1177215 https://bugzilla.suse.com/1178357 https://bugzilla.suse.com/1181163 https://bugzilla.suse.com/1181186 https://bugzilla.suse.com/1181812 https://bugzilla.suse.com/1182227 https://bugzilla.suse.com/1183407 https://bugzilla.suse.com/1183495 https://bugzilla.suse.com/1188019 https://bugzilla.suse.com/1189560 https://bugzilla.suse.com/1192164 https://bugzilla.suse.com/1192311 https://bugzilla.suse.com/1192353 https://bugzilla.suse.com/1194392 https://bugzilla.suse.com/954329 From sle-updates at lists.suse.com Thu Feb 3 14:26:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Feb 2022 15:26:25 +0100 (CET) Subject: SUSE-RU-2022:0315-1: moderate: Recommended update for wicked Message-ID: <20220203142625.35B15FE02@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0315-1 Rating: moderate References: #1029961 #1057592 #1156920 #1160654 #1177215 #1178357 #1181163 #1181186 #1181812 #1182227 #1183407 #1183495 #1188019 #1189560 #1192164 #1192311 #1192353 #1194392 #954329 SLE-9750 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 19 recommended fixes and contains one feature can now be installed. Description: This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 12 (bsc#1183407,jsc#SLE-9750) - Prepare RPM packaging for merging of /bin and /usr/bin directories, however this merge does not affect SUSE Linux Enterprise 12 (bsc#1029961) - Parse sysctl files in the correct order (bsc#1181186) - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as "up" when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Cleanup and improve ifconfig and ifpolicy access utilities - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Using wicked without nanny is no longer supported and use-nanny=false configuration option was removed - Add `ethtool --get-permanent-address` option in the client - Fix `ifup` to refresh link state of network interface after being unenslaved from an unconfigured master (bsc#954329) - Prevent re-trigger Duplicate Address Detection on address updates when is not needed (bsc#1177215) - Fix Network Information Service configuration (bsc#1181812) - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-315=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): wicked-0.6.68-3.16.1 wicked-debuginfo-0.6.68-3.16.1 wicked-debugsource-0.6.68-3.16.1 wicked-service-0.6.68-3.16.1 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1057592 https://bugzilla.suse.com/1156920 https://bugzilla.suse.com/1160654 https://bugzilla.suse.com/1177215 https://bugzilla.suse.com/1178357 https://bugzilla.suse.com/1181163 https://bugzilla.suse.com/1181186 https://bugzilla.suse.com/1181812 https://bugzilla.suse.com/1182227 https://bugzilla.suse.com/1183407 https://bugzilla.suse.com/1183495 https://bugzilla.suse.com/1188019 https://bugzilla.suse.com/1189560 https://bugzilla.suse.com/1192164 https://bugzilla.suse.com/1192311 https://bugzilla.suse.com/1192353 https://bugzilla.suse.com/1194392 https://bugzilla.suse.com/954329 From sle-updates at lists.suse.com Thu Feb 3 18:36:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Feb 2022 19:36:03 +0100 (CET) Subject: SUSE-RU-2022:0322-1: moderate: Recommended update for dracut Message-ID: <20220203183603.4A477FE02@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0322-1 Rating: moderate References: #1192685 #1194716 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - Fix(network): consistent use of "$gw" for gateway (bsc#1192685) - Fix(install): handle builtin modules (bsc#1194716) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-322=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-322=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-322=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): dracut-049.1+suse.228.g07676562-3.54.1 dracut-debuginfo-049.1+suse.228.g07676562-3.54.1 dracut-debugsource-049.1+suse.228.g07676562-3.54.1 dracut-fips-049.1+suse.228.g07676562-3.54.1 dracut-ima-049.1+suse.228.g07676562-3.54.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.228.g07676562-3.54.1 dracut-debuginfo-049.1+suse.228.g07676562-3.54.1 dracut-debugsource-049.1+suse.228.g07676562-3.54.1 dracut-fips-049.1+suse.228.g07676562-3.54.1 dracut-ima-049.1+suse.228.g07676562-3.54.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): dracut-049.1+suse.228.g07676562-3.54.1 dracut-debuginfo-049.1+suse.228.g07676562-3.54.1 dracut-debugsource-049.1+suse.228.g07676562-3.54.1 dracut-fips-049.1+suse.228.g07676562-3.54.1 References: https://bugzilla.suse.com/1192685 https://bugzilla.suse.com/1194716 From sle-updates at lists.suse.com Thu Feb 3 20:17:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Feb 2022 21:17:46 +0100 (CET) Subject: SUSE-SU-2022:0323-1: critical: Security update for samba Message-ID: <20220203201746.C1B7FFE02@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0323-1 Rating: critical References: #1089938 #1139519 #1158916 #1180064 #1182058 #1191227 #1192684 #1193533 #1193690 #1194859 #1195048 SLE-23330 Cross-References: CVE-2020-29361 CVE-2021-20316 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 CVSS scores: CVE-2020-29361 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-29361 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20316 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N CVE-2021-43566 (SUSE): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2021-44141 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-0336 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has 5 fixes is now available. Description: This update contains a major security update for Samba. samba has received security fixes: - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services (bsc#1195048); samba was updated to version 4.15.4; (jsc#SLE-23330); + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bso#13979); (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bso#14842); (bsc#1191227); - Build samba with embedded talloc, pytalloc, pytalloc-util, tdb, pytdb, tevent, pytevent, ldb, pyldb and pyldb-util libraries. The tdb and ldb tools are installed in /usr/lib[64]/samba/bin and their manpages in /usr/lib[64]/samba/man This avoids removing old functionality. samba was updated to 4.15.4: * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set "client max protocol" to NT1 before calling the "Reconnecting with SMB1 for workgroup listing" path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * "smbd --build-options" no longer works without an smb.conf file; (bso#14945); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba sssd was updated: - Build with the newer samba versions; (jsc#SLE-23330); - Fix a dependency loop by moving internal libraries to sssd-common package; (bsc#1182058); p11-kit was updated: Update to 0.23.2; (jsc#SLE-23330); * Fix forking issues with libffi * Fix various crashes in corner cases * Updated translations * Build fixes - Fix multiple integer overflows in rpc code (bsc#1180064 CVE-2020-29361): - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993) ca-certificates was updated: - p11-kit 0.23.1 supports pem-directory-hash. (jsc#SLE-23330) This update also ships: - libnettle 3.1 and gnutls 3.4.17 as parallel libraries to meet the requires of the newer samba. apparmor was updated: - Update samba apparmor profiles for samba 4.15 (jsc#SLE-23330); yast2-samba-client was updated: - With latest versions of samba (>=4.15.0) calling 'net ads lookup' with '-U%' fails; (boo#1193533). - yast-samba-client fails to join if /etc/samba/smb.conf or /etc/krb5.conf don't exist; (bsc#1089938) - Do not stop nmbd while nmbstatus is running, it is not necessary anymore; (bsc#1158916); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-323=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-323=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-323=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.8.2-56.6.3 libapparmor-devel-2.8.2-56.6.3 libipa_hbac-devel-1.16.1-7.28.9 libsamba-policy-devel-4.15.4+git.324.8332acf1a63-3.54.1 libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1 libsss_idmap-devel-1.16.1-7.28.9 libsss_nss_idmap-devel-1.16.1-7.28.9 p11-kit-debuginfo-0.23.2-8.3.2 p11-kit-debugsource-0.23.2-8.3.2 p11-kit-devel-0.23.2-8.3.2 samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1 samba-devel-4.15.4+git.324.8332acf1a63-3.54.1 sssd-debugsource-1.16.1-7.28.9 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): samba-devel-32bit-4.15.4+git.324.8332acf1a63-3.54.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-56.6.3 apache2-mod_apparmor-debuginfo-2.8.2-56.6.3 apparmor-debugsource-2.8.2-56.6.3 apparmor-parser-2.8.2-56.6.3 apparmor-parser-debuginfo-2.8.2-56.6.3 libapparmor1-2.8.2-56.6.3 libapparmor1-debuginfo-2.8.2-56.6.3 libgnutls30-3.4.17-8.4.1 libgnutls30-debuginfo-3.4.17-8.4.1 libhogweed4-3.1-21.3.2 libhogweed4-debuginfo-3.1-21.3.2 libipa_hbac0-1.16.1-7.28.9 libipa_hbac0-debuginfo-1.16.1-7.28.9 libnettle6-3.1-21.3.2 libnettle6-debuginfo-3.1-21.3.2 libp11-kit0-0.23.2-8.3.2 libp11-kit0-debuginfo-0.23.2-8.3.2 libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-3.54.1 libsamba-policy0-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 libsss_certmap0-1.16.1-7.28.9 libsss_certmap0-debuginfo-1.16.1-7.28.9 libsss_idmap0-1.16.1-7.28.9 libsss_idmap0-debuginfo-1.16.1-7.28.9 libsss_nss_idmap0-1.16.1-7.28.9 libsss_nss_idmap0-debuginfo-1.16.1-7.28.9 libsss_simpleifp0-1.16.1-7.28.9 libsss_simpleifp0-debuginfo-1.16.1-7.28.9 p11-kit-0.23.2-8.3.2 p11-kit-debuginfo-0.23.2-8.3.2 p11-kit-debugsource-0.23.2-8.3.2 p11-kit-nss-trust-0.23.2-8.3.2 p11-kit-tools-0.23.2-8.3.2 p11-kit-tools-debuginfo-0.23.2-8.3.2 pam_apparmor-2.8.2-56.6.3 perl-apparmor-2.8.2-56.6.3 perl-apparmor-debuginfo-2.8.2-56.6.3 python-sssd-config-1.16.1-7.28.9 python-sssd-config-debuginfo-1.16.1-7.28.9 samba-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1 samba-ldb-ldap-4.15.4+git.324.8332acf1a63-3.54.1 samba-ldb-ldap-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-python3-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-python3-4.15.4+git.324.8332acf1a63-3.54.1 samba-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-tool-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-libs-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 sssd-1.16.1-7.28.9 sssd-ad-1.16.1-7.28.9 sssd-ad-debuginfo-1.16.1-7.28.9 sssd-common-1.16.1-7.28.9 sssd-common-debuginfo-1.16.1-7.28.9 sssd-dbus-1.16.1-7.28.9 sssd-dbus-debuginfo-1.16.1-7.28.9 sssd-debugsource-1.16.1-7.28.9 sssd-ipa-1.16.1-7.28.9 sssd-ipa-debuginfo-1.16.1-7.28.9 sssd-krb5-1.16.1-7.28.9 sssd-krb5-common-1.16.1-7.28.9 sssd-krb5-common-debuginfo-1.16.1-7.28.9 sssd-krb5-debuginfo-1.16.1-7.28.9 sssd-ldap-1.16.1-7.28.9 sssd-ldap-debuginfo-1.16.1-7.28.9 sssd-proxy-1.16.1-7.28.9 sssd-proxy-debuginfo-1.16.1-7.28.9 sssd-tools-1.16.1-7.28.9 sssd-tools-debuginfo-1.16.1-7.28.9 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): gnutls-debugsource-3.4.17-8.4.1 libnettle-debugsource-3.1-21.3.2 pam_apparmor-debuginfo-2.8.2-56.6.3 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libapparmor1-32bit-2.8.2-56.6.3 libapparmor1-debuginfo-32bit-2.8.2-56.6.3 libgnutls30-32bit-3.4.17-8.4.1 libgnutls30-debuginfo-32bit-3.4.17-8.4.1 libhogweed4-32bit-3.1-21.3.2 libhogweed4-debuginfo-32bit-3.1-21.3.2 libnettle6-32bit-3.1-21.3.2 libnettle6-debuginfo-32bit-3.1-21.3.2 libp11-kit0-32bit-0.23.2-8.3.2 libp11-kit0-debuginfo-32bit-0.23.2-8.3.2 libsamba-policy0-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1 libsamba-policy0-python3-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 p11-kit-32bit-0.23.2-8.3.2 p11-kit-debuginfo-32bit-0.23.2-8.3.2 pam_apparmor-32bit-2.8.2-56.6.3 pam_apparmor-debuginfo-32bit-2.8.2-56.6.3 samba-client-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-python3-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): libsss_nss_idmap-devel-1.16.1-7.28.9 samba-devel-4.15.4+git.324.8332acf1a63-3.54.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apparmor-docs-2.8.2-56.6.3 apparmor-profiles-2.8.2-56.6.3 apparmor-utils-2.8.2-56.6.3 ca-certificates-1_201403302107-15.3.3 samba-doc-4.15.4+git.324.8332acf1a63-3.54.1 yast2-samba-client-3.1.23-3.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.15.4+git.324.8332acf1a63-3.54.1 ctdb-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1 References: https://www.suse.com/security/cve/CVE-2020-29361.html https://www.suse.com/security/cve/CVE-2021-20316.html https://www.suse.com/security/cve/CVE-2021-43566.html https://www.suse.com/security/cve/CVE-2021-44141.html https://www.suse.com/security/cve/CVE-2021-44142.html https://www.suse.com/security/cve/CVE-2022-0336.html https://bugzilla.suse.com/1089938 https://bugzilla.suse.com/1139519 https://bugzilla.suse.com/1158916 https://bugzilla.suse.com/1180064 https://bugzilla.suse.com/1182058 https://bugzilla.suse.com/1191227 https://bugzilla.suse.com/1192684 https://bugzilla.suse.com/1193533 https://bugzilla.suse.com/1193690 https://bugzilla.suse.com/1194859 https://bugzilla.suse.com/1195048 From sle-updates at lists.suse.com Fri Feb 4 11:18:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 12:18:41 +0100 (CET) Subject: SUSE-RU-2022:0324-1: moderate: Recommended update for supportutils-plugin-cloud-init Message-ID: <20220204111841.0D77CFEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0324-1 Rating: moderate References: SLE-19069 SLE-20508 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Manager Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Manager Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Storage 6 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for supportutils-plugin-cloud-init fixes the following issues: - This plugin adds functionality to the supportconfig tool, making it include logs and status of systemd services relating to cloud-init in the supportconfig tarballs. (jsc#SLE-19069, jsc#SLE-20508) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-324=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-324=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-324=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): supportutils-plugin-cloud-init-1.0-3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): supportutils-plugin-cloud-init-1.0-3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): supportutils-plugin-cloud-init-1.0-3.3.1 References: From sle-updates at lists.suse.com Fri Feb 4 14:18:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 15:18:37 +0100 (CET) Subject: SUSE-SU-2022:0333-1: important: Security update for xen Message-ID: <20220204141837.9AF0DFEB4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0333-1 Rating: important References: #1194576 #1194581 #1194588 Cross-References: CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVSS scores: CVE-2022-23034 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23035 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-333=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-333=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-333=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.3_06-150300.3.18.2 xen-debugsource-4.14.3_06-150300.3.18.2 xen-devel-4.14.3_06-150300.3.18.2 xen-tools-4.14.3_06-150300.3.18.2 xen-tools-debuginfo-4.14.3_06-150300.3.18.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.3_06-150300.3.18.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.3_06-150300.3.18.2 xen-libs-4.14.3_06-150300.3.18.2 xen-libs-debuginfo-4.14.3_06-150300.3.18.2 xen-tools-domU-4.14.3_06-150300.3.18.2 xen-tools-domU-debuginfo-4.14.3_06-150300.3.18.2 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.3_06-150300.3.18.2 xen-libs-4.14.3_06-150300.3.18.2 xen-libs-debuginfo-4.14.3_06-150300.3.18.2 References: https://www.suse.com/security/cve/CVE-2022-23033.html https://www.suse.com/security/cve/CVE-2022-23034.html https://www.suse.com/security/cve/CVE-2022-23035.html https://bugzilla.suse.com/1194576 https://bugzilla.suse.com/1194581 https://bugzilla.suse.com/1194588 From sle-updates at lists.suse.com Fri Feb 4 14:19:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 15:19:32 +0100 (CET) Subject: SUSE-SU-2022:0325-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) Message-ID: <20220204141932.72FDEFEB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0325-1 Rating: important References: #1186061 #1191529 #1192036 #1193161 #1193863 #1194680 Cross-References: CVE-2018-25020 CVE-2019-0136 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-3702 CVE-2021-23134 CVE-2021-42739 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-0136 (NVD) : 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2019-0136 (SUSE): 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2020-25670 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25670 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25671 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-23134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-23134 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_138 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060). - CVE-2019-0136: Fixed an insufficient access control which allow an unauthenticated user to execute a denial of service. (bsc#1193157) - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-325=1 SUSE-SLE-SAP-12-SP3-2022-326=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-325=1 SUSE-SLE-SERVER-12-SP3-2022-326=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_138-default-14-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-14-2.2 kgraft-patch-4_4_180-94_141-default-13-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-13-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_138-default-14-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-14-2.2 kgraft-patch-4_4_180-94_141-default-13-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-13-2.2 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2019-0136.html https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-23134.html https://www.suse.com/security/cve/CVE-2021-42739.html https://bugzilla.suse.com/1186061 https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1193161 https://bugzilla.suse.com/1193863 https://bugzilla.suse.com/1194680 From sle-updates at lists.suse.com Fri Feb 4 14:20:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 15:20:52 +0100 (CET) Subject: SUSE-RU-2022:0338-1: important: Recommended update for libzypp Message-ID: <20220204142052.692EAFEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0338-1 Rating: important References: #1193007 #1194597 #1194898 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Installer 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-338=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-338=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2022-338=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-338=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-338=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libzypp-17.29.3-3.86.1 libzypp-debuginfo-17.29.3-3.86.1 libzypp-debugsource-17.29.3-3.86.1 libzypp-devel-17.29.3-3.86.1 zypper-1.14.51-3.63.1 zypper-debuginfo-1.14.51-3.63.1 zypper-debugsource-1.14.51-3.63.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): zypper-log-1.14.51-3.63.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libzypp-17.29.3-3.86.1 libzypp-debuginfo-17.29.3-3.86.1 libzypp-debugsource-17.29.3-3.86.1 libzypp-devel-17.29.3-3.86.1 zypper-1.14.51-3.63.1 zypper-debuginfo-1.14.51-3.63.1 zypper-debugsource-1.14.51-3.63.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): zypper-log-1.14.51-3.63.1 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libzypp-17.29.3-3.86.1 zypper-1.14.51-3.63.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libzypp-17.29.3-3.86.1 libzypp-debuginfo-17.29.3-3.86.1 libzypp-debugsource-17.29.3-3.86.1 libzypp-devel-17.29.3-3.86.1 zypper-1.14.51-3.63.1 zypper-debuginfo-1.14.51-3.63.1 zypper-debugsource-1.14.51-3.63.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): zypper-log-1.14.51-3.63.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libzypp-17.29.3-3.86.1 libzypp-debuginfo-17.29.3-3.86.1 libzypp-debugsource-17.29.3-3.86.1 libzypp-devel-17.29.3-3.86.1 zypper-1.14.51-3.63.1 zypper-debuginfo-1.14.51-3.63.1 zypper-debugsource-1.14.51-3.63.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): zypper-log-1.14.51-3.63.1 References: https://bugzilla.suse.com/1193007 https://bugzilla.suse.com/1194597 https://bugzilla.suse.com/1194898 From sle-updates at lists.suse.com Fri Feb 4 14:21:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 15:21:49 +0100 (CET) Subject: SUSE-RU-2022:0337-1: important: Recommended update for libzypp Message-ID: <20220204142149.DAD69FEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0337-1 Rating: important References: #1193007 #1194597 #1194898 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-337=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-337=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-337=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2022-337=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-337=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-337=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-337=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libzypp-17.29.3-3.69.1 libzypp-debuginfo-17.29.3-3.69.1 libzypp-debugsource-17.29.3-3.69.1 libzypp-devel-17.29.3-3.69.1 zypper-1.14.51-3.49.1 zypper-debuginfo-1.14.51-3.49.1 zypper-debugsource-1.14.51-3.49.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): zypper-log-1.14.51-3.49.1 zypper-needs-restarting-1.14.51-3.49.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libzypp-17.29.3-3.69.1 libzypp-debuginfo-17.29.3-3.69.1 libzypp-debugsource-17.29.3-3.69.1 libzypp-devel-17.29.3-3.69.1 zypper-1.14.51-3.49.1 zypper-debuginfo-1.14.51-3.49.1 zypper-debugsource-1.14.51-3.49.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): zypper-log-1.14.51-3.49.1 zypper-needs-restarting-1.14.51-3.49.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libzypp-17.29.3-3.69.1 libzypp-debuginfo-17.29.3-3.69.1 libzypp-debugsource-17.29.3-3.69.1 libzypp-devel-17.29.3-3.69.1 zypper-1.14.51-3.49.1 zypper-debuginfo-1.14.51-3.49.1 zypper-debugsource-1.14.51-3.49.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): zypper-log-1.14.51-3.49.1 zypper-needs-restarting-1.14.51-3.49.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libzypp-17.29.3-3.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libzypp-17.29.3-3.69.1 libzypp-debuginfo-17.29.3-3.69.1 libzypp-debugsource-17.29.3-3.69.1 libzypp-devel-17.29.3-3.69.1 zypper-1.14.51-3.49.1 zypper-debuginfo-1.14.51-3.49.1 zypper-debugsource-1.14.51-3.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): zypper-log-1.14.51-3.49.1 zypper-needs-restarting-1.14.51-3.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libzypp-17.29.3-3.69.1 libzypp-debuginfo-17.29.3-3.69.1 libzypp-debugsource-17.29.3-3.69.1 libzypp-devel-17.29.3-3.69.1 zypper-1.14.51-3.49.1 zypper-debuginfo-1.14.51-3.49.1 zypper-debugsource-1.14.51-3.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): zypper-log-1.14.51-3.49.1 zypper-needs-restarting-1.14.51-3.49.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libzypp-17.29.3-3.69.1 libzypp-debuginfo-17.29.3-3.69.1 libzypp-debugsource-17.29.3-3.69.1 libzypp-devel-17.29.3-3.69.1 zypper-1.14.51-3.49.1 zypper-debuginfo-1.14.51-3.49.1 zypper-debugsource-1.14.51-3.49.1 - SUSE Enterprise Storage 6 (noarch): zypper-log-1.14.51-3.49.1 zypper-needs-restarting-1.14.51-3.49.1 - SUSE CaaS Platform 4.0 (x86_64): libzypp-17.29.3-3.69.1 libzypp-debuginfo-17.29.3-3.69.1 libzypp-debugsource-17.29.3-3.69.1 libzypp-devel-17.29.3-3.69.1 zypper-1.14.51-3.49.1 zypper-debuginfo-1.14.51-3.49.1 zypper-debugsource-1.14.51-3.49.1 - SUSE CaaS Platform 4.0 (noarch): zypper-log-1.14.51-3.49.1 zypper-needs-restarting-1.14.51-3.49.1 References: https://bugzilla.suse.com/1193007 https://bugzilla.suse.com/1194597 https://bugzilla.suse.com/1194898 From sle-updates at lists.suse.com Fri Feb 4 14:22:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 15:22:45 +0100 (CET) Subject: SUSE-RU-2022:0336-1: moderate: Recommended update for yast2-add-on Message-ID: <20220204142245.6E214FEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-add-on ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0336-1 Rating: moderate References: #1194851 #972046 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Linux Enterprise Installer 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-add-on fixes the following issues: - Restore the repo unexpanded URL to get it properly saved in the /etc/zypp/repos.d file (bsc#972046, bsc#1194851). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-336=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-336=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-add-on-4.3.10-150300.3.8.1 - SUSE Linux Enterprise Installer 15-SP3 (noarch): yast2-add-on-4.3.10-150300.3.8.1 References: https://bugzilla.suse.com/1194851 https://bugzilla.suse.com/972046 From sle-updates at lists.suse.com Fri Feb 4 14:24:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 15:24:24 +0100 (CET) Subject: SUSE-SU-2022:0328-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) Message-ID: <20220204142424.646F2FEB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0328-1 Rating: important References: #1191529 #1192036 #1193161 #1193863 Cross-References: CVE-2018-25020 CVE-2019-0136 CVE-2020-3702 CVE-2021-42739 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-0136 (NVD) : 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2019-0136 (SUSE): 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_147 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2019-0136: Fixed an insufficient access control which allow an unauthenticated user to execute a denial of service. (bsc#1193157) - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-328=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-328=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_147-default-7-2.2 kgraft-patch-4_4_180-94_147-default-debuginfo-7-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_147-default-7-2.2 kgraft-patch-4_4_180-94_147-default-debuginfo-7-2.2 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2019-0136.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-42739.html https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1193161 https://bugzilla.suse.com/1193863 From sle-updates at lists.suse.com Fri Feb 4 14:26:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 15:26:00 +0100 (CET) Subject: SUSE-SU-2022:0334-1: moderate: Security update for containerd, docker Message-ID: <20220204142600.B5811FEB4@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0334-1 Rating: moderate References: #1191015 #1191121 #1191334 #1191434 #1193273 Cross-References: CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVSS scores: CVE-2021-41089 (NVD) : 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2021-41089 (SUSE): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2021-41091 (NVD) : 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2021-41091 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2021-41092 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-41092 (SUSE): 5.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N CVE-2021-41103 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-41103 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-41190 (NVD) : 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N CVE-2021-41190 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.0 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed "cp" can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-334=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-334=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-334=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): containerd-1.4.12-60.1 docker-20.10.12_ce-159.1 docker-debuginfo-20.10.12_ce-159.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): docker-bash-completion-20.10.12_ce-159.1 docker-fish-completion-20.10.12_ce-159.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): containerd-1.4.12-60.1 docker-20.10.12_ce-159.1 docker-debuginfo-20.10.12_ce-159.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): containerd-1.4.12-60.1 docker-20.10.12_ce-159.1 docker-debuginfo-20.10.12_ce-159.1 References: https://www.suse.com/security/cve/CVE-2021-41089.html https://www.suse.com/security/cve/CVE-2021-41091.html https://www.suse.com/security/cve/CVE-2021-41092.html https://www.suse.com/security/cve/CVE-2021-41103.html https://www.suse.com/security/cve/CVE-2021-41190.html https://bugzilla.suse.com/1191015 https://bugzilla.suse.com/1191121 https://bugzilla.suse.com/1191334 https://bugzilla.suse.com/1191434 https://bugzilla.suse.com/1193273 From sle-updates at lists.suse.com Fri Feb 4 14:27:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 15:27:55 +0100 (CET) Subject: SUSE-SU-2022:0327-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) Message-ID: <20220204142755.A01FDFEB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0327-1 Rating: important References: #1186061 #1191529 #1192036 #1193161 #1193863 Cross-References: CVE-2018-25020 CVE-2019-0136 CVE-2020-3702 CVE-2021-23134 CVE-2021-42739 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-0136 (NVD) : 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2019-0136 (SUSE): 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-23134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-23134 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_144 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2021-23134: Fixed a use After Free vulnerability in nfc sockets which allows local attackers to elevate their privileges. (bsc#1186060) - CVE-2019-0136: Fixed an insufficient access control which allow an unauthenticated user to execute a denial of service. (bsc#1193157) - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-327=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-327=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_144-default-10-2.2 kgraft-patch-4_4_180-94_144-default-debuginfo-10-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_144-default-10-2.2 kgraft-patch-4_4_180-94_144-default-debuginfo-10-2.2 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2019-0136.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-23134.html https://www.suse.com/security/cve/CVE-2021-42739.html https://bugzilla.suse.com/1186061 https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1193161 https://bugzilla.suse.com/1193863 From sle-updates at lists.suse.com Fri Feb 4 14:29:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 15:29:42 +0100 (CET) Subject: SUSE-SU-2022:0330-1: important: Security update for glibc Message-ID: <20220204142942.6A7B9FEB4@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0330-1 Rating: important References: #1194640 #1194768 #1194770 #1194785 SLE-18195 Cross-References: CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 CVSS scores: CVE-2021-3999 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23218 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-23219 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that solves three vulnerabilities, contains one feature and has one errata is now available. Description: This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for "unix" (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-330=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-330=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-330=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-330=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-330=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.31-150300.9.12.1 glibc-debugsource-2.31-150300.9.12.1 glibc-devel-static-2.31-150300.9.12.1 glibc-utils-2.31-150300.9.12.1 glibc-utils-debuginfo-2.31-150300.9.12.1 glibc-utils-src-debugsource-2.31-150300.9.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): glibc-32bit-debuginfo-2.31-150300.9.12.1 glibc-devel-32bit-2.31-150300.9.12.1 glibc-devel-32bit-debuginfo-2.31-150300.9.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.31-150300.9.12.1 glibc-debugsource-2.31-150300.9.12.1 glibc-devel-static-2.31-150300.9.12.1 glibc-utils-2.31-150300.9.12.1 glibc-utils-debuginfo-2.31-150300.9.12.1 glibc-utils-src-debugsource-2.31-150300.9.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): glibc-32bit-debuginfo-2.31-150300.9.12.1 glibc-devel-32bit-2.31-150300.9.12.1 glibc-devel-32bit-debuginfo-2.31-150300.9.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.9.12.1 glibc-debuginfo-2.31-150300.9.12.1 glibc-debugsource-2.31-150300.9.12.1 glibc-devel-2.31-150300.9.12.1 glibc-devel-debuginfo-2.31-150300.9.12.1 glibc-extra-2.31-150300.9.12.1 glibc-extra-debuginfo-2.31-150300.9.12.1 glibc-locale-2.31-150300.9.12.1 glibc-locale-base-2.31-150300.9.12.1 glibc-locale-base-debuginfo-2.31-150300.9.12.1 glibc-profile-2.31-150300.9.12.1 nscd-2.31-150300.9.12.1 nscd-debuginfo-2.31-150300.9.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): glibc-i18ndata-2.31-150300.9.12.1 glibc-info-2.31-150300.9.12.1 glibc-lang-2.31-150300.9.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): glibc-32bit-2.31-150300.9.12.1 glibc-32bit-debuginfo-2.31-150300.9.12.1 glibc-locale-base-32bit-2.31-150300.9.12.1 glibc-locale-base-32bit-debuginfo-2.31-150300.9.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.9.12.1 glibc-debuginfo-2.31-150300.9.12.1 glibc-debugsource-2.31-150300.9.12.1 glibc-devel-2.31-150300.9.12.1 glibc-devel-debuginfo-2.31-150300.9.12.1 glibc-extra-2.31-150300.9.12.1 glibc-extra-debuginfo-2.31-150300.9.12.1 glibc-locale-2.31-150300.9.12.1 glibc-locale-base-2.31-150300.9.12.1 glibc-locale-base-debuginfo-2.31-150300.9.12.1 glibc-profile-2.31-150300.9.12.1 nscd-2.31-150300.9.12.1 nscd-debuginfo-2.31-150300.9.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): glibc-32bit-2.31-150300.9.12.1 glibc-32bit-debuginfo-2.31-150300.9.12.1 glibc-locale-base-32bit-2.31-150300.9.12.1 glibc-locale-base-32bit-debuginfo-2.31-150300.9.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): glibc-i18ndata-2.31-150300.9.12.1 glibc-info-2.31-150300.9.12.1 glibc-lang-2.31-150300.9.12.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): glibc-2.31-150300.9.12.1 glibc-debuginfo-2.31-150300.9.12.1 glibc-debugsource-2.31-150300.9.12.1 glibc-locale-2.31-150300.9.12.1 glibc-locale-base-2.31-150300.9.12.1 glibc-locale-base-debuginfo-2.31-150300.9.12.1 References: https://www.suse.com/security/cve/CVE-2021-3999.html https://www.suse.com/security/cve/CVE-2022-23218.html https://www.suse.com/security/cve/CVE-2022-23219.html https://bugzilla.suse.com/1194640 https://bugzilla.suse.com/1194768 https://bugzilla.suse.com/1194770 https://bugzilla.suse.com/1194785 From sle-updates at lists.suse.com Fri Feb 4 14:30:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 15:30:45 +0100 (CET) Subject: SUSE-RU-2022:0335-1: moderate: Recommended update for coreutils Message-ID: <20220204143045.2FD6BFEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for coreutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0335-1 Rating: moderate References: #1189152 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for coreutils fixes the following issues: - Add "fuse.portal" as a dummy file system (used in flatpak implementations) (bsc#1189152). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-335=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-335=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): coreutils-8.32-150300.3.5.1 coreutils-debuginfo-8.32-150300.3.5.1 coreutils-debugsource-8.32-150300.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): coreutils-doc-8.32-150300.3.5.1 coreutils-lang-8.32-150300.3.5.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): coreutils-8.32-150300.3.5.1 coreutils-debuginfo-8.32-150300.3.5.1 coreutils-debugsource-8.32-150300.3.5.1 - SUSE Linux Enterprise Micro 5.1 (noarch): coreutils-doc-8.32-150300.3.5.1 References: https://bugzilla.suse.com/1189152 From sle-updates at lists.suse.com Fri Feb 4 14:31:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 15:31:23 +0100 (CET) Subject: SUSE-SU-2022:0329-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) Message-ID: <20220204143123.7508EFEB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0329-1 Rating: important References: #1193161 #1193863 Cross-References: CVE-2018-25020 CVE-2019-0136 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-0136 (NVD) : 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2019-0136 (SUSE): 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_150 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2019-0136: Fixed an insufficient access control which allow an unauthenticated user to execute a denial of service. (bsc#1193157) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-329=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-329=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_150-default-3-2.2 kgraft-patch-4_4_180-94_150-default-debuginfo-3-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_150-default-3-2.2 kgraft-patch-4_4_180-94_150-default-debuginfo-3-2.2 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2019-0136.html https://bugzilla.suse.com/1193161 https://bugzilla.suse.com/1193863 From sle-updates at lists.suse.com Fri Feb 4 14:32:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 15:32:04 +0100 (CET) Subject: SUSE-SU-2022:0332-1: important: Security update for xen Message-ID: <20220204143204.6BD14FEB4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0332-1 Rating: important References: #1194581 #1194588 Cross-References: CVE-2022-23034 CVE-2022-23035 CVSS scores: CVE-2022-23034 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23035 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-332=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-332=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-332=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): xen-4.10.4_32-3.71.1 xen-debugsource-4.10.4_32-3.71.1 xen-devel-4.10.4_32-3.71.1 xen-libs-4.10.4_32-3.71.1 xen-libs-debuginfo-4.10.4_32-3.71.1 xen-tools-4.10.4_32-3.71.1 xen-tools-debuginfo-4.10.4_32-3.71.1 xen-tools-domU-4.10.4_32-3.71.1 xen-tools-domU-debuginfo-4.10.4_32-3.71.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): xen-4.10.4_32-3.71.1 xen-debugsource-4.10.4_32-3.71.1 xen-devel-4.10.4_32-3.71.1 xen-libs-4.10.4_32-3.71.1 xen-libs-debuginfo-4.10.4_32-3.71.1 xen-tools-4.10.4_32-3.71.1 xen-tools-debuginfo-4.10.4_32-3.71.1 xen-tools-domU-4.10.4_32-3.71.1 xen-tools-domU-debuginfo-4.10.4_32-3.71.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): xen-4.10.4_32-3.71.1 xen-debugsource-4.10.4_32-3.71.1 xen-devel-4.10.4_32-3.71.1 xen-libs-4.10.4_32-3.71.1 xen-libs-debuginfo-4.10.4_32-3.71.1 xen-tools-4.10.4_32-3.71.1 xen-tools-debuginfo-4.10.4_32-3.71.1 xen-tools-domU-4.10.4_32-3.71.1 xen-tools-domU-debuginfo-4.10.4_32-3.71.1 References: https://www.suse.com/security/cve/CVE-2022-23034.html https://www.suse.com/security/cve/CVE-2022-23035.html https://bugzilla.suse.com/1194581 https://bugzilla.suse.com/1194588 From sle-updates at lists.suse.com Fri Feb 4 14:32:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Feb 2022 15:32:42 +0100 (CET) Subject: SUSE-SU-2022:0331-1: important: Security update for xen Message-ID: <20220204143242.7F857FEB4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0331-1 Rating: important References: #1194581 #1194588 Cross-References: CVE-2022-23034 CVE-2022-23035 CVSS scores: CVE-2022-23034 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23035 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-331=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-331=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-331=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-331=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_26-2.68.1 xen-debugsource-4.11.4_26-2.68.1 xen-doc-html-4.11.4_26-2.68.1 xen-libs-32bit-4.11.4_26-2.68.1 xen-libs-4.11.4_26-2.68.1 xen-libs-debuginfo-32bit-4.11.4_26-2.68.1 xen-libs-debuginfo-4.11.4_26-2.68.1 xen-tools-4.11.4_26-2.68.1 xen-tools-debuginfo-4.11.4_26-2.68.1 xen-tools-domU-4.11.4_26-2.68.1 xen-tools-domU-debuginfo-4.11.4_26-2.68.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_26-2.68.1 xen-debugsource-4.11.4_26-2.68.1 xen-doc-html-4.11.4_26-2.68.1 xen-libs-32bit-4.11.4_26-2.68.1 xen-libs-4.11.4_26-2.68.1 xen-libs-debuginfo-32bit-4.11.4_26-2.68.1 xen-libs-debuginfo-4.11.4_26-2.68.1 xen-tools-4.11.4_26-2.68.1 xen-tools-debuginfo-4.11.4_26-2.68.1 xen-tools-domU-4.11.4_26-2.68.1 xen-tools-domU-debuginfo-4.11.4_26-2.68.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_26-2.68.1 xen-debugsource-4.11.4_26-2.68.1 xen-doc-html-4.11.4_26-2.68.1 xen-libs-32bit-4.11.4_26-2.68.1 xen-libs-4.11.4_26-2.68.1 xen-libs-debuginfo-32bit-4.11.4_26-2.68.1 xen-libs-debuginfo-4.11.4_26-2.68.1 xen-tools-4.11.4_26-2.68.1 xen-tools-debuginfo-4.11.4_26-2.68.1 xen-tools-domU-4.11.4_26-2.68.1 xen-tools-domU-debuginfo-4.11.4_26-2.68.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_26-2.68.1 xen-debugsource-4.11.4_26-2.68.1 xen-doc-html-4.11.4_26-2.68.1 xen-libs-32bit-4.11.4_26-2.68.1 xen-libs-4.11.4_26-2.68.1 xen-libs-debuginfo-32bit-4.11.4_26-2.68.1 xen-libs-debuginfo-4.11.4_26-2.68.1 xen-tools-4.11.4_26-2.68.1 xen-tools-debuginfo-4.11.4_26-2.68.1 xen-tools-domU-4.11.4_26-2.68.1 xen-tools-domU-debuginfo-4.11.4_26-2.68.1 References: https://www.suse.com/security/cve/CVE-2022-23034.html https://www.suse.com/security/cve/CVE-2022-23035.html https://bugzilla.suse.com/1194581 https://bugzilla.suse.com/1194588 From sle-updates at lists.suse.com Sat Feb 5 08:10:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Feb 2022 09:10:54 +0100 (CET) Subject: SUSE-CU-2022:113-1: Recommended update of suse/sle15 Message-ID: <20220205081054.25B97FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:113-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.509 Container Release : 4.22.509 Severity : important Type : recommended References : 1193007 1194597 1194898 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:338-1 Released: Fri Feb 4 11:09:11 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1194597,1194898 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) The following package changes have been done: - libzypp-17.29.3-3.86.1 updated - zypper-1.14.51-3.63.1 updated From sle-updates at lists.suse.com Sat Feb 5 08:35:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Feb 2022 09:35:00 +0100 (CET) Subject: SUSE-CU-2022:114-1: Recommended update of suse/sle15 Message-ID: <20220205083500.040E8FEB4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:114-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.565 Container Release : 6.2.565 Severity : important Type : recommended References : 1193007 1194597 1194898 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:337-1 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1194597,1194898 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) The following package changes have been done: - libzypp-17.29.3-3.69.1 updated - zypper-1.14.51-3.49.1 updated From sle-updates at lists.suse.com Sat Feb 5 08:36:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Feb 2022 09:36:41 +0100 (CET) Subject: SUSE-CU-2022:115-1: Recommended update of suse/sle15 Message-ID: <20220205083641.7CF85FEB4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:115-1 Container Tags : suse/sle15:15.4 , suse/sle15:15.4.150400.22.12 Container Release : 150400.22.12 Severity : moderate Type : recommended References : 1188348 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). The following package changes have been done: - bash-4.4-150400.23.54 updated - boost-license1_66_0-1.66.0-150400.16.2 updated - cpio-2.13-150400.1.41 updated - crypto-policies-20210917.c9d86d1-150400.1.4 updated - glibc-2.31-9.9.1 updated - krb5-1.19.2-150400.1.5 updated - libaugeas0-1.12.0-150400.1.2 updated - libblkid1-2.37.2-150400.3.1 updated - libboost_system1_66_0-1.66.0-150400.16.2 updated - libboost_thread1_66_0-1.66.0-150400.16.2 updated - libbz2-1-1.0.8-150400.1.55 updated - libcom_err2-1.46.4-150400.1.26 updated - libcurl4-7.79.1-150400.1.6 updated - libdw1-0.185-150400.2.55 updated - libeconf0-0.3.8+git20200710.5126fff-3.2.1 added - libelf1-0.185-150400.2.55 updated - libfdisk1-2.37.2-150400.3.1 updated - libgcrypt20-hmac-1.9.4-150400.1.67 updated - libgcrypt20-1.9.4-150400.1.67 updated - libglib-2_0-0-2.70.2-150400.1.3 updated - libgpg-error0-1.42-150400.1.65 updated - libgpgme11-1.16.0-150400.1.37 updated - liblz4-1-1.9.3-150400.1.4 updated - libmount1-2.37.2-150400.3.1 updated - libopenssl1_1-hmac-1.1.1l-150400.2.39 updated - libopenssl1_1-1.1.1l-150400.2.39 updated - libp11-kit0-0.23.22-150400.1.7 updated - libproxy1-0.4.17-150400.1.4 updated - libreadline7-7.0-150400.23.54 updated - libselinux1-3.1-150400.1.11 updated - libsemanage1-3.1-150400.1.10 updated - libsepol1-3.1-150400.1.12 updated - libsmartcols1-2.37.2-150400.3.1 updated - libsolv-tools-0.7.20-150400.1.9 updated - libsystemd0-249.7-150400.2.16 updated - libudev1-249.7-150400.2.16 updated - libuuid1-2.37.2-150400.3.1 updated - libxml2-2-2.9.12-150400.2.2 updated - libzstd1-1.5.0-150400.1.20 updated - libzypp-17.28.8-150400.1.5 updated - login_defs-4.8.1-150400.7.28 updated - openssl-1_1-1.1.1l-150400.2.39 updated - p11-kit-tools-0.23.22-150400.1.7 updated - p11-kit-0.23.22-150400.1.7 updated - patterns-base-fips-20200124-150400.17.1 updated - rpm-config-SUSE-1-150400.11.31 updated - rpm-ndb-4.14.3-150400.41.6 updated - shadow-4.8.1-150400.7.28 updated - sles-release-15.4-150400.37.2 updated - system-group-hardware-20170617-150400.21.30 updated - util-linux-2.37.2-150400.3.1 updated - zypper-1.14.50-150400.1.2 updated From sle-updates at lists.suse.com Mon Feb 7 14:17:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Feb 2022 15:17:33 +0100 (CET) Subject: SUSE-RU-2022:0339-1: moderate: Recommended update for google-droid-fonts Message-ID: <20220207141733.0C2E4FEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-droid-fonts ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0339-1 Rating: moderate References: #1190886 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for google-droid-fonts fixes the following issue: - Add sources DroidSansFallback.ttf DroidSansFallbackFull.ttf DroidSansMono.ttf: Merge the latest modification from Android project (bsc#1190886). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-339=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-339=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): google-droid-fonts-20121204-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): google-droid-fonts-20121204-3.3.1 References: https://bugzilla.suse.com/1190886 From sle-updates at lists.suse.com Mon Feb 7 17:17:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Feb 2022 18:17:57 +0100 (CET) Subject: SUSE-RU-2022:0340-1: moderate: Security update for the Linux Kernel Message-ID: <20220207171757.3B3EEFEB4@maintenance.suse.de> SUSE Recommended Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0340-1 Rating: moderate References: #1195142 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various a regression bugfix. The following non-security bugs were fixed: - drm/radeon: fix error handling in radeon_driver_open_kms that could lead to non-booting systems with Radeon cards (bsc#1195142). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-340=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-340=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-340=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-340=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-340=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-340=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-340=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.46.1 kernel-default-debugsource-5.3.18-150300.59.46.1 kernel-default-extra-5.3.18-150300.59.46.1 kernel-default-extra-debuginfo-5.3.18-150300.59.46.1 kernel-preempt-debuginfo-5.3.18-150300.59.46.1 kernel-preempt-debugsource-5.3.18-150300.59.46.1 kernel-preempt-extra-5.3.18-150300.59.46.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.46.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.46.1 kernel-default-debugsource-5.3.18-150300.59.46.1 kernel-default-livepatch-5.3.18-150300.59.46.1 kernel-default-livepatch-devel-5.3.18-150300.59.46.1 kernel-livepatch-5_3_18-150300_59_46-default-1-150300.7.3.1 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-1-150300.7.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.46.1 kernel-default-debugsource-5.3.18-150300.59.46.1 reiserfs-kmp-default-5.3.18-150300.59.46.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.46.1 kernel-obs-build-debugsource-5.3.18-150300.59.46.1 kernel-syms-5.3.18-150300.59.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.46.1 kernel-preempt-debugsource-5.3.18-150300.59.46.1 kernel-preempt-devel-5.3.18-150300.59.46.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.46.1 kernel-source-5.3.18-150300.59.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.46.1 kernel-default-base-5.3.18-150300.59.46.1.150300.18.29.1 kernel-default-debuginfo-5.3.18-150300.59.46.1 kernel-default-debugsource-5.3.18-150300.59.46.1 kernel-default-devel-5.3.18-150300.59.46.1 kernel-default-devel-debuginfo-5.3.18-150300.59.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.46.1 kernel-preempt-debuginfo-5.3.18-150300.59.46.1 kernel-preempt-debugsource-5.3.18-150300.59.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.46.1 kernel-64kb-debuginfo-5.3.18-150300.59.46.1 kernel-64kb-debugsource-5.3.18-150300.59.46.1 kernel-64kb-devel-5.3.18-150300.59.46.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.46.1 kernel-macros-5.3.18-150300.59.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.46.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.46.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.46.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.46.1 kernel-default-base-5.3.18-150300.59.46.1.150300.18.29.1 kernel-default-debuginfo-5.3.18-150300.59.46.1 kernel-default-debugsource-5.3.18-150300.59.46.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.46.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.46.1 dlm-kmp-default-5.3.18-150300.59.46.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.46.1 gfs2-kmp-default-5.3.18-150300.59.46.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.46.1 kernel-default-debuginfo-5.3.18-150300.59.46.1 kernel-default-debugsource-5.3.18-150300.59.46.1 ocfs2-kmp-default-5.3.18-150300.59.46.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.46.1 References: https://bugzilla.suse.com/1195142 From sle-updates at lists.suse.com Mon Feb 7 17:18:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Feb 2022 18:18:33 +0100 (CET) Subject: SUSE-SU-2022:0342-1: important: Security update for xen Message-ID: <20220207171833.60C90FEB4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0342-1 Rating: important References: #1194581 #1194588 Cross-References: CVE-2022-23034 CVE-2022-23035 CVSS scores: CVE-2022-23034 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23034 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23035 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23035 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-342=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_20-43.85.1 xen-debugsource-4.7.6_20-43.85.1 xen-doc-html-4.7.6_20-43.85.1 xen-libs-32bit-4.7.6_20-43.85.1 xen-libs-4.7.6_20-43.85.1 xen-libs-debuginfo-32bit-4.7.6_20-43.85.1 xen-libs-debuginfo-4.7.6_20-43.85.1 xen-tools-4.7.6_20-43.85.1 xen-tools-debuginfo-4.7.6_20-43.85.1 xen-tools-domU-4.7.6_20-43.85.1 xen-tools-domU-debuginfo-4.7.6_20-43.85.1 References: https://www.suse.com/security/cve/CVE-2022-23034.html https://www.suse.com/security/cve/CVE-2022-23035.html https://bugzilla.suse.com/1194581 https://bugzilla.suse.com/1194588 From sle-updates at lists.suse.com Mon Feb 7 17:19:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Feb 2022 18:19:36 +0100 (CET) Subject: SUSE-RU-2022:0343-1: moderate: Recommended update for systemd Message-ID: <20220207171936.7FB51FEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0343-1 Rating: moderate References: #1193086 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-343=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-343=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.36.1 libsystemd0-debuginfo-246.16-150300.7.36.1 libudev-devel-246.16-150300.7.36.1 libudev1-246.16-150300.7.36.1 libudev1-debuginfo-246.16-150300.7.36.1 systemd-246.16-150300.7.36.1 systemd-container-246.16-150300.7.36.1 systemd-container-debuginfo-246.16-150300.7.36.1 systemd-coredump-246.16-150300.7.36.1 systemd-coredump-debuginfo-246.16-150300.7.36.1 systemd-debuginfo-246.16-150300.7.36.1 systemd-debugsource-246.16-150300.7.36.1 systemd-devel-246.16-150300.7.36.1 systemd-doc-246.16-150300.7.36.1 systemd-journal-remote-246.16-150300.7.36.1 systemd-journal-remote-debuginfo-246.16-150300.7.36.1 systemd-sysvinit-246.16-150300.7.36.1 udev-246.16-150300.7.36.1 udev-debuginfo-246.16-150300.7.36.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-lang-246.16-150300.7.36.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libsystemd0-32bit-246.16-150300.7.36.1 libsystemd0-32bit-debuginfo-246.16-150300.7.36.1 libudev1-32bit-246.16-150300.7.36.1 libudev1-32bit-debuginfo-246.16-150300.7.36.1 systemd-32bit-246.16-150300.7.36.1 systemd-32bit-debuginfo-246.16-150300.7.36.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsystemd0-246.16-150300.7.36.1 libsystemd0-debuginfo-246.16-150300.7.36.1 libudev1-246.16-150300.7.36.1 libudev1-debuginfo-246.16-150300.7.36.1 systemd-246.16-150300.7.36.1 systemd-container-246.16-150300.7.36.1 systemd-container-debuginfo-246.16-150300.7.36.1 systemd-debuginfo-246.16-150300.7.36.1 systemd-debugsource-246.16-150300.7.36.1 systemd-journal-remote-246.16-150300.7.36.1 systemd-journal-remote-debuginfo-246.16-150300.7.36.1 systemd-sysvinit-246.16-150300.7.36.1 udev-246.16-150300.7.36.1 udev-debuginfo-246.16-150300.7.36.1 References: https://bugzilla.suse.com/1193086 From sle-updates at lists.suse.com Tue Feb 8 07:57:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Feb 2022 08:57:51 +0100 (CET) Subject: SUSE-CU-2022:116-1: Security update of suse/sles12sp5 Message-ID: <20220208075751.90D33FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:116-1 Container Tags : suse/sles12sp5:6.5.290 , suse/sles12sp5:latest Container Release : 6.5.290 Severity : critical Type : security References : 1089938 1139519 1158916 1180064 1182058 1191227 1192684 1193533 1193690 1194859 1195048 CVE-2020-29361 CVE-2021-20316 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:323-1 Released: Thu Feb 3 16:53:34 2022 Summary: Security update for samba Type: security Severity: critical References: 1089938,1139519,1158916,1180064,1182058,1191227,1192684,1193533,1193690,1194859,1195048,CVE-2020-29361,CVE-2021-20316,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 This update contains a major security update for Samba. samba has received security fixes: - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services (bsc#1195048); samba was updated to version 4.15.4; (jsc#SLE-23330); + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bso#13979); (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bso#14842); (bsc#1191227); - Build samba with embedded talloc, pytalloc, pytalloc-util, tdb, pytdb, tevent, pytevent, ldb, pyldb and pyldb-util libraries. The tdb and ldb tools are installed in /usr/lib[64]/samba/bin and their manpages in /usr/lib[64]/samba/man This avoids removing old functionality. samba was updated to 4.15.4: * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba sssd was updated: - Build with the newer samba versions; (jsc#SLE-23330); - Fix a dependency loop by moving internal libraries to sssd-common package; (bsc#1182058); p11-kit was updated: Update to 0.23.2; (jsc#SLE-23330); * Fix forking issues with libffi * Fix various crashes in corner cases * Updated translations * Build fixes - Fix multiple integer overflows in rpc code (bsc#1180064 CVE-2020-29361): - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993) ca-certificates was updated: - p11-kit 0.23.1 supports pem-directory-hash. (jsc#SLE-23330) This update also ships: - libnettle 3.1 and gnutls 3.4.17 as parallel libraries to meet the requires of the newer samba. apparmor was updated: - Update samba apparmor profiles for samba 4.15 (jsc#SLE-23330); yast2-samba-client was updated: - With latest versions of samba (>=4.15.0) calling 'net ads lookup' with '-U%' fails; (boo#1193533). - yast-samba-client fails to join if /etc/samba/smb.conf or /etc/krb5.conf don't exist; (bsc#1089938) - Do not stop nmbd while nmbstatus is running, it is not necessary anymore; (bsc#1158916); The following package changes have been done: - ca-certificates-1_201403302107-15.3.3 updated - libp11-kit0-0.23.2-8.3.2 updated - p11-kit-tools-0.23.2-8.3.2 updated - p11-kit-0.23.2-8.3.2 updated From sle-updates at lists.suse.com Tue Feb 8 08:07:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Feb 2022 09:07:03 +0100 (CET) Subject: SUSE-CU-2022:117-1: Security update of suse/sle15 Message-ID: <20220208080703.CFA6AFDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:117-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.150300.17.8.72 Container Release : 150300.17.8.72 Severity : important Type : security References : 1189152 1194640 1194768 1194770 1194785 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). The following package changes have been done: - coreutils-8.32-150300.3.5.1 updated - glibc-2.31-150300.9.12.1 updated From sle-updates at lists.suse.com Tue Feb 8 08:07:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Feb 2022 09:07:12 +0100 (CET) Subject: SUSE-CU-2022:118-1: Recommended update of suse/sle15 Message-ID: <20220208080712.501D5FDD1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:118-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.150300.17.8.73 Container Release : 150300.17.8.73 Severity : moderate Type : recommended References : 1193086 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). The following package changes have been done: - libsystemd0-246.16-150300.7.36.1 updated - libudev1-246.16-150300.7.36.1 updated From sle-updates at lists.suse.com Tue Feb 8 08:17:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Feb 2022 09:17:28 +0100 (CET) Subject: SUSE-RU-2022:0345-1: moderate: Recommended update for wicked Message-ID: <20220208081728.5DCD6FDD1@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0345-1 Rating: moderate References: #1029961 #1057592 #1156920 #1160654 #1177215 #1178357 #1181163 #1181186 #1181812 #1182227 #1183407 #1183495 #1188019 #1189560 #1192164 #1192311 #1192353 #1194392 #954329 SLE-9750 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has 19 recommended fixes and contains one feature can now be installed. Description: This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 (bsc#1183407,jsc#SLE-9750) - Prepare RPM packaging for merging of /bin and /usr/bin directories, however this merge does not affect SUSE Linux Enterprise 15 (bsc#1029961) - Parse sysctl files in the correct order (bsc#1181186) - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as "up" when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Cleanup and improve ifconfig and ifpolicy access utilities - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Using wicked without nanny is no longer supported and use-nanny=false configuration option was removed - Add `ethtool --get-permanent-address` option in the client - Fix `ifup` to refresh link state of network interface after being unenslaved from an unconfigured master (bsc#954329) - Prevent re-trigger Duplicate Address Detection on address updates when is not needed (bsc#1177215) - Fix Network Information Service configuration (bsc#1181812) - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-345=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-345=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-345=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-345=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-345=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-345=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): wicked-0.6.68-3.24.1 wicked-debuginfo-0.6.68-3.24.1 wicked-debugsource-0.6.68-3.24.1 wicked-service-0.6.68-3.24.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): wicked-0.6.68-3.24.1 wicked-debuginfo-0.6.68-3.24.1 wicked-debugsource-0.6.68-3.24.1 wicked-service-0.6.68-3.24.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): wicked-0.6.68-3.24.1 wicked-debuginfo-0.6.68-3.24.1 wicked-debugsource-0.6.68-3.24.1 wicked-service-0.6.68-3.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): wicked-0.6.68-3.24.1 wicked-debuginfo-0.6.68-3.24.1 wicked-debugsource-0.6.68-3.24.1 wicked-service-0.6.68-3.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): wicked-0.6.68-3.24.1 wicked-debuginfo-0.6.68-3.24.1 wicked-debugsource-0.6.68-3.24.1 wicked-service-0.6.68-3.24.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): wicked-0.6.68-3.24.1 wicked-debuginfo-0.6.68-3.24.1 wicked-debugsource-0.6.68-3.24.1 wicked-service-0.6.68-3.24.1 - SUSE CaaS Platform 4.0 (x86_64): wicked-0.6.68-3.24.1 wicked-debuginfo-0.6.68-3.24.1 wicked-debugsource-0.6.68-3.24.1 wicked-service-0.6.68-3.24.1 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1057592 https://bugzilla.suse.com/1156920 https://bugzilla.suse.com/1160654 https://bugzilla.suse.com/1177215 https://bugzilla.suse.com/1178357 https://bugzilla.suse.com/1181163 https://bugzilla.suse.com/1181186 https://bugzilla.suse.com/1181812 https://bugzilla.suse.com/1182227 https://bugzilla.suse.com/1183407 https://bugzilla.suse.com/1183495 https://bugzilla.suse.com/1188019 https://bugzilla.suse.com/1189560 https://bugzilla.suse.com/1192164 https://bugzilla.suse.com/1192311 https://bugzilla.suse.com/1192353 https://bugzilla.suse.com/1194392 https://bugzilla.suse.com/954329 From sle-updates at lists.suse.com Tue Feb 8 17:17:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Feb 2022 18:17:58 +0100 (CET) Subject: SUSE-RU-2022:0348-1: important: Recommended update for libzypp Message-ID: <20220208171758.CF4DAF368@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0348-1 Rating: important References: #1193007 #1193488 #1194597 #1194898 #954813 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-348=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-348=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-348=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-348=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-348=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-348=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-348=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-348=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-348=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-348=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-348=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-348=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-348=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-348=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libzypp-17.29.3-27.1 libzypp-debuginfo-17.29.3-27.1 libzypp-debugsource-17.29.3-27.1 libzypp-devel-17.29.3-27.1 zypper-1.14.51-24.1 zypper-debuginfo-1.14.51-24.1 zypper-debugsource-1.14.51-24.1 - SUSE Manager Server 4.1 (noarch): zypper-log-1.14.51-24.1 zypper-needs-restarting-1.14.51-24.1 - SUSE Manager Retail Branch Server 4.1 (noarch): zypper-log-1.14.51-24.1 zypper-needs-restarting-1.14.51-24.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libzypp-17.29.3-27.1 libzypp-debuginfo-17.29.3-27.1 libzypp-debugsource-17.29.3-27.1 libzypp-devel-17.29.3-27.1 zypper-1.14.51-24.1 zypper-debuginfo-1.14.51-24.1 zypper-debugsource-1.14.51-24.1 - SUSE Manager Proxy 4.1 (x86_64): libzypp-17.29.3-27.1 libzypp-debuginfo-17.29.3-27.1 libzypp-debugsource-17.29.3-27.1 libzypp-devel-17.29.3-27.1 zypper-1.14.51-24.1 zypper-debuginfo-1.14.51-24.1 zypper-debugsource-1.14.51-24.1 - SUSE Manager Proxy 4.1 (noarch): zypper-log-1.14.51-24.1 zypper-needs-restarting-1.14.51-24.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libzypp-17.29.3-27.1 libzypp-debuginfo-17.29.3-27.1 libzypp-debugsource-17.29.3-27.1 libzypp-devel-17.29.3-27.1 zypper-1.14.51-24.1 zypper-debuginfo-1.14.51-24.1 zypper-debugsource-1.14.51-24.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): zypper-log-1.14.51-24.1 zypper-needs-restarting-1.14.51-24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libzypp-17.29.3-27.1 libzypp-debuginfo-17.29.3-27.1 libzypp-debugsource-17.29.3-27.1 libzypp-devel-17.29.3-27.1 zypper-1.14.51-24.1 zypper-debuginfo-1.14.51-24.1 zypper-debugsource-1.14.51-24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): zypper-log-1.14.51-24.1 zypper-needs-restarting-1.14.51-24.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): zypper-log-1.14.51-24.1 zypper-needs-restarting-1.14.51-24.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libzypp-17.29.3-27.1 libzypp-debuginfo-17.29.3-27.1 libzypp-debugsource-17.29.3-27.1 libzypp-devel-17.29.3-27.1 zypper-1.14.51-24.1 zypper-debuginfo-1.14.51-24.1 zypper-debugsource-1.14.51-24.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libzypp-17.29.3-27.1 libzypp-debuginfo-17.29.3-27.1 libzypp-debugsource-17.29.3-27.1 libzypp-devel-17.29.3-27.1 zypper-1.14.51-24.1 zypper-debuginfo-1.14.51-24.1 zypper-debugsource-1.14.51-24.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): zypper-log-1.14.51-24.1 zypper-needs-restarting-1.14.51-24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libzypp-17.29.3-27.1 libzypp-debuginfo-17.29.3-27.1 libzypp-debugsource-17.29.3-27.1 libzypp-devel-17.29.3-27.1 zypper-1.14.51-24.1 zypper-debuginfo-1.14.51-24.1 zypper-debugsource-1.14.51-24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): zypper-log-1.14.51-24.1 zypper-needs-restarting-1.14.51-24.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libzypp-17.29.3-27.1 libzypp-debuginfo-17.29.3-27.1 libzypp-debugsource-17.29.3-27.1 zypper-1.14.51-24.1 zypper-debuginfo-1.14.51-24.1 zypper-debugsource-1.14.51-24.1 - SUSE Linux Enterprise Micro 5.1 (noarch): zypper-needs-restarting-1.14.51-24.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libzypp-17.29.3-27.1 libzypp-debuginfo-17.29.3-27.1 libzypp-debugsource-17.29.3-27.1 zypper-1.14.51-24.1 zypper-debuginfo-1.14.51-24.1 zypper-debugsource-1.14.51-24.1 - SUSE Linux Enterprise Micro 5.0 (noarch): zypper-needs-restarting-1.14.51-24.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libzypp-17.29.3-27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libzypp-17.29.3-27.1 libzypp-debuginfo-17.29.3-27.1 libzypp-debugsource-17.29.3-27.1 libzypp-devel-17.29.3-27.1 zypper-1.14.51-24.1 zypper-debuginfo-1.14.51-24.1 zypper-debugsource-1.14.51-24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): zypper-log-1.14.51-24.1 zypper-needs-restarting-1.14.51-24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libzypp-17.29.3-27.1 libzypp-debuginfo-17.29.3-27.1 libzypp-debugsource-17.29.3-27.1 libzypp-devel-17.29.3-27.1 zypper-1.14.51-24.1 zypper-debuginfo-1.14.51-24.1 zypper-debugsource-1.14.51-24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): zypper-log-1.14.51-24.1 zypper-needs-restarting-1.14.51-24.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libzypp-17.29.3-27.1 libzypp-debuginfo-17.29.3-27.1 libzypp-debugsource-17.29.3-27.1 libzypp-devel-17.29.3-27.1 zypper-1.14.51-24.1 zypper-debuginfo-1.14.51-24.1 zypper-debugsource-1.14.51-24.1 - SUSE Enterprise Storage 7 (noarch): zypper-log-1.14.51-24.1 zypper-needs-restarting-1.14.51-24.1 References: https://bugzilla.suse.com/1193007 https://bugzilla.suse.com/1193488 https://bugzilla.suse.com/1194597 https://bugzilla.suse.com/1194898 https://bugzilla.suse.com/954813 From sle-updates at lists.suse.com Tue Feb 8 17:19:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Feb 2022 18:19:41 +0100 (CET) Subject: SUSE-RU-2022:0347-1: important: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Message-ID: <20220208171941.C712AF368@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0347-1 Rating: important References: #1102408 #1192652 #1192653 #1193257 #1193258 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes: Changes in google-guest-agent: - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * dont duplicate logs (#146) * Add WantedBy network dependencies to google-guest-agent service (#136) * dont try dhcpv6 when not needed (#145) * Integration tests: instance setup (#143) * Integration test: test create and remove google user (#128) * handle comm errors in script runner (#140) * enforce script ordering (#138) * enable ipv6 on secondary interfaces (#133) - from version 20211103.00 * Integration tests: instance setup (#143) - from version 20211027.00 * Integration test: test create and remove google user (#128) - Update to version 20211019.00 * handle comm errors in script runner (#140) - from version 20211015.00 * enforce script ordering (#138) - from version 20211014.00 * enable ipv6 on secondary interfaces (#133) - from version 20211013.00 * dont open ssh tempfile exclusively (#137) - from version 20211011.00 * correct linux startup script order (#135) * Emit sshable attribute (#123) - from version 20210908.1 * restore line (#127) - from version 20210908.00 * New integ test (#124) - from version 20210901.00 * support enable-oslogin-sk key (#120) * match script logging to guest agent (#125) - from version 20210804.00 * Debug logging (#122) - Refresh patches for new version * dont_overwrite_ifcfg.patch - Build with go1.15 for reproducible build results (bsc#1102408) - Update to version 20210707.00 * Use IP address for calling the metadata server. (#116) - from version 20210629.00 * use IP for MDS (#115) - Update to version 20210603.00 * systemd-notify in agentInit (#113) * dont check status (#112) - from version 20210524.00 * more granular service restarts (#111) - from version 20210414.00 * (no functional changes) Changes in google-guest-configs: - Add missing pkg-config dependency to BuildRequires for SLE-12 - Install modprobe configuration files into /etc again on SLE-15-SP2 and older since that's stil the default location on these distributions - Probe udev directory using the "udevdir" pkg-config variable on SLE-15-SP2 and older since the variable got renamed to "udev_dir" in later versions - Remove redundant pkgconfig(udev) from BuildRequires for SLE-12 - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * GCE supports up to 24 NVMe local SSDs, but the regex in the PROGRAM field only looks for the last digit of the given string causing issues when there are >= 10 local SSDs. Changed REGEX to get the last number of the string instead to support the up to 24 local SSDs. (#30) * chmod+x google_nvme_id on EL (#31) - Fix duplicate installation of google_optimize_local_ssd and google_set_multiqueue - Install google_nvme_id into /usr/lib/udev (bsc#1192652, bsc#1192653) - Update to version 20210916.00 * Revert "dont set IP in etc/hosts; remove rsyslog (#26)" (#28) - from version 20210831.00 * restore rsyslog (#27) - from version 20210830.00 * Fix NVMe partition names (#25) - from version 20210824.00 * dont set IP in etc/hosts; remove rsyslog (#26) * update OWNERS - Use %_modprobedir for modprobe.d files (out of /etc) - Use %_sysctldir for sysctl.d files (out of /etc) - Update to version 20210702.00 * use grep for hostname check (#23) - from version 20210629.00 * address set_hostname vuln (#22) - from version 20210324.00 * dracut.conf wants spaces around values (#19) Changes in google-guest-oslogin: - Update to version 20211013.00 (bsc#1193257, bsc#1193258) * remove deprecated binary (#79) - from version 20211001.00 * no message if no groups (#78) - from version 20210907.00 * use sigaction for signals (#76) - from version 20210906.00 * include cstdlib for exit (#75) * catch SIGPIPE in authorized_keys (#73) - from version 20210805.00 * fix double free in ParseJsonToKey (#70) - from version 20210804.00 * fix packaging for authorized_keys_sk (#68) * add authorized_keys_sk (#66) - Add google_authorized_keys_sk to %files section - Remove google_oslogin_control from %files section Changes in google-osconfig-agent: - Update to version 20211117.00 (bsc#1193257, bsc#1193258) * Add retry logic for RegisterAgent (#404) - from version 20211111.01 * e2e_test: drop ubuntu 1604 image as its EOL (#403) - from version 20211111.00 * e2e_test: move to V1 api for OSPolicies (#397) - from version 20211102.00 * Fix context logging and fix label names (#400) - from version 20211028.00 * Add cloudops example for gcloud (#399) - Update to version 20211021.00 * Added patch report logging for Zypper. (#395) - from version 20211012.00 * Replace deprecated instance filters with the new filters (#394) - from version 20211006.00 * Added patch report log messages for Yum and Apt (#392) - from version 20210930.00 * Config: Add package info caching (#391) - from version 20210928.00 * Fixed the runWithPty function to set ctty to child's filedesc (#389) - from version 20210927.00 * e2e_tests: fix a test output mismatch (#390) - from version 20210924.00 * Fix some e2e test failures (#388) - from version 20210923.02 * Correctly check for folder existance in package upgrade (#387) - from version 20210923.01 * ReportInventory: Fix bug in deb/rpm inventory, reduce calls to append (#386) - from version 20210923.00 * Deprecate old config directory in favor of new cache directory (#385) - from version 20210922.02 * Fix rpm/deb package formating for inventory reporting (#384) - from version 20210922.01 * Add centos stream rocky linux and available package tests (#383) - from version 20210922.00 * Add more info logs, actually cleanup unmanaged repos (#382) - from version 20210901.00 * Add E2E tests for Windows Application (#379) * Return lower-case package name (#377) * Update Terraform scripts for multi-project deployments tutorial. (#378) - from version 20210811.00 * Support Windows Application Inventory (#371) - from version 20210723.00 * Send basic inventory with RegisterAgent (#373) - from version 20210722.1 * e2e_tests: move to manually generated osconfig library (#372) - from version 20210722.00 * Create OWNERS file for examples directory (#368) - from version 20210719.00 * Update Zypper patch info parsing (#370) - Build with go1.15 for reproducible build results (bsc#1102408) - Update to version 20210712.1 * Skip getting patch info when no patches are found. (#369) - from version 20210712.00 * Add Terraform scripts for multi-project deployments (#367) - from version 20210709.00 * Add examples/Terraform directory. (#366) - from version 20210707.00 * Fix bug in printing packages to update, return error for zypper patch (#365) - from version 20210629.00 * Add CloudOps examples for CentOS (#364) - Update to version 20210621.00 * chore: Fixing a comment. (#363) - from version 20210617.00 * Use exec.CommandContext so that canceling the context also kills any running processes (#362) - from version 20210608.1 * e2e_tests: point to official osconfig client library (#359) - from version 20210608.00 * e2e_tests: deflake tests (#358) - from version 20210607.00 * Fix build on some architectures (#357) - from version 20210603.00 * Create win-validation-powershell.yaml (#356) - from version 20210602.00 * Agent efficiency improvements/bugfixes/logging updates (#355) * e2e_tests: add tests for ExecResource output (#354) - from version 20210525.00 * Run fieldalignment on all structs (#353) - from version 20210521.00 * Config Task: add error message and ExecResource output recording (#350) * e2e_tests: remove Windows server 1909 and add server 20h2 (#352) * Added a method for logging structured data (#349) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-347=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-guest-agent-20211116.00-1.23.1 google-guest-oslogin-20211013.00-1.23.1 google-guest-oslogin-debuginfo-20211013.00-1.23.1 google-guest-oslogin-debugsource-20211013.00-1.23.1 google-osconfig-agent-20211117.00-1.14.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-guest-configs-20211116.00-1.14.1 References: https://bugzilla.suse.com/1102408 https://bugzilla.suse.com/1192652 https://bugzilla.suse.com/1192653 https://bugzilla.suse.com/1193257 https://bugzilla.suse.com/1193258 From sle-updates at lists.suse.com Tue Feb 8 17:20:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Feb 2022 18:20:36 +0100 (CET) Subject: SUSE-RU-2022:0346-1: moderate: Recommended update for wicked Message-ID: <20220208172036.1FDFEF368@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0346-1 Rating: moderate References: #1029961 #1057592 #1156920 #1160654 #1177215 #1178357 #1181163 #1181186 #1181812 #1182227 #1183407 #1183495 #1188019 #1189560 #1192164 #1192311 #1192353 #1194392 #954329 SLE-9750 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has 19 recommended fixes and contains one feature can now be installed. Description: This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 (bsc#1183407,jsc#SLE-9750) - Prepare RPM packaging for merging of /bin and /usr/bin directories, however this merge does not affect SUSE Linux Enterprise 15 (bsc#1029961) - Parse sysctl files in the correct order (bsc#1181186) - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as "up" when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Cleanup and improve ifconfig and ifpolicy access utilities - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Using wicked without nanny is no longer supported and use-nanny=false configuration option was removed - Add `ethtool --get-permanent-address` option in the client - Fix `ifup` to refresh link state of network interface after being unenslaved from an unconfigured master (bsc#954329) - Prevent re-trigger Duplicate Address Detection on address updates when is not needed (bsc#1177215) - Fix Network Information Service configuration (bsc#1181812) - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-346=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-346=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-346=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-346=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-346=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-346=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-346=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-346=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-346=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-346=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): wicked-0.6.68-3.8.1 wicked-debuginfo-0.6.68-3.8.1 wicked-debugsource-0.6.68-3.8.1 wicked-service-0.6.68-3.8.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): wicked-0.6.68-3.8.1 wicked-debuginfo-0.6.68-3.8.1 wicked-debugsource-0.6.68-3.8.1 wicked-service-0.6.68-3.8.1 - SUSE Manager Proxy 4.1 (x86_64): wicked-0.6.68-3.8.1 wicked-debuginfo-0.6.68-3.8.1 wicked-debugsource-0.6.68-3.8.1 wicked-service-0.6.68-3.8.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): wicked-0.6.68-3.8.1 wicked-debuginfo-0.6.68-3.8.1 wicked-debugsource-0.6.68-3.8.1 wicked-service-0.6.68-3.8.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): wicked-0.6.68-3.8.1 wicked-debuginfo-0.6.68-3.8.1 wicked-debugsource-0.6.68-3.8.1 wicked-service-0.6.68-3.8.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): wicked-0.6.68-3.8.1 wicked-debuginfo-0.6.68-3.8.1 wicked-debugsource-0.6.68-3.8.1 wicked-service-0.6.68-3.8.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): wicked-0.6.68-3.8.1 wicked-debuginfo-0.6.68-3.8.1 wicked-debugsource-0.6.68-3.8.1 wicked-service-0.6.68-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): wicked-0.6.68-3.8.1 wicked-debuginfo-0.6.68-3.8.1 wicked-debugsource-0.6.68-3.8.1 wicked-service-0.6.68-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): wicked-0.6.68-3.8.1 wicked-debuginfo-0.6.68-3.8.1 wicked-debugsource-0.6.68-3.8.1 wicked-service-0.6.68-3.8.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): wicked-0.6.68-3.8.1 wicked-debuginfo-0.6.68-3.8.1 wicked-debugsource-0.6.68-3.8.1 wicked-service-0.6.68-3.8.1 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1057592 https://bugzilla.suse.com/1156920 https://bugzilla.suse.com/1160654 https://bugzilla.suse.com/1177215 https://bugzilla.suse.com/1178357 https://bugzilla.suse.com/1181163 https://bugzilla.suse.com/1181186 https://bugzilla.suse.com/1181812 https://bugzilla.suse.com/1182227 https://bugzilla.suse.com/1183407 https://bugzilla.suse.com/1183495 https://bugzilla.suse.com/1188019 https://bugzilla.suse.com/1189560 https://bugzilla.suse.com/1192164 https://bugzilla.suse.com/1192311 https://bugzilla.suse.com/1192353 https://bugzilla.suse.com/1194392 https://bugzilla.suse.com/954329 From sle-updates at lists.suse.com Tue Feb 8 20:18:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Feb 2022 21:18:35 +0100 (CET) Subject: SUSE-RU-2022:0350-1: moderate: Recommended update for release-notes-sles-for-sap Message-ID: <20220208201835.9C333F368@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0350-1 Rating: moderate References: #933411 SLE-22808 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: - 15.3.20220202 (tracked in bsc#933411) - Add Trento disclaimer (jsc#SLE-SLE-22808) - Change support length to 3.5 years Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-350=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): release-notes-sles-for-sap-15.3.20220202-150300.3.12.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Feb 8 20:19:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Feb 2022 21:19:04 +0100 (CET) Subject: SUSE-RU-2022:0352-1: moderate: Recommended update for release-notes-ha Message-ID: <20220208201904.BA2C5F368@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ha ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0352-1 Rating: moderate References: #1187664 #1188305 #933411 SLE-22898 TEAM-62 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has three recommended fixes and contains two features can now be installed. Description: This update for release-notes-ha fixes the following issues: - 15.3.20220202 (tracked in bsc#933411) - Added note about pingd deprecation (jsc#DOCTEAM-62) - Added note about python-cluster-preflight-check deprecation (jsc#SLE-22898) - Removed mention of SES (bsc#1188305) - Updated links (bsc#1187664) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-352=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (noarch): release-notes-ha-15.3.20220202-150300.3.3.1 References: https://bugzilla.suse.com/1187664 https://bugzilla.suse.com/1188305 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Feb 8 20:19:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Feb 2022 21:19:47 +0100 (CET) Subject: SUSE-RU-2022:0349-1: moderate: Recommended update for release-notes-sles-for-sap Message-ID: <20220208201947.1BFADF368@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0349-1 Rating: moderate References: #1188003 #933411 SLE-22809 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: - 15.2.20220202 (tracked in bsc#933411) - Added Trento disclaimer (jsc#SLE-22809) - Updated support length to 3.5 years (bsc#1188003) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-349=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): release-notes-sles-for-sap-15.2.20220202-3.10.1 References: https://bugzilla.suse.com/1188003 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Feb 8 20:20:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Feb 2022 21:20:23 +0100 (CET) Subject: SUSE-RU-2022:0353-1: moderate: Recommended update for systemd-rpm-macros Message-ID: <20220208202023.7586FF368@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0353-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for systemd-rpm-macros fixes the following issues: - Bump version to 10 - %sysusers_create_inline was wrongly marked as deprecated - %sysusers_create can be useful in certain cases and won't go away until we'll move to file triggers. So don't mark it as deprecated too Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-353=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-353=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): systemd-rpm-macros-10-7.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-rpm-macros-10-7.24.1 References: From sle-updates at lists.suse.com Tue Feb 8 20:20:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Feb 2022 21:20:48 +0100 (CET) Subject: SUSE-RU-2022:0351-1: moderate: Recommended update for release-notes-sles-for-sap Message-ID: <20220208202048.BC884F368@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0351-1 Rating: moderate References: #1150672 #1188003 #933411 SLE-22810 SLE-4044 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes and contains two features can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: Set to unmaintained - 15.1.20220202 (tracked in bsc#933411) - Added Trento disclaimer (jsc#SLE-22810) - Updated lifecycle length to 3.5 years (bsc#1188003) - Added note about HANA-SR unattended (jsc#SLE-4044) - Updated URL for source code download (bsc#1150672) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-351=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): release-notes-sles-for-sap-15.1.20220202-6.7.1 References: https://bugzilla.suse.com/1150672 https://bugzilla.suse.com/1188003 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Wed Feb 9 08:03:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Feb 2022 09:03:35 +0100 (CET) Subject: SUSE-CU-2022:119-1: Recommended update of suse/sle15 Message-ID: <20220209080335.18028F355@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:119-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.86 Container Release : 9.5.86 Severity : important Type : recommended References : 1193007 1193488 1194597 1194898 954813 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData The following package changes have been done: - libzypp-17.29.3-27.1 updated - zypper-1.14.51-24.1 updated From sle-updates at lists.suse.com Wed Feb 9 08:04:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Feb 2022 09:04:20 +0100 (CET) Subject: SUSE-CU-2022:120-1: Security update of bci/bci-micro Message-ID: <20220209080420.56CDBF355@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:120-1 Container Tags : bci/bci-micro:15.3 , bci/bci-micro:15.3.150300.7.1 Container Release : 150300.7.1 Severity : important Type : security References : 1189152 1194640 1194768 1194770 1194785 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). The following package changes have been done: - coreutils-8.32-150300.3.5.1 updated - glibc-2.31-150300.9.12.1 updated From sle-updates at lists.suse.com Wed Feb 9 08:14:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Feb 2022 09:14:29 +0100 (CET) Subject: SUSE-CU-2022:122-1: Recommended update of suse/sle15 Message-ID: <20220209081429.B27D2F355@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:122-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.150300.17.8.74 Container Release : 150300.17.8.74 Severity : important Type : recommended References : 1193007 1193488 1194597 1194898 954813 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData The following package changes have been done: - libzypp-17.29.3-27.1 updated - zypper-1.14.51-24.1 updated From sle-updates at lists.suse.com Wed Feb 9 14:18:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Feb 2022 15:18:16 +0100 (CET) Subject: SUSE-SU-2022:0354-1: important: Security update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, storm, storm-kit, venv-openstack-monasca, zookeeper, zookeeper-kit Message-ID: <20220209141816.A60BEF355@maintenance.suse.de> SUSE Security Update: Security update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, storm, storm-kit, venv-openstack-monasca, zookeeper, zookeeper-kit ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0354-1 Rating: important References: #1193662 #1194842 #1194843 #1194844 Cross-References: CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 CVSS scores: CVE-2021-4104 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-23302 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23302 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-23305 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23305 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23307 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, storm, storm-kit, venv-openstack-monasca, zookeeper, zookeeper-kit fixes the following issues: - CVE-2021-4104: Fixed remote code execution through JMS API via the ldap JNDI parser (bsc#1193662). - CVE-2022-23302: Fixed remote code execution in Log4j 1.x when application is configured to use JMSSink (bsc#1194842). - CVE-2022-23305: Fixed SQL injection in Log4j 1.x when application is configured to use JDBCAppender (bsc#1194843). - CVE-2022-23307: Fixed deserialization flaw in the Chainsaw component of Log4j 1 that could lead to malicious code execution (bsc#1194844). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-354=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-354=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): kafka-0.10.2.2-3.5.1 logstash-2.4.1-7.6.1 storm-1.2.3-3.8.1 storm-nimbus-1.2.3-3.8.1 storm-supervisor-1.2.3-3.8.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): elasticsearch-2.4.2-6.6.1 openstack-monasca-agent-2.8.2~dev5-3.18.1 openstack-monasca-persister-java-1.12.1~dev9-15.1 openstack-monasca-thresh-2.1.1-5.6.1 python-monasca-agent-2.8.2~dev5-3.18.1 spark-2.2.3-5.9.2 zookeeper-server-3.4.13-3.12.1 - SUSE OpenStack Cloud 9 (noarch): elasticsearch-2.4.2-6.6.1 openstack-monasca-agent-2.8.2~dev5-3.18.1 openstack-monasca-persister-java-1.12.1~dev9-15.1 openstack-monasca-thresh-2.1.1-5.6.1 python-monasca-agent-2.8.2~dev5-3.18.1 spark-2.2.3-5.9.2 venv-openstack-barbican-x86_64-7.0.1~dev24-3.33.1 venv-openstack-cinder-x86_64-13.0.10~dev23-3.36.1 venv-openstack-designate-x86_64-7.0.2~dev2-3.33.1 venv-openstack-glance-x86_64-17.0.1~dev30-3.31.1 venv-openstack-heat-x86_64-11.0.4~dev4-3.33.1 venv-openstack-horizon-x86_64-14.1.1~dev11-4.37.1 venv-openstack-ironic-x86_64-11.1.5~dev17-4.31.1 venv-openstack-keystone-x86_64-14.2.1~dev7-3.34.1 venv-openstack-magnum-x86_64-7.2.1~dev1-4.33.1 venv-openstack-manila-x86_64-7.4.2~dev60-3.39.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.33.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.35.2 venv-openstack-neutron-x86_64-13.0.8~dev164-6.37.1 venv-openstack-nova-x86_64-18.3.1~dev91-3.37.1 venv-openstack-octavia-x86_64-3.2.3~dev7-4.33.1 venv-openstack-sahara-x86_64-9.0.2~dev15-3.33.1 venv-openstack-swift-x86_64-2.19.2~dev48-2.28.1 zookeeper-server-3.4.13-3.12.1 - SUSE OpenStack Cloud 9 (x86_64): kafka-0.10.2.2-3.5.1 logstash-2.4.1-7.6.1 storm-1.2.3-3.8.1 storm-nimbus-1.2.3-3.8.1 storm-supervisor-1.2.3-3.8.1 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://www.suse.com/security/cve/CVE-2022-23302.html https://www.suse.com/security/cve/CVE-2022-23305.html https://www.suse.com/security/cve/CVE-2022-23307.html https://bugzilla.suse.com/1193662 https://bugzilla.suse.com/1194842 https://bugzilla.suse.com/1194843 https://bugzilla.suse.com/1194844 From sle-updates at lists.suse.com Wed Feb 9 14:19:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Feb 2022 15:19:14 +0100 (CET) Subject: SUSE-SU-2022:0355-1: important: Security update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-log-metrics, openstack-monasca-log-persister, openstack-monasca-log-transformer, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, venv-openstack-monasca, zookeeper, zookeeper-kit Message-ID: <20220209141914.3031EF355@maintenance.suse.de> SUSE Security Update: Security update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-log-metrics, openstack-monasca-log-persister, openstack-monasca-log-transformer, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, venv-openstack-monasca, zookeeper, zookeeper-kit ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0355-1 Rating: important References: #1193662 #1194842 #1194843 #1194844 Cross-References: CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 CVSS scores: CVE-2021-4104 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-23302 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23302 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-23305 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23305 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23307 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-log-metrics, openstack-monasca-log-persister, openstack-monasca-log-transformer, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, venv-openstack-monasca, zookeeper, zookeeper-kit fixes the following issues: - CVE-2021-4104: Fixed remote code execution through JMS API via the ldap JNDI parser (bsc#1193662). - CVE-2022-23302: Fixed remote code execution in Log4j 1.x when application is configured to use JMSSink (bsc#1194842). - CVE-2022-23305: Fixed SQL injection in Log4j 1.x when application is configured to use JDBCAppender (bsc#1194843). - CVE-2022-23307: Fixed deserialization flaw in the Chainsaw component of Log4j 1 that could lead to malicious code execution (bsc#1194844). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-355=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-355=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-355=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): elasticsearch-2.4.2-5.6.1 openstack-monasca-agent-2.2.6~dev4-3.27.1 openstack-monasca-log-metrics-0.0.1-3.3.1 openstack-monasca-log-persister-0.0.1-5.3.1 openstack-monasca-log-transformer-0.0.1-4.3.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.9.1 openstack-monasca-thresh-2.1.1-4.6.1 python-monasca-agent-2.2.6~dev4-3.27.1 spark-1.6.3-8.12.1 zookeeper-server-3.4.10-3.15.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): kafka-0.10.2.2-5.12.1 logstash-2.4.1-5.10.1 storm-1.2.3-3.11.2 storm-nimbus-1.2.3-3.11.2 storm-supervisor-1.2.3-3.11.2 - SUSE OpenStack Cloud 8 (noarch): elasticsearch-2.4.2-5.6.1 openstack-monasca-agent-2.2.6~dev4-3.27.1 openstack-monasca-log-metrics-0.0.1-3.3.1 openstack-monasca-log-persister-0.0.1-5.3.1 openstack-monasca-log-transformer-0.0.1-4.3.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.9.1 openstack-monasca-thresh-2.1.1-4.6.1 python-monasca-agent-2.2.6~dev4-3.27.1 spark-1.6.3-8.12.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.40.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.41.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.38.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.42.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.39.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.36.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.39.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.43.1 venv-openstack-horizon-x86_64-12.0.5~dev6-14.46.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.41.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.43.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.40.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.45.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.36.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.43.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.36.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.46.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.44.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.41.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.40.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.31.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.40.1 zookeeper-server-3.4.10-3.15.1 - SUSE OpenStack Cloud 8 (x86_64): kafka-0.10.2.2-5.12.1 logstash-2.4.1-5.10.1 storm-1.2.3-3.11.2 storm-nimbus-1.2.3-3.11.2 storm-supervisor-1.2.3-3.11.2 - HPE Helion Openstack 8 (noarch): elasticsearch-2.4.2-5.6.1 openstack-monasca-agent-2.2.6~dev4-3.27.1 openstack-monasca-log-metrics-0.0.1-3.3.1 openstack-monasca-log-persister-0.0.1-5.3.1 openstack-monasca-log-transformer-0.0.1-4.3.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.9.1 openstack-monasca-thresh-2.1.1-4.6.1 python-monasca-agent-2.2.6~dev4-3.27.1 spark-1.6.3-8.12.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.40.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.41.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.38.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.42.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.39.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.36.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.39.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.43.1 venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.46.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.41.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.43.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.40.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.45.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.36.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.43.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.36.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.46.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.44.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.41.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.40.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.31.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.40.1 zookeeper-server-3.4.10-3.15.1 - HPE Helion Openstack 8 (x86_64): kafka-0.10.2.2-5.12.1 logstash-2.4.1-5.10.1 storm-1.2.3-3.11.2 storm-nimbus-1.2.3-3.11.2 storm-supervisor-1.2.3-3.11.2 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://www.suse.com/security/cve/CVE-2022-23302.html https://www.suse.com/security/cve/CVE-2022-23305.html https://www.suse.com/security/cve/CVE-2022-23307.html https://bugzilla.suse.com/1193662 https://bugzilla.suse.com/1194842 https://bugzilla.suse.com/1194843 https://bugzilla.suse.com/1194844 From sle-updates at lists.suse.com Wed Feb 9 17:20:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Feb 2022 18:20:03 +0100 (CET) Subject: SUSE-RU-2022:0357-1: important: Recommended update for installation-images Message-ID: <20220209172003.CE3EBF355@maintenance.suse.de> SUSE Recommended Update: Recommended update for installation-images ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0357-1 Rating: important References: #1195627 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for installation-images contains the following fix: - Merge upstream fix to adjust to recent samba re-packaging that breaks installation-images containing it. (bsc#1195627) - Update version to 16.56.14 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-357=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): tftpboot-installation-SLE-15-SP3-aarch64-16.56.14-150300.3.12.1 tftpboot-installation-SLE-15-SP3-ppc64le-16.56.14-150300.3.12.1 tftpboot-installation-SLE-15-SP3-s390x-16.56.14-150300.3.12.1 tftpboot-installation-SLE-15-SP3-x86_64-16.56.14-150300.3.12.1 References: https://bugzilla.suse.com/1195627 From sle-updates at lists.suse.com Wed Feb 9 20:19:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Feb 2022 21:19:34 +0100 (CET) Subject: SUSE-SU-2022:0358-1: important: Security update for clamav Message-ID: <20220209201934.5ACD1F355@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0358-1 Rating: important References: #1194731 Cross-References: CVE-2022-20698 CVSS scores: CVE-2022-20698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-358=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-358=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-358=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-358=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-358=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-358=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-358=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-358=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-358=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-358=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-358=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): clamav-0.103.5-33.44.1 clamav-debuginfo-0.103.5-33.44.1 clamav-debugsource-0.103.5-33.44.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): clamav-0.103.5-33.44.1 clamav-debuginfo-0.103.5-33.44.1 clamav-debugsource-0.103.5-33.44.1 - SUSE OpenStack Cloud 9 (x86_64): clamav-0.103.5-33.44.1 clamav-debuginfo-0.103.5-33.44.1 clamav-debugsource-0.103.5-33.44.1 - SUSE OpenStack Cloud 8 (x86_64): clamav-0.103.5-33.44.1 clamav-debuginfo-0.103.5-33.44.1 clamav-debugsource-0.103.5-33.44.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): clamav-0.103.5-33.44.1 clamav-debuginfo-0.103.5-33.44.1 clamav-debugsource-0.103.5-33.44.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): clamav-0.103.5-33.44.1 clamav-debuginfo-0.103.5-33.44.1 clamav-debugsource-0.103.5-33.44.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): clamav-0.103.5-33.44.1 clamav-debuginfo-0.103.5-33.44.1 clamav-debugsource-0.103.5-33.44.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): clamav-0.103.5-33.44.1 clamav-debuginfo-0.103.5-33.44.1 clamav-debugsource-0.103.5-33.44.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): clamav-0.103.5-33.44.1 clamav-debuginfo-0.103.5-33.44.1 clamav-debugsource-0.103.5-33.44.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): clamav-0.103.5-33.44.1 clamav-debuginfo-0.103.5-33.44.1 clamav-debugsource-0.103.5-33.44.1 - HPE Helion Openstack 8 (x86_64): clamav-0.103.5-33.44.1 clamav-debuginfo-0.103.5-33.44.1 clamav-debugsource-0.103.5-33.44.1 References: https://www.suse.com/security/cve/CVE-2022-20698.html https://bugzilla.suse.com/1194731 From sle-updates at lists.suse.com Wed Feb 9 20:20:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Feb 2022 21:20:14 +0100 (CET) Subject: SUSE-SU-2022:0359-1: important: Security update for xen Message-ID: <20220209202014.C66C1F355@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0359-1 Rating: important References: #1194581 #1194588 Cross-References: CVE-2022-23034 CVE-2022-23035 CVSS scores: CVE-2022-23034 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23034 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23035 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23035 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-359=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-359=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-359=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-359=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-359=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-359=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_26-3.100.1 xen-debugsource-4.9.4_26-3.100.1 xen-doc-html-4.9.4_26-3.100.1 xen-libs-32bit-4.9.4_26-3.100.1 xen-libs-4.9.4_26-3.100.1 xen-libs-debuginfo-32bit-4.9.4_26-3.100.1 xen-libs-debuginfo-4.9.4_26-3.100.1 xen-tools-4.9.4_26-3.100.1 xen-tools-debuginfo-4.9.4_26-3.100.1 xen-tools-domU-4.9.4_26-3.100.1 xen-tools-domU-debuginfo-4.9.4_26-3.100.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_26-3.100.1 xen-debugsource-4.9.4_26-3.100.1 xen-doc-html-4.9.4_26-3.100.1 xen-libs-32bit-4.9.4_26-3.100.1 xen-libs-4.9.4_26-3.100.1 xen-libs-debuginfo-32bit-4.9.4_26-3.100.1 xen-libs-debuginfo-4.9.4_26-3.100.1 xen-tools-4.9.4_26-3.100.1 xen-tools-debuginfo-4.9.4_26-3.100.1 xen-tools-domU-4.9.4_26-3.100.1 xen-tools-domU-debuginfo-4.9.4_26-3.100.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_26-3.100.1 xen-debugsource-4.9.4_26-3.100.1 xen-doc-html-4.9.4_26-3.100.1 xen-libs-32bit-4.9.4_26-3.100.1 xen-libs-4.9.4_26-3.100.1 xen-libs-debuginfo-32bit-4.9.4_26-3.100.1 xen-libs-debuginfo-4.9.4_26-3.100.1 xen-tools-4.9.4_26-3.100.1 xen-tools-debuginfo-4.9.4_26-3.100.1 xen-tools-domU-4.9.4_26-3.100.1 xen-tools-domU-debuginfo-4.9.4_26-3.100.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_26-3.100.1 xen-debugsource-4.9.4_26-3.100.1 xen-doc-html-4.9.4_26-3.100.1 xen-libs-32bit-4.9.4_26-3.100.1 xen-libs-4.9.4_26-3.100.1 xen-libs-debuginfo-32bit-4.9.4_26-3.100.1 xen-libs-debuginfo-4.9.4_26-3.100.1 xen-tools-4.9.4_26-3.100.1 xen-tools-debuginfo-4.9.4_26-3.100.1 xen-tools-domU-4.9.4_26-3.100.1 xen-tools-domU-debuginfo-4.9.4_26-3.100.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_26-3.100.1 xen-debugsource-4.9.4_26-3.100.1 xen-doc-html-4.9.4_26-3.100.1 xen-libs-32bit-4.9.4_26-3.100.1 xen-libs-4.9.4_26-3.100.1 xen-libs-debuginfo-32bit-4.9.4_26-3.100.1 xen-libs-debuginfo-4.9.4_26-3.100.1 xen-tools-4.9.4_26-3.100.1 xen-tools-debuginfo-4.9.4_26-3.100.1 xen-tools-domU-4.9.4_26-3.100.1 xen-tools-domU-debuginfo-4.9.4_26-3.100.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_26-3.100.1 xen-debugsource-4.9.4_26-3.100.1 xen-doc-html-4.9.4_26-3.100.1 xen-libs-32bit-4.9.4_26-3.100.1 xen-libs-4.9.4_26-3.100.1 xen-libs-debuginfo-32bit-4.9.4_26-3.100.1 xen-libs-debuginfo-4.9.4_26-3.100.1 xen-tools-4.9.4_26-3.100.1 xen-tools-debuginfo-4.9.4_26-3.100.1 xen-tools-domU-4.9.4_26-3.100.1 xen-tools-domU-debuginfo-4.9.4_26-3.100.1 References: https://www.suse.com/security/cve/CVE-2022-23034.html https://www.suse.com/security/cve/CVE-2022-23035.html https://bugzilla.suse.com/1194581 https://bugzilla.suse.com/1194588 From sle-updates at lists.suse.com Wed Feb 9 20:21:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Feb 2022 21:21:02 +0100 (CET) Subject: SUSE-SU-2022:14884-1: important: Security update for expat Message-ID: <20220209202102.88A62F368@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14884-1 Rating: important References: #1195054 #1195217 Cross-References: CVE-2022-23852 CVE-2022-23990 CVSS scores: CVE-2022-23852 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23852 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23990 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23990 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-expat-14884=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-expat-14884=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-expat-14884=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-expat-14884=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): expat-2.0.1-88.42.15.1 libexpat1-2.0.1-88.42.15.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libexpat1-32bit-2.0.1-88.42.15.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): expat-2.0.1-88.42.15.1 libexpat1-2.0.1-88.42.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): expat-debuginfo-2.0.1-88.42.15.1 expat-debugsource-2.0.1-88.42.15.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): expat-debuginfo-2.0.1-88.42.15.1 expat-debugsource-2.0.1-88.42.15.1 References: https://www.suse.com/security/cve/CVE-2022-23852.html https://www.suse.com/security/cve/CVE-2022-23990.html https://bugzilla.suse.com/1195054 https://bugzilla.suse.com/1195217 From sle-updates at lists.suse.com Thu Feb 10 07:54:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 08:54:15 +0100 (CET) Subject: SUSE-CU-2022:132-1: Security update of bci/golang Message-ID: <20220210075415.F1B5DF355@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:132-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-9.1 Container Release : 9.1 Severity : critical Type : security References : 1100504 1139519 1169614 1178561 1180125 1182345 1183572 1183574 1188571 1189152 1190515 1190824 1191227 1191532 1192489 1192684 1193007 1193086 1193488 1193690 1193711 1194178 1194522 1194597 1194640 1194768 1194770 1194785 1194859 1194898 1195048 954813 CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-36222 CVE-2021-3997 CVE-2021-3999 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2798-1 Released: Wed Nov 28 07:48:35 2018 Summary: Recommended update for make Type: recommended Severity: moderate References: 1100504 This update for make fixes the following issues: - Use a non-blocking read with pselect to avoid hangs (bsc#1100504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:87-1 Released: Mon Jan 17 12:50:09 2022 Summary: Recommended update for go1.16 Type: recommended Severity: moderate References: 1182345 This update for go1.16 fixes the following issues: Update to go1.16.13 (bsc#1182345) - it includes fixes to the compiler, linker, runtime, and the net/http package. * x/net/http2: `http.Server.WriteTimeout` does not fire if the http2 stream's window is out of space. * runtime/race: building for iOS, but linking in object file built for macOS * runtime: race detector `SIGABRT` or `SIGSEGV` on macOS Monterey * runtime: mallocs cause 'base outside usable address space' panic when running on iOS 14 * cmd/link: does not set section type of `.init_array` correctly * cmd/link: support more load commands on `Mach-O` * cmd/compile: internal compiler error: `Op...LECall and OpDereference have mismatched mem` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.32-150300.3.5.1 updated - glibc-devel-2.31-150300.9.12.1 updated - glibc-2.31-150300.9.12.1 updated - go1.16-1.16.13-1.40.1 updated - krb5-1.19.2-150300.8.3.2 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - libsystemd0-246.16-150300.7.36.1 updated - libudev1-246.16-150300.7.36.1 updated - libzypp-17.29.3-27.1 updated - make-4.2.1-7.3.2 added - permissions-20181225-23.12.1 updated - rpm-ndb-4.14.3-43.1 updated - zypper-1.14.51-24.1 updated - container:sles15-image-15.0.0-150300.17.8.75 updated From sle-updates at lists.suse.com Thu Feb 10 07:55:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 08:55:05 +0100 (CET) Subject: SUSE-CU-2022:133-1: Security update of bci/golang Message-ID: <20220210075505.072CAF355@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:133-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-7.1 Container Release : 7.1 Severity : critical Type : security References : 1100504 1139519 1169614 1178561 1180125 1183572 1183574 1188571 1189152 1190515 1190649 1190824 1191227 1191532 1192489 1192684 1193007 1193086 1193488 1193690 1193711 1194178 1194522 1194597 1194640 1194768 1194770 1194785 1194859 1194898 1195048 954813 CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-36222 CVE-2021-3997 CVE-2021-3999 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2798-1 Released: Wed Nov 28 07:48:35 2018 Summary: Recommended update for make Type: recommended Severity: moderate References: 1100504 This update for make fixes the following issues: - Use a non-blocking read with pselect to avoid hangs (bsc#1100504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:78-1 Released: Fri Jan 14 10:30:21 2022 Summary: Recommended update for go1.17 Type: recommended Severity: moderate References: 1190649 This update for go1.17 fixes the following issues: Update to go1.17.6 released 2022-01-06. (bsc#1190649) - It includes fixes to the compiler, linker, runtime, and the crypto/x509, net/http, and reflect packages. * go#50165 crypto/x509: error parsing large ASN.1 identifiers * go#50073 runtime: race detector `SIGABRT` or `SIGSEGV` on macOS Monterey * go#49961 reflect: segmentation violation while using html/template * go#49921 x/net/http2: `http.Server.WriteTimeout` does not fire if the http2 stream's window is out of space. * go#49413 cmd/compile: internal compiler error: `Op...LECall and OpDereference have mismatched mem` * go#48116 runtime: mallocs cause `base outside usable address space` panic when running on iOS 14 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.32-150300.3.5.1 updated - glibc-devel-2.31-150300.9.12.1 updated - glibc-2.31-150300.9.12.1 updated - go1.17-1.17.6-1.17.1 updated - krb5-1.19.2-150300.8.3.2 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - libsystemd0-246.16-150300.7.36.1 updated - libudev1-246.16-150300.7.36.1 updated - libzypp-17.29.3-27.1 updated - make-4.2.1-7.3.2 added - permissions-20181225-23.12.1 updated - rpm-ndb-4.14.3-43.1 updated - zypper-1.14.51-24.1 updated - container:sles15-image-15.0.0-150300.17.8.75 updated From sle-updates at lists.suse.com Thu Feb 10 07:55:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 08:55:45 +0100 (CET) Subject: SUSE-CU-2022:137-1: Security update of bci/nodejs Message-ID: <20220210075545.78560F355@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:137-1 Container Tags : bci/node:12 , bci/node:12-10.1 , bci/nodejs:12 , bci/nodejs:12-10.1 Container Release : 10.1 Severity : critical Type : security References : 1029961 1113013 1139519 1161276 1162581 1169614 1172973 1172974 1174504 1174504 1177127 1177460 1178236 1178561 1180125 1180125 1183137 1183374 1183572 1183574 1183858 1185016 1185524 1185588 1186071 1186503 1186602 1186910 1187153 1187224 1187270 1187273 1187425 1187466 1187512 1187654 1187668 1187738 1187760 1188156 1188344 1188435 1188571 1188623 1188921 1189031 1189152 1189241 1189287 1190052 1190053 1190054 1190055 1190056 1190057 1190059 1190199 1190356 1190401 1190440 1190465 1190515 1190552 1190566 1190645 1190712 1190739 1190793 1190815 1190824 1190850 1190915 1190933 1190975 1190984 1191227 1191286 1191324 1191370 1191532 1191563 1191592 1191601 1191602 1191609 1191736 1191987 1192023 1192160 1192161 1192248 1192249 1192337 1192423 1192436 1192489 1192684 1192688 1192717 1192858 1193007 1193086 1193179 1193480 1193488 1193690 1193711 1193722 1193759 1194178 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194511 1194512 1194513 1194514 1194522 1194597 1194640 1194768 1194770 1194785 1194859 1194898 1195048 954813 CVE-2019-20838 CVE-2020-14155 CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-22959 CVE-2021-22960 CVE-2021-28041 CVE-2021-3426 CVE-2021-36222 CVE-2021-3733 CVE-2021-3737 CVE-2021-37600 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 CVE-2021-39537 CVE-2021-3997 CVE-2021-3999 CVE-2021-41617 CVE-2021-43566 CVE-2021-43618 CVE-2021-44141 CVE-2021-44142 CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2021-45960 CVE-2021-46143 CVE-2022-0336 CVE-2022-21824 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3545-1 Released: Wed Oct 27 14:46:39 2021 Summary: Recommended update for less Type: recommended Severity: low References: 1190552 This update for less fixes the following issues: - Add missing runtime dependency on package 'which', that is used by lessopen.sh (bsc#1190552) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3564-1 Released: Wed Oct 27 16:12:08 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1190850 This update for rpm-config-SUSE fixes the following issues: - Support ZSTD compressed kernel modules. (bsc#1190850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3766-1 Released: Tue Nov 23 07:07:43 2021 Summary: Recommended update for git Type: recommended Severity: moderate References: 1192023 This update for git fixes the following issues: - Installation of the 'git-daemon' package needs nogroup group dependency (bsc#1192023) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3940-1 Released: Mon Dec 6 14:43:41 2021 Summary: Security update for nodejs12 Type: security Severity: important References: 1190053,1190054,1190055,1190056,1190057,1191601,1191602,CVE-2021-22959,CVE-2021-22960,CVE-2021-37701,CVE-2021-37712,CVE-2021-37713,CVE-2021-39134,CVE-2021-39135 This update for nodejs12 fixes the following issues: - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers (bsc#1191601). - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602). - CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190057). - CVE-2021-37712: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190056). - CVE-2021-37713: Fixed arbitrary code execution and file creation and overwrite in nodejs-tar (bsc#1190055). - CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist (bsc#1190054). - CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist (bsc#1190053). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3950-1 Released: Mon Dec 6 14:59:37 2021 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4153-1 Released: Wed Dec 22 11:00:48 2021 Summary: Security update for openssh Type: security Severity: important References: 1183137,CVE-2021-28041 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:48-1 Released: Tue Jan 11 09:17:57 2022 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1190566,1192249,1193179 This update for python3 fixes the following issues: - Don't use OpenSSL 1.1 on platforms which don't have it. - Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249). - Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+' (bsc#1190566) - Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:113-1 Released: Tue Jan 18 13:03:44 2022 Summary: Security update for nodejs12 Type: security Severity: moderate References: 1194511,1194512,1194513,1194514,CVE-2021-44531,CVE-2021-44532,CVE-2021-44533,CVE-2022-21824 This update for nodejs12 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names (bsc#1194511). - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection (bsc#1194512). - CVE-2021-44533: Fixed incorrect handling of certificate subject and issuer fields (bsc#1194513). - CVE-2022-21824: Fixed prototype pollution via console.table properties (bsc#1194514). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:227-1 Released: Mon Jan 31 06:05:25 2022 Summary: Recommended update for git Type: recommended Severity: moderate References: 1193722 This update for git fixes the following issues: - update to 2.34.1 (bsc#1193722): * 'git grep' looking in a blob that has non-UTF8 payload was completely broken when linked with certain versions of PCREv2 library in the latest release. * 'git pull' with any strategy when the other side is behind us should succeed as it is a no-op, but doesn't. * An earlier change in 2.34.0 caused JGit application (that abused GIT_EDITOR mechanism when invoking 'git config') to get stuck with a SIGTTOU signal; it has been reverted. * An earlier change that broke .gitignore matching has been reverted. * SubmittingPatches document gained a syntactically incorrect mark-up, which has been corrected. - git 2.33.0: * 'git send-email' learned the '--sendmail-cmd' command line option and the 'sendemail.sendmailCmd' configuration variable, which is a more sensible approach than the current way of repurposing the 'smtp-server' that is meant to name the server to instead name the command to talk to the server. * The userdiff pattern for C# learned the token 'record'. * 'git rev-list' learns to omit the 'commit ' header lines from the output with the `--no-commit-header` option. * 'git worktree add --lock' learned to record why the worktree is locked with a custom message. * internal improvements including performance optimizations * a number of bug fixes - git 2.32.0: * '.gitattributes', '.gitignore', and '.mailmap' files that are symbolic links are ignored * 'git apply --3way' used to first attempt a straight application, and only fell back to the 3-way merge algorithm when the straight application failed. Starting with this version, the command will first try the 3-way merge algorithm and only when it fails (either resulting with conflict or the base versions of blobs are missing), falls back to the usual patch application. * 'git stash show' can now show the untracked part of the stash * Improved 'git repack' strategy * http code can now unlock a certificate with a cached password respectively. * 'git clone --reject-shallow' option fails the clone as soon as we notice that we are cloning from a shallow repository. * 'gitweb' learned 'e-mail privacy' feature * Multiple improvements to output and configuration options * Bug fixes and developer visible fixes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.32-150300.3.5.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - git-core-2.34.1-10.9.1 updated - glibc-2.31-150300.9.12.1 updated - krb5-1.19.2-150300.8.3.2 updated - less-530-3.3.2 updated - libaugeas0-1.10.1-3.3.1 updated - libblkid1-2.36.2-4.5.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libcrack2-2.9.7-11.6.1 updated - libexpat1-2.2.5-3.9.1 updated - libfdisk1-2.36.2-4.5.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libmount1-2.36.2-4.5.1 updated - libncurses6-6.1-5.9.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - libpcre1-8.45-20.10.1 updated - libprotobuf-lite20-3.9.2-4.9.1 added - libpython3_6m1_0-3.6.15-10.15.1 updated - libsmartcols1-2.36.2-4.5.1 updated - libsolv-tools-0.7.20-9.2 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-150300.7.36.1 updated - libudev1-246.16-150300.7.36.1 updated - libuuid1-2.36.2-4.5.1 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.29.3-27.1 updated - ncurses-utils-6.1-5.9.1 updated - nodejs12-12.22.9-4.25.1 updated - npm12-12.22.9-4.25.1 updated - openssh-clients-8.4p1-3.9.1 updated - openssh-common-8.4p1-3.9.1 updated - openssh-fips-8.4p1-3.9.1 updated - pam-1.3.0-6.50.1 updated - permissions-20181225-23.12.1 updated - python3-base-3.6.15-10.15.1 updated - rpm-config-SUSE-1-5.6.1 updated - rpm-ndb-4.14.3-43.1 updated - system-group-hardware-20170617-17.3.1 updated - system-user-nobody-20170617-17.3.1 updated - terminfo-base-6.1-5.9.1 updated - timezone-2021e-75.4.1 updated - util-linux-2.36.2-4.5.1 updated - which-2.21-2.20 added - zypper-1.14.51-24.1 updated - container:sles15-image-15.0.0-150300.17.8.75 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed - suse-build-key-12.0-8.16.1 removed From sle-updates at lists.suse.com Thu Feb 10 07:56:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 08:56:05 +0100 (CET) Subject: SUSE-CU-2022:138-1: Security update of bci/nodejs Message-ID: <20220210075605.6DB44F355@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:138-1 Container Tags : bci/node:14 , bci/node:14-11.1 , bci/nodejs:14 , bci/nodejs:14-11.1 Container Release : 11.1 Severity : critical Type : security References : 1029961 1113013 1139519 1161276 1162581 1169614 1172973 1172974 1174504 1174504 1177127 1177460 1178236 1178561 1180125 1180125 1183137 1183374 1183572 1183574 1183858 1185016 1185524 1185588 1186071 1186503 1186602 1186910 1187153 1187224 1187270 1187273 1187425 1187466 1187512 1187654 1187668 1187738 1187760 1188156 1188344 1188435 1188571 1188623 1188921 1189031 1189152 1189241 1189287 1190052 1190053 1190054 1190055 1190056 1190057 1190059 1190199 1190356 1190401 1190440 1190465 1190515 1190552 1190566 1190645 1190712 1190739 1190793 1190815 1190824 1190850 1190915 1190933 1190975 1190984 1191227 1191286 1191324 1191370 1191532 1191563 1191592 1191601 1191602 1191609 1191736 1191987 1192023 1192160 1192161 1192248 1192249 1192337 1192423 1192436 1192489 1192684 1192688 1192717 1192858 1193007 1193086 1193179 1193480 1193488 1193690 1193711 1193722 1193759 1194178 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194511 1194512 1194513 1194514 1194522 1194597 1194640 1194768 1194770 1194785 1194859 1194898 1195048 954813 CVE-2019-20838 CVE-2020-14155 CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-22959 CVE-2021-22960 CVE-2021-28041 CVE-2021-3426 CVE-2021-36222 CVE-2021-3733 CVE-2021-3737 CVE-2021-37600 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 CVE-2021-39537 CVE-2021-3997 CVE-2021-3999 CVE-2021-41617 CVE-2021-43566 CVE-2021-43618 CVE-2021-44141 CVE-2021-44142 CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2021-45960 CVE-2021-46143 CVE-2022-0336 CVE-2022-21824 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3545-1 Released: Wed Oct 27 14:46:39 2021 Summary: Recommended update for less Type: recommended Severity: low References: 1190552 This update for less fixes the following issues: - Add missing runtime dependency on package 'which', that is used by lessopen.sh (bsc#1190552) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3564-1 Released: Wed Oct 27 16:12:08 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1190850 This update for rpm-config-SUSE fixes the following issues: - Support ZSTD compressed kernel modules. (bsc#1190850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3766-1 Released: Tue Nov 23 07:07:43 2021 Summary: Recommended update for git Type: recommended Severity: moderate References: 1192023 This update for git fixes the following issues: - Installation of the 'git-daemon' package needs nogroup group dependency (bsc#1192023) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3950-1 Released: Mon Dec 6 14:59:37 2021 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3964-1 Released: Tue Dec 7 08:57:33 2021 Summary: Security update for nodejs14 Type: security Severity: important References: 1190053,1190054,1190055,1190056,1190057,1191601,1191602,CVE-2021-22959,CVE-2021-22960,CVE-2021-37701,CVE-2021-37712,CVE-2021-37713,CVE-2021-39134,CVE-2021-39135 This update for nodejs14 fixes the following issues: nodejs14 was updated to 14.18.1: * deps: update llhttp to 2.1.4 - HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959) - HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960) Changes in 14.18.0: * buffer: + introduce Blob + add base64url encoding option * child_process: + allow options.cwd receive a URL + add timeout to spawn and fork + allow promisified exec to be cancel + add 'overlapped' stdio flag * dns: add 'tries' option to Resolve options * fs: + allow empty string for temp directory prefix + allow no-params fsPromises fileHandle read + add support for async iterators to fsPromises.writeFile * http2: add support for sensitive headers * process: add 'worker' event * tls: allow reading data into a static buffer * worker: add setEnvironmentData/getEnvironmentData Changes in 14.17.6 * deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4153-1 Released: Wed Dec 22 11:00:48 2021 Summary: Security update for openssh Type: security Severity: important References: 1183137,CVE-2021-28041 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:48-1 Released: Tue Jan 11 09:17:57 2022 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1190566,1192249,1193179 This update for python3 fixes the following issues: - Don't use OpenSSL 1.1 on platforms which don't have it. - Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249). - Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+' (bsc#1190566) - Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:112-1 Released: Tue Jan 18 13:03:29 2022 Summary: Security update for nodejs14 Type: security Severity: moderate References: 1194511,1194512,1194513,1194514,CVE-2021-44531,CVE-2021-44532,CVE-2021-44533,CVE-2022-21824 This update for nodejs14 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names (bsc#1194511). - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection (bsc#1194512). - CVE-2021-44533: Fixed incorrect handling of certificate subject and issuer fields (bsc#1194513). - CVE-2022-21824: Fixed prototype pollution via console.table properties (bsc#1194514). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:227-1 Released: Mon Jan 31 06:05:25 2022 Summary: Recommended update for git Type: recommended Severity: moderate References: 1193722 This update for git fixes the following issues: - update to 2.34.1 (bsc#1193722): * 'git grep' looking in a blob that has non-UTF8 payload was completely broken when linked with certain versions of PCREv2 library in the latest release. * 'git pull' with any strategy when the other side is behind us should succeed as it is a no-op, but doesn't. * An earlier change in 2.34.0 caused JGit application (that abused GIT_EDITOR mechanism when invoking 'git config') to get stuck with a SIGTTOU signal; it has been reverted. * An earlier change that broke .gitignore matching has been reverted. * SubmittingPatches document gained a syntactically incorrect mark-up, which has been corrected. - git 2.33.0: * 'git send-email' learned the '--sendmail-cmd' command line option and the 'sendemail.sendmailCmd' configuration variable, which is a more sensible approach than the current way of repurposing the 'smtp-server' that is meant to name the server to instead name the command to talk to the server. * The userdiff pattern for C# learned the token 'record'. * 'git rev-list' learns to omit the 'commit ' header lines from the output with the `--no-commit-header` option. * 'git worktree add --lock' learned to record why the worktree is locked with a custom message. * internal improvements including performance optimizations * a number of bug fixes - git 2.32.0: * '.gitattributes', '.gitignore', and '.mailmap' files that are symbolic links are ignored * 'git apply --3way' used to first attempt a straight application, and only fell back to the 3-way merge algorithm when the straight application failed. Starting with this version, the command will first try the 3-way merge algorithm and only when it fails (either resulting with conflict or the base versions of blobs are missing), falls back to the usual patch application. * 'git stash show' can now show the untracked part of the stash * Improved 'git repack' strategy * http code can now unlock a certificate with a cached password respectively. * 'git clone --reject-shallow' option fails the clone as soon as we notice that we are cloning from a shallow repository. * 'gitweb' learned 'e-mail privacy' feature * Multiple improvements to output and configuration options * Bug fixes and developer visible fixes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.32-150300.3.5.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - git-core-2.34.1-10.9.1 updated - glibc-2.31-150300.9.12.1 updated - krb5-1.19.2-150300.8.3.2 updated - less-530-3.3.2 updated - libaugeas0-1.10.1-3.3.1 updated - libblkid1-2.36.2-4.5.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libcrack2-2.9.7-11.6.1 updated - libexpat1-2.2.5-3.9.1 updated - libfdisk1-2.36.2-4.5.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libmount1-2.36.2-4.5.1 updated - libncurses6-6.1-5.9.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - libpcre1-8.45-20.10.1 updated - libprotobuf-lite20-3.9.2-4.9.1 added - libpython3_6m1_0-3.6.15-10.15.1 updated - libsmartcols1-2.36.2-4.5.1 updated - libsolv-tools-0.7.20-9.2 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-150300.7.36.1 updated - libudev1-246.16-150300.7.36.1 updated - libuuid1-2.36.2-4.5.1 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.29.3-27.1 updated - ncurses-utils-6.1-5.9.1 updated - nodejs14-14.18.3-15.24.1 updated - npm14-14.18.3-15.24.1 updated - openssh-clients-8.4p1-3.9.1 updated - openssh-common-8.4p1-3.9.1 updated - openssh-fips-8.4p1-3.9.1 updated - pam-1.3.0-6.50.1 updated - permissions-20181225-23.12.1 updated - python3-base-3.6.15-10.15.1 updated - rpm-config-SUSE-1-5.6.1 updated - rpm-ndb-4.14.3-43.1 updated - system-group-hardware-20170617-17.3.1 updated - system-user-nobody-20170617-17.3.1 updated - terminfo-base-6.1-5.9.1 updated - timezone-2021e-75.4.1 updated - util-linux-2.36.2-4.5.1 updated - which-2.21-2.20 added - zypper-1.14.51-24.1 updated - container:sles15-image-15.0.0-150300.17.8.75 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed - suse-build-key-12.0-8.16.1 removed From sle-updates at lists.suse.com Thu Feb 10 07:57:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 08:57:03 +0100 (CET) Subject: SUSE-CU-2022:139-1: Security update of bci/openjdk-devel Message-ID: <20220210075703.854C1F355@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:139-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.2 Container Release : 10.2 Severity : critical Type : security References : 1139519 1169614 1178561 1180125 1183572 1183574 1188571 1189152 1190515 1190824 1191227 1191532 1192489 1192684 1193007 1193086 1193314 1193488 1193690 1193711 1193722 1193845 1194178 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194522 1194597 1194640 1194768 1194770 1194785 1194859 1194898 1195048 954813 CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-36222 CVE-2021-3997 CVE-2021-3999 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2021-45960 CVE-2021-46143 CVE-2022-0336 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:72-1 Released: Thu Jan 13 16:13:36 2022 Summary: Recommended update for mozilla-nss and MozillaFirefox Type: recommended Severity: important References: 1193845 This update for mozilla-nss and MozillaFirefox fix the following issues: mozilla-nss: - Update from version 3.68.1 to 3.68.2 (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation MozillaFirefox: - Firefox Extended Support Release 91.4.1 ESR (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation to fix frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various microsoft.com domains ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:143-1 Released: Thu Jan 20 14:32:30 2022 Summary: Recommended update for java-11-openjdk Type: recommended Severity: moderate References: 1193314 This update for java-11-openjdk fixes the following issues: - Java Cryptography was always operating in FIPS mode if crypto-policies was not used. - Allow plain key import in fips mode unless 'com.suse.fips.plainKeySupport' is set to false ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:227-1 Released: Mon Jan 31 06:05:25 2022 Summary: Recommended update for git Type: recommended Severity: moderate References: 1193722 This update for git fixes the following issues: - update to 2.34.1 (bsc#1193722): * 'git grep' looking in a blob that has non-UTF8 payload was completely broken when linked with certain versions of PCREv2 library in the latest release. * 'git pull' with any strategy when the other side is behind us should succeed as it is a no-op, but doesn't. * An earlier change in 2.34.0 caused JGit application (that abused GIT_EDITOR mechanism when invoking 'git config') to get stuck with a SIGTTOU signal; it has been reverted. * An earlier change that broke .gitignore matching has been reverted. * SubmittingPatches document gained a syntactically incorrect mark-up, which has been corrected. - git 2.33.0: * 'git send-email' learned the '--sendmail-cmd' command line option and the 'sendemail.sendmailCmd' configuration variable, which is a more sensible approach than the current way of repurposing the 'smtp-server' that is meant to name the server to instead name the command to talk to the server. * The userdiff pattern for C# learned the token 'record'. * 'git rev-list' learns to omit the 'commit ' header lines from the output with the `--no-commit-header` option. * 'git worktree add --lock' learned to record why the worktree is locked with a custom message. * internal improvements including performance optimizations * a number of bug fixes - git 2.32.0: * '.gitattributes', '.gitignore', and '.mailmap' files that are symbolic links are ignored * 'git apply --3way' used to first attempt a straight application, and only fell back to the 3-way merge algorithm when the straight application failed. Starting with this version, the command will first try the 3-way merge algorithm and only when it fails (either resulting with conflict or the base versions of blobs are missing), falls back to the usual patch application. * 'git stash show' can now show the untracked part of the stash * Improved 'git repack' strategy * http code can now unlock a certificate with a cached password respectively. * 'git clone --reject-shallow' option fails the clone as soon as we notice that we are cloning from a shallow repository. * 'gitweb' learned 'e-mail privacy' feature * Multiple improvements to output and configuration options * Bug fixes and developer visible fixes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.32-150300.3.5.1 updated - git-core-2.34.1-10.9.1 updated - glibc-2.31-150300.9.12.1 updated - java-11-openjdk-devel-11.0.13.0-3.68.1 updated - java-11-openjdk-headless-11.0.13.0-3.68.1 updated - java-11-openjdk-11.0.13.0-3.68.1 updated - krb5-1.19.2-150300.8.3.2 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libexpat1-2.2.5-3.9.1 updated - libfreebl3-hmac-3.68.2-3.64.2 updated - libfreebl3-3.68.2-3.64.2 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - libsoftokn3-hmac-3.68.2-3.64.2 updated - libsoftokn3-3.68.2-3.64.2 updated - libsystemd0-246.16-150300.7.36.1 updated - libudev1-246.16-150300.7.36.1 updated - libzypp-17.29.3-27.1 updated - mozilla-nss-certs-3.68.2-3.64.2 updated - mozilla-nss-3.68.2-3.64.2 updated - openssl-1_1-1.1.1d-11.38.1 updated - permissions-20181225-23.12.1 updated - rpm-ndb-4.14.3-43.1 updated - zypper-1.14.51-24.1 updated - container:openjdk-11-image-15.3.0-10.1 added - container:openjdk11-image-15.3.0-6.23 removed From sle-updates at lists.suse.com Thu Feb 10 07:57:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 08:57:54 +0100 (CET) Subject: SUSE-CU-2022:140-1: Security update of bci/openjdk Message-ID: <20220210075754.68788F355@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:140-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-10.1 Container Release : 10.1 Severity : critical Type : security References : 1139519 1169614 1178561 1180125 1183572 1183574 1188571 1189152 1190515 1190824 1191227 1191532 1192489 1192684 1193007 1193086 1193314 1193488 1193690 1193711 1193845 1194178 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194522 1194597 1194640 1194768 1194770 1194785 1194859 1194898 1195048 954813 CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-36222 CVE-2021-3997 CVE-2021-3999 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2021-45960 CVE-2021-46143 CVE-2022-0336 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:72-1 Released: Thu Jan 13 16:13:36 2022 Summary: Recommended update for mozilla-nss and MozillaFirefox Type: recommended Severity: important References: 1193845 This update for mozilla-nss and MozillaFirefox fix the following issues: mozilla-nss: - Update from version 3.68.1 to 3.68.2 (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation MozillaFirefox: - Firefox Extended Support Release 91.4.1 ESR (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation to fix frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various microsoft.com domains ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:143-1 Released: Thu Jan 20 14:32:30 2022 Summary: Recommended update for java-11-openjdk Type: recommended Severity: moderate References: 1193314 This update for java-11-openjdk fixes the following issues: - Java Cryptography was always operating in FIPS mode if crypto-policies was not used. - Allow plain key import in fips mode unless 'com.suse.fips.plainKeySupport' is set to false ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.32-150300.3.5.1 updated - glibc-2.31-150300.9.12.1 updated - java-11-openjdk-headless-11.0.13.0-3.68.1 updated - java-11-openjdk-11.0.13.0-3.68.1 updated - krb5-1.19.2-150300.8.3.2 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libexpat1-2.2.5-3.9.1 updated - libfreebl3-hmac-3.68.2-3.64.2 updated - libfreebl3-3.68.2-3.64.2 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - libsoftokn3-hmac-3.68.2-3.64.2 updated - libsoftokn3-3.68.2-3.64.2 updated - libsystemd0-246.16-150300.7.36.1 updated - libudev1-246.16-150300.7.36.1 updated - libzypp-17.29.3-27.1 updated - mozilla-nss-certs-3.68.2-3.64.2 updated - mozilla-nss-3.68.2-3.64.2 updated - openssl-1_1-1.1.1d-11.38.1 updated - permissions-20181225-23.12.1 updated - rpm-ndb-4.14.3-43.1 updated - zypper-1.14.51-24.1 updated - container:sles15-image-15.0.0-150300.17.8.75 updated From sle-updates at lists.suse.com Thu Feb 10 07:58:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 08:58:14 +0100 (CET) Subject: SUSE-CU-2022:141-1: Security update of bci/python Message-ID: <20220210075814.6B27AF355@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:141-1 Container Tags : bci/python:3.6 , bci/python:3.6-9.1 Container Release : 9.1 Severity : critical Type : security References : 1029961 1113013 1139519 1161276 1162581 1169614 1172973 1172974 1174504 1174504 1178236 1178561 1180064 1180125 1180125 1183137 1183374 1183572 1183574 1183858 1185016 1185524 1185588 1186071 1186503 1186602 1186819 1186910 1187153 1187224 1187270 1187273 1187425 1187466 1187512 1187654 1187668 1187738 1187760 1187993 1188156 1188344 1188435 1188571 1188623 1188921 1189031 1189152 1189241 1189287 1190052 1190059 1190199 1190356 1190401 1190440 1190465 1190515 1190552 1190566 1190645 1190712 1190739 1190793 1190815 1190824 1190850 1190915 1190933 1190975 1190984 1191227 1191286 1191324 1191370 1191532 1191563 1191592 1191609 1191736 1191987 1192023 1192160 1192161 1192248 1192249 1192337 1192423 1192436 1192489 1192684 1192688 1192717 1192858 1193007 1193086 1193179 1193480 1193488 1193690 1193711 1193722 1193759 1194178 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194522 1194597 1194640 1194768 1194770 1194785 1194859 1194898 1195048 954813 CVE-2019-20838 CVE-2020-14155 CVE-2020-27840 CVE-2020-29361 CVE-2021-20277 CVE-2021-20316 CVE-2021-28041 CVE-2021-3426 CVE-2021-3572 CVE-2021-36222 CVE-2021-3733 CVE-2021-3737 CVE-2021-37600 CVE-2021-39537 CVE-2021-3997 CVE-2021-3999 CVE-2021-41617 CVE-2021-43566 CVE-2021-43618 CVE-2021-44141 CVE-2021-44142 CVE-2021-45960 CVE-2021-46143 CVE-2022-0336 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3545-1 Released: Wed Oct 27 14:46:39 2021 Summary: Recommended update for less Type: recommended Severity: low References: 1190552 This update for less fixes the following issues: - Add missing runtime dependency on package 'which', that is used by lessopen.sh (bsc#1190552) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3564-1 Released: Wed Oct 27 16:12:08 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1190850 This update for rpm-config-SUSE fixes the following issues: - Support ZSTD compressed kernel modules. (bsc#1190850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3766-1 Released: Tue Nov 23 07:07:43 2021 Summary: Recommended update for git Type: recommended Severity: moderate References: 1192023 This update for git fixes the following issues: - Installation of the 'git-daemon' package needs nogroup group dependency (bsc#1192023) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3950-1 Released: Mon Dec 6 14:59:37 2021 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4001-1 Released: Mon Dec 13 10:29:44 2021 Summary: Security update for python-pip Type: security Severity: moderate References: 1186819,CVE-2021-3572 This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4153-1 Released: Wed Dec 22 11:00:48 2021 Summary: Security update for openssh Type: security Severity: important References: 1183137,CVE-2021-28041 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:48-1 Released: Tue Jan 11 09:17:57 2022 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1190566,1192249,1193179 This update for python3 fixes the following issues: - Don't use OpenSSL 1.1 on platforms which don't have it. - Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249). - Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+' (bsc#1190566) - Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:227-1 Released: Mon Jan 31 06:05:25 2022 Summary: Recommended update for git Type: recommended Severity: moderate References: 1193722 This update for git fixes the following issues: - update to 2.34.1 (bsc#1193722): * 'git grep' looking in a blob that has non-UTF8 payload was completely broken when linked with certain versions of PCREv2 library in the latest release. * 'git pull' with any strategy when the other side is behind us should succeed as it is a no-op, but doesn't. * An earlier change in 2.34.0 caused JGit application (that abused GIT_EDITOR mechanism when invoking 'git config') to get stuck with a SIGTTOU signal; it has been reverted. * An earlier change that broke .gitignore matching has been reverted. * SubmittingPatches document gained a syntactically incorrect mark-up, which has been corrected. - git 2.33.0: * 'git send-email' learned the '--sendmail-cmd' command line option and the 'sendemail.sendmailCmd' configuration variable, which is a more sensible approach than the current way of repurposing the 'smtp-server' that is meant to name the server to instead name the command to talk to the server. * The userdiff pattern for C# learned the token 'record'. * 'git rev-list' learns to omit the 'commit ' header lines from the output with the `--no-commit-header` option. * 'git worktree add --lock' learned to record why the worktree is locked with a custom message. * internal improvements including performance optimizations * a number of bug fixes - git 2.32.0: * '.gitattributes', '.gitignore', and '.mailmap' files that are symbolic links are ignored * 'git apply --3way' used to first attempt a straight application, and only fell back to the 3-way merge algorithm when the straight application failed. Starting with this version, the command will first try the 3-way merge algorithm and only when it fails (either resulting with conflict or the base versions of blobs are missing), falls back to the usual patch application. * 'git stash show' can now show the untracked part of the stash * Improved 'git repack' strategy * http code can now unlock a certificate with a cached password respectively. * 'git clone --reject-shallow' option fails the clone as soon as we notice that we are cloning from a shallow repository. * 'gitweb' learned 'e-mail privacy' feature * Multiple improvements to output and configuration options * Bug fixes and developer visible fixes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.32-150300.3.5.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - git-core-2.34.1-10.9.1 updated - glibc-2.31-150300.9.12.1 updated - krb5-1.19.2-150300.8.3.2 updated - less-530-3.3.2 updated - libaugeas0-1.10.1-3.3.1 updated - libblkid1-2.36.2-4.5.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libcrack2-2.9.7-11.6.1 updated - libexpat1-2.2.5-3.9.1 updated - libfdisk1-2.36.2-4.5.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libmount1-2.36.2-4.5.1 updated - libncurses6-6.1-5.9.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - libp11-kit0-0.23.2-4.13.1 updated - libpcre1-8.45-20.10.1 updated - libprotobuf-lite20-3.9.2-4.9.1 added - libpython3_6m1_0-3.6.15-10.15.1 updated - libsmartcols1-2.36.2-4.5.1 updated - libsolv-tools-0.7.20-9.2 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-150300.7.36.1 updated - libudev1-246.16-150300.7.36.1 updated - libuuid1-2.36.2-4.5.1 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.29.3-27.1 updated - ncurses-utils-6.1-5.9.1 updated - openssh-clients-8.4p1-3.9.1 updated - openssh-common-8.4p1-3.9.1 updated - openssh-fips-8.4p1-3.9.1 updated - openssl-1_1-1.1.1d-11.38.1 updated - p11-kit-tools-0.23.2-4.13.1 updated - p11-kit-0.23.2-4.13.1 updated - pam-1.3.0-6.50.1 updated - permissions-20181225-23.12.1 updated - python3-base-3.6.15-10.15.1 updated - python3-pip-20.0.2-6.15.1 updated - python3-3.6.15-10.15.1 updated - rpm-config-SUSE-1-5.6.1 updated - rpm-ndb-4.14.3-43.1 updated - system-group-hardware-20170617-17.3.1 updated - terminfo-base-6.1-5.9.1 updated - util-linux-2.36.2-4.5.1 updated - which-2.21-2.20 added - zypper-1.14.51-24.1 updated - container:sles15-image-15.0.0-150300.17.8.75 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Thu Feb 10 07:58:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 08:58:33 +0100 (CET) Subject: SUSE-CU-2022:142-1: Security update of bci/python Message-ID: <20220210075833.334B4F355@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:142-1 Container Tags : bci/python:3.9 , bci/python:3.9-9.1 Container Release : 9.1 Severity : critical Type : security References : 1029961 1113013 1139519 1161276 1162581 1169614 1172973 1172974 1174504 1174504 1177127 1178236 1178561 1180064 1180125 1183137 1183572 1183574 1185016 1185524 1186071 1186503 1186602 1186819 1186910 1187153 1187224 1187270 1187273 1187425 1187466 1187512 1187654 1187738 1187760 1187993 1188156 1188344 1188435 1188571 1188623 1188921 1189031 1189152 1190052 1190059 1190199 1190356 1190401 1190440 1190465 1190515 1190552 1190645 1190712 1190739 1190793 1190815 1190824 1190850 1190915 1190933 1190975 1190984 1191227 1191286 1191324 1191370 1191532 1191563 1191592 1191609 1191736 1191987 1192023 1192160 1192161 1192248 1192337 1192423 1192436 1192489 1192684 1192688 1192717 1192858 1193007 1193086 1193480 1193488 1193690 1193711 1193722 1193759 1194178 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194522 1194597 1194640 1194768 1194770 1194785 1194859 1194898 1195048 954813 CVE-2019-20838 CVE-2020-14155 CVE-2020-27840 CVE-2020-29361 CVE-2021-20277 CVE-2021-20316 CVE-2021-28041 CVE-2021-3572 CVE-2021-36222 CVE-2021-37600 CVE-2021-39537 CVE-2021-3997 CVE-2021-3999 CVE-2021-41617 CVE-2021-43566 CVE-2021-43618 CVE-2021-44141 CVE-2021-44142 CVE-2021-45960 CVE-2021-46143 CVE-2022-0336 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3545-1 Released: Wed Oct 27 14:46:39 2021 Summary: Recommended update for less Type: recommended Severity: low References: 1190552 This update for less fixes the following issues: - Add missing runtime dependency on package 'which', that is used by lessopen.sh (bsc#1190552) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3564-1 Released: Wed Oct 27 16:12:08 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1190850 This update for rpm-config-SUSE fixes the following issues: - Support ZSTD compressed kernel modules. (bsc#1190850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3766-1 Released: Tue Nov 23 07:07:43 2021 Summary: Recommended update for git Type: recommended Severity: moderate References: 1192023 This update for git fixes the following issues: - Installation of the 'git-daemon' package needs nogroup group dependency (bsc#1192023) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3950-1 Released: Mon Dec 6 14:59:37 2021 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4153-1 Released: Wed Dec 22 11:00:48 2021 Summary: Security update for openssh Type: security Severity: important References: 1183137,CVE-2021-28041 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:64-1 Released: Wed Jan 12 17:46:51 2022 Summary: Security update for python39-pip Type: security Severity: moderate References: 1186819,CVE-2021-3572 This update for python39-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:227-1 Released: Mon Jan 31 06:05:25 2022 Summary: Recommended update for git Type: recommended Severity: moderate References: 1193722 This update for git fixes the following issues: - update to 2.34.1 (bsc#1193722): * 'git grep' looking in a blob that has non-UTF8 payload was completely broken when linked with certain versions of PCREv2 library in the latest release. * 'git pull' with any strategy when the other side is behind us should succeed as it is a no-op, but doesn't. * An earlier change in 2.34.0 caused JGit application (that abused GIT_EDITOR mechanism when invoking 'git config') to get stuck with a SIGTTOU signal; it has been reverted. * An earlier change that broke .gitignore matching has been reverted. * SubmittingPatches document gained a syntactically incorrect mark-up, which has been corrected. - git 2.33.0: * 'git send-email' learned the '--sendmail-cmd' command line option and the 'sendemail.sendmailCmd' configuration variable, which is a more sensible approach than the current way of repurposing the 'smtp-server' that is meant to name the server to instead name the command to talk to the server. * The userdiff pattern for C# learned the token 'record'. * 'git rev-list' learns to omit the 'commit ' header lines from the output with the `--no-commit-header` option. * 'git worktree add --lock' learned to record why the worktree is locked with a custom message. * internal improvements including performance optimizations * a number of bug fixes - git 2.32.0: * '.gitattributes', '.gitignore', and '.mailmap' files that are symbolic links are ignored * 'git apply --3way' used to first attempt a straight application, and only fell back to the 3-way merge algorithm when the straight application failed. Starting with this version, the command will first try the 3-way merge algorithm and only when it fails (either resulting with conflict or the base versions of blobs are missing), falls back to the usual patch application. * 'git stash show' can now show the untracked part of the stash * Improved 'git repack' strategy * http code can now unlock a certificate with a cached password respectively. * 'git clone --reject-shallow' option fails the clone as soon as we notice that we are cloning from a shallow repository. * 'gitweb' learned 'e-mail privacy' feature * Multiple improvements to output and configuration options * Bug fixes and developer visible fixes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.32-150300.3.5.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - git-core-2.34.1-10.9.1 updated - glibc-2.31-150300.9.12.1 updated - krb5-1.19.2-150300.8.3.2 updated - less-530-3.3.2 updated - libaugeas0-1.10.1-3.3.1 updated - libblkid1-2.36.2-4.5.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libcrack2-2.9.7-11.6.1 updated - libexpat1-2.2.5-3.9.1 updated - libfdisk1-2.36.2-4.5.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libmount1-2.36.2-4.5.1 updated - libncurses6-6.1-5.9.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - libp11-kit0-0.23.2-4.13.1 updated - libpcre1-8.45-20.10.1 updated - libprotobuf-lite20-3.9.2-4.9.1 added - libsmartcols1-2.36.2-4.5.1 updated - libsolv-tools-0.7.20-9.2 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-150300.7.36.1 updated - libudev1-246.16-150300.7.36.1 updated - libuuid1-2.36.2-4.5.1 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.29.3-27.1 updated - ncurses-utils-6.1-5.9.1 updated - openssh-clients-8.4p1-3.9.1 updated - openssh-common-8.4p1-3.9.1 updated - openssh-fips-8.4p1-3.9.1 updated - openssl-1_1-1.1.1d-11.38.1 updated - p11-kit-tools-0.23.2-4.13.1 updated - p11-kit-0.23.2-4.13.1 updated - pam-1.3.0-6.50.1 updated - permissions-20181225-23.12.1 updated - python39-pip-20.2.4-7.8.1 updated - rpm-config-SUSE-1-5.6.1 updated - rpm-ndb-4.14.3-43.1 updated - system-group-hardware-20170617-17.3.1 updated - terminfo-base-6.1-5.9.1 updated - util-linux-2.36.2-4.5.1 updated - which-2.21-2.20 added - zypper-1.14.51-24.1 updated - container:sles15-image-15.0.0-150300.17.8.75 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Thu Feb 10 07:58:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 08:58:56 +0100 (CET) Subject: SUSE-CU-2022:143-1: Security update of bci/ruby Message-ID: <20220210075856.B3603F355@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:143-1 Container Tags : bci/ruby:2.5 , bci/ruby:2.5-10.1 Container Release : 10.1 Severity : critical Type : security References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1139519 1140016 1150451 1161276 1169582 1169614 1172055 1174504 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1178561 1180125 1183137 1183572 1183574 1188127 1188571 1189152 1190515 1190824 1191227 1191532 1191592 1192423 1192489 1192684 1192688 1192858 1193007 1193086 1193480 1193488 1193690 1193711 1193722 1193759 1194178 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194522 1194597 1194640 1194768 1194770 1194785 1194859 1194898 1195048 954813 CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-28041 CVE-2021-36222 CVE-2021-3997 CVE-2021-3999 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2021-45960 CVE-2021-46143 CVE-2022-0336 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4153-1 Released: Wed Dec 22 11:00:48 2021 Summary: Security update for openssh Type: security Severity: important References: 1183137,CVE-2021-28041 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:227-1 Released: Mon Jan 31 06:05:25 2022 Summary: Recommended update for git Type: recommended Severity: moderate References: 1193722 This update for git fixes the following issues: - update to 2.34.1 (bsc#1193722): * 'git grep' looking in a blob that has non-UTF8 payload was completely broken when linked with certain versions of PCREv2 library in the latest release. * 'git pull' with any strategy when the other side is behind us should succeed as it is a no-op, but doesn't. * An earlier change in 2.34.0 caused JGit application (that abused GIT_EDITOR mechanism when invoking 'git config') to get stuck with a SIGTTOU signal; it has been reverted. * An earlier change that broke .gitignore matching has been reverted. * SubmittingPatches document gained a syntactically incorrect mark-up, which has been corrected. - git 2.33.0: * 'git send-email' learned the '--sendmail-cmd' command line option and the 'sendemail.sendmailCmd' configuration variable, which is a more sensible approach than the current way of repurposing the 'smtp-server' that is meant to name the server to instead name the command to talk to the server. * The userdiff pattern for C# learned the token 'record'. * 'git rev-list' learns to omit the 'commit ' header lines from the output with the `--no-commit-header` option. * 'git worktree add --lock' learned to record why the worktree is locked with a custom message. * internal improvements including performance optimizations * a number of bug fixes - git 2.32.0: * '.gitattributes', '.gitignore', and '.mailmap' files that are symbolic links are ignored * 'git apply --3way' used to first attempt a straight application, and only fell back to the 3-way merge algorithm when the straight application failed. Starting with this version, the command will first try the 3-way merge algorithm and only when it fails (either resulting with conflict or the base versions of blobs are missing), falls back to the usual patch application. * 'git stash show' can now show the untracked part of the stash * Improved 'git repack' strategy * http code can now unlock a certificate with a cached password respectively. * 'git clone --reject-shallow' option fails the clone as soon as we notice that we are cloning from a shallow repository. * 'gitweb' learned 'e-mail privacy' feature * Multiple improvements to output and configuration options * Bug fixes and developer visible fixes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.32-150300.3.5.1 updated - git-core-2.34.1-10.9.1 updated - glibc-devel-2.31-150300.9.12.1 updated - glibc-2.31-150300.9.12.1 updated - krb5-1.19.2-150300.8.3.2 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libexpat1-2.2.5-3.9.1 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - libsystemd0-246.16-150300.7.36.1 updated - libudev1-246.16-150300.7.36.1 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.29.3-27.1 updated - openssh-clients-8.4p1-3.9.1 updated - openssh-common-8.4p1-3.9.1 updated - openssh-fips-8.4p1-3.9.1 updated - permissions-20181225-23.12.1 updated - rpm-ndb-4.14.3-43.1 updated - timezone-2021e-75.4.1 added - zypper-1.14.51-24.1 updated - container:sles15-image-15.0.0-150300.17.8.75 updated From sle-updates at lists.suse.com Thu Feb 10 17:17:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 18:17:53 +0100 (CET) Subject: SUSE-SU-2022:0361-1: critical: Security update for ldb, samba Message-ID: <20220210171753.DACAAF355@maintenance.suse.de> SUSE Security Update: Security update for ldb, samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0361-1 Rating: critical References: #1014440 #1188727 #1189017 #1189875 #1192214 #1192215 #1192246 #1192247 #1192283 #1192284 #1192505 #1192849 #1194859 SLE-18456 Cross-References: CVE-2016-2124 CVE-2020-17049 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722 CVE-2021-20254 CVE-2021-23192 CVE-2021-3738 CVE-2021-44142 CVSS scores: CVE-2020-17049 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-25718 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25719 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25721 (SUSE): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2020-25722 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-20254 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2021-23192 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-3738 (SUSE): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that solves 11 vulnerabilities, contains one feature and has two fixes is now available. Description: This update for ldb, samba fixes the following issues: Changes in ldb: + CVE-2020-25718: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246) + CVE-2021-3738: Fixed a crash in dsdb stack (bsc#1192215) Release ldb 2.2.2 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message + Fix memory handling in ldb.msg_diff + Backport bronze bit fixes, tests, and selftest improvements. Changes in samba: - CVE-2021-44142: Fixed an Out-of-Bound Read/Write on Samba vfs_fruit module; (bsc#1194859) - The username map [script] advice from CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails; (bsc#1192849); (bso#14901). - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when 'allow trusted domains' is off; (bso#14899); - CVE-2020-25717: Fixed that a user on the domain can become root on domain members; (bsc#1192284); (bso#14556). - CVE-2020-25721: auth: Fill in the new HAS_SAM_NAME_AND_SID values; (bsc#1192505); (bso#14564). - CVE-2020-25718: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246);(bso#14558). - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given;(bsc#1192247);(bso#14561). - CVE-2020-25722: Fixed that AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues);(bsc#1192283); (bso#14564). - CVE-2021-3738: Fixed a crash in dsdb stack;(bsc#1192215); (bso#14468). - CVE-2021-23192: Fixed that dcerpc requests don't check all fragments against the first auth_state;(bsc#1192214);(bso#14875). - CVE-2016-2124: don't fallback to non spnego authentication if we require kerberos; (bsc#1014440); (bso#12444). Update to 4.13.13 * rodc_rwdc test flaps;(bso#14868). * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642). * Python ldb.msg_diff() memory handling failure;(bso#14836). * "in" operator on ldb.Message is case sensitive;(bso#14845). * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871). * Allow special chars like "@" in samAccountName when generating the salt;(bso#14874). * Fix transit path validation;(bso#12998). * Prepare to operate with MIT krb5 >= 1.20;(bso#14870). * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645). * Python ldb.msg_diff() memory handling failure;(bso#14836). * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848). - Update to 4.13.12 * Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806). * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Address flapping samba_tool_drs_showrepl test;(bso#14818). * Address flapping dsdb_schema_attributes test;(bso#14819). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Fix CTDB flag/status update race conditions(bso#14784). - Update to 4.13.11 * smbd: panic on force-close share during offload write; (bso#14769). * Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731). * smbd: "deadtime" parameter doesn't work anymore;(bso#14783). * net conf list crashes when run as normal user;(bso#14787). * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607). * Start the SMB encryption as soon as possible;(bso#14793). * Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792). - Fix 'net rpc' authentication when using the machine account; (bsc#1189017); (bso#14796); - Fix dependency problem upgrading from libndr0 to libndr1; (bsc#1189875); - Fix dependency problem upgrading from libsmbldap0 to libsmbldap2; (bsc#1189875); - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay; (bsc#1188727); - Add Certificate Auto Enrollment Policy; (jsc#SLE-18456). - Update to 4.13.10 * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708); * Take a copy to make sure we don't reference free'd memory; (bso#14721); * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722); * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path; (bso#14736); * samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID; (bso#14575); * smbd: Correctly initialize close timestamp fields; (bso#14714); * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740); * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475); * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750); * smbXsrv_{open,session,tcon}: Protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752); * samba-tool domain backup offline doesn't work against bind DLZ backend; (bso#14027); * netcmd: Use next_free_rid() function to calculate a SID for restoring a backup; (bso#14669); - Update to 4.13.9 * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696); * Add documentation for dsdb_group_audit and dsdb_group_json_audit to "log level", synchronise "log level" in smb.conf with the code; (bso#14689); * Fix smbd panic when two clients open same file; (bso#14672); * Fix memory leak in the RPC server; (bso#14675); * s3: smbd: Fix deferred renames; (bso#14679); * s3-iremotewinspool: Set the per-request memory context; (bso#14675); * rpc_server3: Fix a memleak for internal pipes; (bso#14675); * third_party: Update socket_wrapper to version 1.3.2; (bso#11899); * third_party: Update socket_wrapper to version 1.3.3; (bso#14639); * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict; (bso#14663); * Fix the build on OmniOS; (bso#14288); - Update to 4.13.8 * CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571 - Update to 4.13.7 * Release with dependency on ldb version 2.2.1. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-361=1 Package List: - SUSE Enterprise Storage 7 (aarch64 x86_64): ctdb-4.13.13+git.545.5897c2d94f3-3.12.1 ctdb-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 ldb-debugsource-2.2.2-4.6.1 libdcerpc-binding0-4.13.13+git.545.5897c2d94f3-3.12.1 libdcerpc-binding0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libdcerpc0-4.13.13+git.545.5897c2d94f3-3.12.1 libdcerpc0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libldb2-2.2.2-4.6.1 libldb2-debuginfo-2.2.2-4.6.1 libndr-krb5pac0-4.13.13+git.545.5897c2d94f3-3.12.1 libndr-krb5pac0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libndr-nbt0-4.13.13+git.545.5897c2d94f3-3.12.1 libndr-nbt0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libndr-standard0-4.13.13+git.545.5897c2d94f3-3.12.1 libndr-standard0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libndr1-4.13.13+git.545.5897c2d94f3-3.12.1 libndr1-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libnetapi0-4.13.13+git.545.5897c2d94f3-3.12.1 libnetapi0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-credentials0-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-credentials0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-errors0-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-errors0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-hostconfig0-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-hostconfig0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-passdb0-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-passdb0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-util0-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-util0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsamdb0-4.13.13+git.545.5897c2d94f3-3.12.1 libsamdb0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsmbclient0-4.13.13+git.545.5897c2d94f3-3.12.1 libsmbclient0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsmbconf0-4.13.13+git.545.5897c2d94f3-3.12.1 libsmbconf0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsmbldap2-4.13.13+git.545.5897c2d94f3-3.12.1 libsmbldap2-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libtevent-util0-4.13.13+git.545.5897c2d94f3-3.12.1 libtevent-util0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libwbclient0-4.13.13+git.545.5897c2d94f3-3.12.1 libwbclient0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 python3-ldb-2.2.2-4.6.1 python3-ldb-debuginfo-2.2.2-4.6.1 samba-4.13.13+git.545.5897c2d94f3-3.12.1 samba-ceph-4.13.13+git.545.5897c2d94f3-3.12.1 samba-ceph-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 samba-client-4.13.13+git.545.5897c2d94f3-3.12.1 samba-client-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 samba-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 samba-debugsource-4.13.13+git.545.5897c2d94f3-3.12.1 samba-libs-4.13.13+git.545.5897c2d94f3-3.12.1 samba-libs-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 samba-libs-python3-4.13.13+git.545.5897c2d94f3-3.12.1 samba-libs-python3-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 samba-winbind-4.13.13+git.545.5897c2d94f3-3.12.1 samba-winbind-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 References: https://www.suse.com/security/cve/CVE-2016-2124.html https://www.suse.com/security/cve/CVE-2020-17049.html https://www.suse.com/security/cve/CVE-2020-25717.html https://www.suse.com/security/cve/CVE-2020-25718.html https://www.suse.com/security/cve/CVE-2020-25719.html https://www.suse.com/security/cve/CVE-2020-25721.html https://www.suse.com/security/cve/CVE-2020-25722.html https://www.suse.com/security/cve/CVE-2021-20254.html https://www.suse.com/security/cve/CVE-2021-23192.html https://www.suse.com/security/cve/CVE-2021-3738.html https://www.suse.com/security/cve/CVE-2021-44142.html https://bugzilla.suse.com/1014440 https://bugzilla.suse.com/1188727 https://bugzilla.suse.com/1189017 https://bugzilla.suse.com/1189875 https://bugzilla.suse.com/1192214 https://bugzilla.suse.com/1192215 https://bugzilla.suse.com/1192246 https://bugzilla.suse.com/1192247 https://bugzilla.suse.com/1192283 https://bugzilla.suse.com/1192284 https://bugzilla.suse.com/1192505 https://bugzilla.suse.com/1192849 https://bugzilla.suse.com/1194859 From sle-updates at lists.suse.com Thu Feb 10 20:26:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 21:26:57 +0100 (CET) Subject: SUSE-SU-2022:0362-1: important: Security update for the Linux Kernel Message-ID: <20220210202657.03F88F355@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0362-1 Rating: important References: #1012382 #1179960 #1183696 #1186207 #1192032 #1192267 #1192847 #1192877 #1192946 #1193157 #1193440 #1193442 #1193507 #1193575 #1193669 #1193727 #1193861 #1193864 #1193867 #1194001 #1194087 #1194094 #1194272 #1194302 #1194516 #1194529 #1194880 Cross-References: CVE-2018-25020 CVE-2019-0136 CVE-2020-35519 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28715 CVE-2021-33098 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4002 CVE-2021-4083 CVE-2021-4149 CVE-2021-4155 CVE-2021-4197 CVE-2021-4202 CVE-2021-43976 CVE-2021-45095 CVE-2021-45485 CVE-2021-45486 CVE-2022-0330 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-0136 (NVD) : 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2019-0136 (SUSE): 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2020-35519 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28711 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28712 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28713 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28715 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4149 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4155 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-45485 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Performance Computing 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that solves 23 vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). - CVE-2019-0136: Fixed insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver that may have allowed an unauthenticated user to potentially enable denial of service via adjacent access (bnc#1193157). - CVE-2020-35519: Fixed out-of-bounds memory access in x25_bind in net/x25/af_x25.c. A bounds check failure allowed a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information (bnc#1183696). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-33098: Fixed improper input validation in the Intel(R) Ethernet ixgbe driver that may have allowed an authenticated user to potentially cause denial of service via local access (bnc#1192877). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-4002: Fixed incorrect TLBs flush in hugetlbfs after huge_pmd_unshare (bsc#1192946). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4155: Fixed XFS map issue when unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (bsc#1194272). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-43976: Fixed insufficient access control in drivers/net/wireless/marvell/mwifiex/usb.c that allowed an attacker who connect a crafted USB device to cause denial of service (bnc#1192847). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-45485: Fixed information leak in the IPv6 implementation in net/ipv6/output_core.c (bnc#1194094). - CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - fget: clarify and improve __fget_files() implementation (bsc#1193727). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (bsc#1193507). - hv_netvsc: Set needed_headroom according to VF (bsc#1193507). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - memstick: rtsx_usb_ms: fix UAF - moxart: fix potential use-after-free on remove path (bsc1194516). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net: mana: Add RX fencing (bsc#1193507). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193507). - net: mana: Fix spelling mistake "calledd" -> "called" (bsc#1193507). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193507). - net: mana: Improve the HWC error handling (bsc#1193507). - net: mana: Support hibernation and kexec (bsc#1193507). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193507). - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - xen-netfront: do not assume sk_buff_head list is empty in error handling (git-fixes). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not bug in case of too many frags (bnc#1012382). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-362=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-362=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-362=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-362=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-362=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2022-362=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-362=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): kernel-devel-4.4.180-94.153.1 kernel-macros-4.4.180-94.153.1 kernel-source-4.4.180-94.153.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): kernel-default-4.4.180-94.153.1 kernel-default-base-4.4.180-94.153.1 kernel-default-base-debuginfo-4.4.180-94.153.1 kernel-default-debuginfo-4.4.180-94.153.1 kernel-default-debugsource-4.4.180-94.153.1 kernel-default-devel-4.4.180-94.153.1 kernel-default-kgraft-4.4.180-94.153.1 kernel-syms-4.4.180-94.153.1 kgraft-patch-4_4_180-94_153-default-1-4.3.1 kgraft-patch-4_4_180-94_153-default-debuginfo-1-4.3.1 - SUSE OpenStack Cloud 8 (x86_64): kernel-default-4.4.180-94.153.1 kernel-default-base-4.4.180-94.153.1 kernel-default-base-debuginfo-4.4.180-94.153.1 kernel-default-debuginfo-4.4.180-94.153.1 kernel-default-debugsource-4.4.180-94.153.1 kernel-default-devel-4.4.180-94.153.1 kernel-default-kgraft-4.4.180-94.153.1 kernel-syms-4.4.180-94.153.1 kgraft-patch-4_4_180-94_153-default-1-4.3.1 kgraft-patch-4_4_180-94_153-default-debuginfo-1-4.3.1 - SUSE OpenStack Cloud 8 (noarch): kernel-devel-4.4.180-94.153.1 kernel-macros-4.4.180-94.153.1 kernel-source-4.4.180-94.153.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kernel-default-4.4.180-94.153.1 kernel-default-base-4.4.180-94.153.1 kernel-default-base-debuginfo-4.4.180-94.153.1 kernel-default-debuginfo-4.4.180-94.153.1 kernel-default-debugsource-4.4.180-94.153.1 kernel-default-devel-4.4.180-94.153.1 kernel-default-kgraft-4.4.180-94.153.1 kernel-syms-4.4.180-94.153.1 kgraft-patch-4_4_180-94_153-default-1-4.3.1 kgraft-patch-4_4_180-94_153-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kernel-devel-4.4.180-94.153.1 kernel-macros-4.4.180-94.153.1 kernel-source-4.4.180-94.153.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.4.180-94.153.1 kernel-default-base-4.4.180-94.153.1 kernel-default-base-debuginfo-4.4.180-94.153.1 kernel-default-debuginfo-4.4.180-94.153.1 kernel-default-debugsource-4.4.180-94.153.1 kernel-default-devel-4.4.180-94.153.1 kernel-syms-4.4.180-94.153.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kernel-default-kgraft-4.4.180-94.153.1 kgraft-patch-4_4_180-94_153-default-1-4.3.1 kgraft-patch-4_4_180-94_153-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kernel-devel-4.4.180-94.153.1 kernel-macros-4.4.180-94.153.1 kernel-source-4.4.180-94.153.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): kernel-default-man-4.4.180-94.153.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.153.1 kernel-default-base-4.4.180-94.153.1 kernel-default-base-debuginfo-4.4.180-94.153.1 kernel-default-debuginfo-4.4.180-94.153.1 kernel-default-debugsource-4.4.180-94.153.1 kernel-default-devel-4.4.180-94.153.1 kernel-syms-4.4.180-94.153.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.153.1 kernel-macros-4.4.180-94.153.1 kernel-source-4.4.180-94.153.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.153.1 cluster-md-kmp-default-debuginfo-4.4.180-94.153.1 dlm-kmp-default-4.4.180-94.153.1 dlm-kmp-default-debuginfo-4.4.180-94.153.1 gfs2-kmp-default-4.4.180-94.153.1 gfs2-kmp-default-debuginfo-4.4.180-94.153.1 kernel-default-debuginfo-4.4.180-94.153.1 kernel-default-debugsource-4.4.180-94.153.1 ocfs2-kmp-default-4.4.180-94.153.1 ocfs2-kmp-default-debuginfo-4.4.180-94.153.1 - HPE Helion Openstack 8 (noarch): kernel-devel-4.4.180-94.153.1 kernel-macros-4.4.180-94.153.1 kernel-source-4.4.180-94.153.1 - HPE Helion Openstack 8 (x86_64): kernel-default-4.4.180-94.153.1 kernel-default-base-4.4.180-94.153.1 kernel-default-base-debuginfo-4.4.180-94.153.1 kernel-default-debuginfo-4.4.180-94.153.1 kernel-default-debugsource-4.4.180-94.153.1 kernel-default-devel-4.4.180-94.153.1 kernel-default-kgraft-4.4.180-94.153.1 kernel-syms-4.4.180-94.153.1 kgraft-patch-4_4_180-94_153-default-1-4.3.1 kgraft-patch-4_4_180-94_153-default-debuginfo-1-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2019-0136.html https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2021-0935.html https://www.suse.com/security/cve/CVE-2021-28711.html https://www.suse.com/security/cve/CVE-2021-28712.html https://www.suse.com/security/cve/CVE-2021-28713.html https://www.suse.com/security/cve/CVE-2021-28715.html https://www.suse.com/security/cve/CVE-2021-33098.html https://www.suse.com/security/cve/CVE-2021-3564.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-4002.html https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4149.html https://www.suse.com/security/cve/CVE-2021-4155.html https://www.suse.com/security/cve/CVE-2021-4197.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2021-43976.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2021-45485.html https://www.suse.com/security/cve/CVE-2021-45486.html https://www.suse.com/security/cve/CVE-2022-0330.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1186207 https://bugzilla.suse.com/1192032 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192847 https://bugzilla.suse.com/1192877 https://bugzilla.suse.com/1192946 https://bugzilla.suse.com/1193157 https://bugzilla.suse.com/1193440 https://bugzilla.suse.com/1193442 https://bugzilla.suse.com/1193507 https://bugzilla.suse.com/1193575 https://bugzilla.suse.com/1193669 https://bugzilla.suse.com/1193727 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194001 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194094 https://bugzilla.suse.com/1194272 https://bugzilla.suse.com/1194302 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194529 https://bugzilla.suse.com/1194880 From sle-updates at lists.suse.com Thu Feb 10 20:30:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 21:30:20 +0100 (CET) Subject: SUSE-SU-2022:0365-1: critical: Security update for the Linux Kernel Message-ID: <20220210203020.B8083F355@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0365-1 Rating: critical References: #1177599 #1183405 #1185377 #1188605 #1193096 #1193506 #1193861 #1193864 #1193867 #1194048 #1194227 #1194880 #1195009 #1195065 #1195184 #1195254 Cross-References: CVE-2021-22600 CVE-2021-39648 CVE-2021-39657 CVE-2021-45095 CVE-2022-0330 CVE-2022-0435 CVE-2022-22942 CVSS scores: CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 9 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-365=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-365=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-365=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-365=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-365=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-365=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-365=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-365=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-365=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-365=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-365=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-365=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-365=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): kernel-default-5.3.18-24.102.1 kernel-default-base-5.3.18-24.102.1.9.48.1 kernel-default-debuginfo-5.3.18-24.102.1 kernel-default-debugsource-5.3.18-24.102.1 kernel-default-devel-5.3.18-24.102.1 kernel-default-devel-debuginfo-5.3.18-24.102.1 kernel-obs-build-5.3.18-24.102.1 kernel-obs-build-debugsource-5.3.18-24.102.1 kernel-syms-5.3.18-24.102.1 reiserfs-kmp-default-5.3.18-24.102.1 reiserfs-kmp-default-debuginfo-5.3.18-24.102.1 - SUSE Manager Server 4.1 (x86_64): kernel-preempt-5.3.18-24.102.1 kernel-preempt-debuginfo-5.3.18-24.102.1 kernel-preempt-debugsource-5.3.18-24.102.1 kernel-preempt-devel-5.3.18-24.102.1 kernel-preempt-devel-debuginfo-5.3.18-24.102.1 - SUSE Manager Server 4.1 (noarch): kernel-devel-5.3.18-24.102.1 kernel-docs-5.3.18-24.102.1 kernel-macros-5.3.18-24.102.1 kernel-source-5.3.18-24.102.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): kernel-default-5.3.18-24.102.1 kernel-default-base-5.3.18-24.102.1.9.48.1 kernel-default-debuginfo-5.3.18-24.102.1 kernel-default-debugsource-5.3.18-24.102.1 kernel-default-devel-5.3.18-24.102.1 kernel-default-devel-debuginfo-5.3.18-24.102.1 kernel-obs-build-5.3.18-24.102.1 kernel-obs-build-debugsource-5.3.18-24.102.1 kernel-preempt-5.3.18-24.102.1 kernel-preempt-debuginfo-5.3.18-24.102.1 kernel-preempt-debugsource-5.3.18-24.102.1 kernel-preempt-devel-5.3.18-24.102.1 kernel-preempt-devel-debuginfo-5.3.18-24.102.1 kernel-syms-5.3.18-24.102.1 reiserfs-kmp-default-5.3.18-24.102.1 reiserfs-kmp-default-debuginfo-5.3.18-24.102.1 - SUSE Manager Retail Branch Server 4.1 (noarch): kernel-devel-5.3.18-24.102.1 kernel-docs-5.3.18-24.102.1 kernel-macros-5.3.18-24.102.1 kernel-source-5.3.18-24.102.1 - SUSE Manager Proxy 4.1 (noarch): kernel-devel-5.3.18-24.102.1 kernel-docs-5.3.18-24.102.1 kernel-macros-5.3.18-24.102.1 kernel-source-5.3.18-24.102.1 - SUSE Manager Proxy 4.1 (x86_64): kernel-default-5.3.18-24.102.1 kernel-default-base-5.3.18-24.102.1.9.48.1 kernel-default-debuginfo-5.3.18-24.102.1 kernel-default-debugsource-5.3.18-24.102.1 kernel-default-devel-5.3.18-24.102.1 kernel-default-devel-debuginfo-5.3.18-24.102.1 kernel-obs-build-5.3.18-24.102.1 kernel-obs-build-debugsource-5.3.18-24.102.1 kernel-preempt-5.3.18-24.102.1 kernel-preempt-debuginfo-5.3.18-24.102.1 kernel-preempt-debugsource-5.3.18-24.102.1 kernel-preempt-devel-5.3.18-24.102.1 kernel-preempt-devel-debuginfo-5.3.18-24.102.1 kernel-syms-5.3.18-24.102.1 reiserfs-kmp-default-5.3.18-24.102.1 reiserfs-kmp-default-debuginfo-5.3.18-24.102.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): kernel-default-5.3.18-24.102.1 kernel-default-base-5.3.18-24.102.1.9.48.1 kernel-default-debuginfo-5.3.18-24.102.1 kernel-default-debugsource-5.3.18-24.102.1 kernel-default-devel-5.3.18-24.102.1 kernel-default-devel-debuginfo-5.3.18-24.102.1 kernel-obs-build-5.3.18-24.102.1 kernel-obs-build-debugsource-5.3.18-24.102.1 kernel-syms-5.3.18-24.102.1 reiserfs-kmp-default-5.3.18-24.102.1 reiserfs-kmp-default-debuginfo-5.3.18-24.102.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): kernel-preempt-5.3.18-24.102.1 kernel-preempt-debuginfo-5.3.18-24.102.1 kernel-preempt-debugsource-5.3.18-24.102.1 kernel-preempt-devel-5.3.18-24.102.1 kernel-preempt-devel-debuginfo-5.3.18-24.102.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): kernel-devel-5.3.18-24.102.1 kernel-docs-5.3.18-24.102.1 kernel-macros-5.3.18-24.102.1 kernel-source-5.3.18-24.102.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.102.1 kernel-default-base-5.3.18-24.102.1.9.48.1 kernel-default-debuginfo-5.3.18-24.102.1 kernel-default-debugsource-5.3.18-24.102.1 kernel-default-devel-5.3.18-24.102.1 kernel-default-devel-debuginfo-5.3.18-24.102.1 kernel-obs-build-5.3.18-24.102.1 kernel-obs-build-debugsource-5.3.18-24.102.1 kernel-syms-5.3.18-24.102.1 reiserfs-kmp-default-5.3.18-24.102.1 reiserfs-kmp-default-debuginfo-5.3.18-24.102.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-24.102.1 kernel-preempt-debuginfo-5.3.18-24.102.1 kernel-preempt-debugsource-5.3.18-24.102.1 kernel-preempt-devel-5.3.18-24.102.1 kernel-preempt-devel-debuginfo-5.3.18-24.102.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): kernel-devel-5.3.18-24.102.1 kernel-docs-5.3.18-24.102.1 kernel-macros-5.3.18-24.102.1 kernel-source-5.3.18-24.102.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): kernel-devel-5.3.18-24.102.1 kernel-docs-5.3.18-24.102.1 kernel-macros-5.3.18-24.102.1 kernel-source-5.3.18-24.102.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): kernel-default-5.3.18-24.102.1 kernel-default-base-5.3.18-24.102.1.9.48.1 kernel-default-debuginfo-5.3.18-24.102.1 kernel-default-debugsource-5.3.18-24.102.1 kernel-default-devel-5.3.18-24.102.1 kernel-default-devel-debuginfo-5.3.18-24.102.1 kernel-obs-build-5.3.18-24.102.1 kernel-obs-build-debugsource-5.3.18-24.102.1 kernel-preempt-5.3.18-24.102.1 kernel-preempt-debuginfo-5.3.18-24.102.1 kernel-preempt-debugsource-5.3.18-24.102.1 kernel-preempt-devel-5.3.18-24.102.1 kernel-preempt-devel-debuginfo-5.3.18-24.102.1 kernel-syms-5.3.18-24.102.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): kernel-default-5.3.18-24.102.1 kernel-default-base-5.3.18-24.102.1.9.48.1 kernel-default-debuginfo-5.3.18-24.102.1 kernel-default-debugsource-5.3.18-24.102.1 kernel-default-devel-5.3.18-24.102.1 kernel-default-devel-debuginfo-5.3.18-24.102.1 kernel-obs-build-5.3.18-24.102.1 kernel-obs-build-debugsource-5.3.18-24.102.1 kernel-preempt-5.3.18-24.102.1 kernel-preempt-debuginfo-5.3.18-24.102.1 kernel-preempt-debugsource-5.3.18-24.102.1 kernel-preempt-devel-5.3.18-24.102.1 kernel-preempt-devel-debuginfo-5.3.18-24.102.1 kernel-syms-5.3.18-24.102.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): kernel-devel-5.3.18-24.102.1 kernel-docs-5.3.18-24.102.1 kernel-macros-5.3.18-24.102.1 kernel-source-5.3.18-24.102.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.102.1 kernel-default-debugsource-5.3.18-24.102.1 kernel-default-livepatch-5.3.18-24.102.1 kernel-default-livepatch-devel-5.3.18-24.102.1 kernel-livepatch-5_3_18-24_102-default-1-5.3.1 kernel-livepatch-5_3_18-24_102-default-debuginfo-1-5.3.1 kernel-livepatch-SLE15-SP2_Update_24-debugsource-1-5.3.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): kernel-default-5.3.18-24.102.1 kernel-default-base-5.3.18-24.102.1.9.48.1 kernel-default-debuginfo-5.3.18-24.102.1 kernel-default-debugsource-5.3.18-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): kernel-default-5.3.18-24.102.1 kernel-default-base-5.3.18-24.102.1.9.48.1 kernel-default-debuginfo-5.3.18-24.102.1 kernel-default-debugsource-5.3.18-24.102.1 kernel-default-devel-5.3.18-24.102.1 kernel-default-devel-debuginfo-5.3.18-24.102.1 kernel-obs-build-5.3.18-24.102.1 kernel-obs-build-debugsource-5.3.18-24.102.1 kernel-preempt-5.3.18-24.102.1 kernel-preempt-debuginfo-5.3.18-24.102.1 kernel-preempt-debugsource-5.3.18-24.102.1 kernel-preempt-devel-5.3.18-24.102.1 kernel-preempt-devel-debuginfo-5.3.18-24.102.1 kernel-syms-5.3.18-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): kernel-devel-5.3.18-24.102.1 kernel-docs-5.3.18-24.102.1 kernel-macros-5.3.18-24.102.1 kernel-source-5.3.18-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): kernel-default-5.3.18-24.102.1 kernel-default-base-5.3.18-24.102.1.9.48.1 kernel-default-debuginfo-5.3.18-24.102.1 kernel-default-debugsource-5.3.18-24.102.1 kernel-default-devel-5.3.18-24.102.1 kernel-default-devel-debuginfo-5.3.18-24.102.1 kernel-obs-build-5.3.18-24.102.1 kernel-obs-build-debugsource-5.3.18-24.102.1 kernel-preempt-5.3.18-24.102.1 kernel-preempt-debuginfo-5.3.18-24.102.1 kernel-preempt-debugsource-5.3.18-24.102.1 kernel-preempt-devel-5.3.18-24.102.1 kernel-preempt-devel-debuginfo-5.3.18-24.102.1 kernel-syms-5.3.18-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): kernel-devel-5.3.18-24.102.1 kernel-docs-5.3.18-24.102.1 kernel-macros-5.3.18-24.102.1 kernel-source-5.3.18-24.102.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.102.1 cluster-md-kmp-default-debuginfo-5.3.18-24.102.1 dlm-kmp-default-5.3.18-24.102.1 dlm-kmp-default-debuginfo-5.3.18-24.102.1 gfs2-kmp-default-5.3.18-24.102.1 gfs2-kmp-default-debuginfo-5.3.18-24.102.1 kernel-default-debuginfo-5.3.18-24.102.1 kernel-default-debugsource-5.3.18-24.102.1 ocfs2-kmp-default-5.3.18-24.102.1 ocfs2-kmp-default-debuginfo-5.3.18-24.102.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): kernel-default-5.3.18-24.102.1 kernel-default-base-5.3.18-24.102.1.9.48.1 kernel-default-debuginfo-5.3.18-24.102.1 kernel-default-debugsource-5.3.18-24.102.1 kernel-default-devel-5.3.18-24.102.1 kernel-default-devel-debuginfo-5.3.18-24.102.1 kernel-obs-build-5.3.18-24.102.1 kernel-obs-build-debugsource-5.3.18-24.102.1 kernel-preempt-5.3.18-24.102.1 kernel-preempt-debuginfo-5.3.18-24.102.1 kernel-preempt-debugsource-5.3.18-24.102.1 kernel-preempt-devel-5.3.18-24.102.1 kernel-preempt-devel-debuginfo-5.3.18-24.102.1 kernel-syms-5.3.18-24.102.1 reiserfs-kmp-default-5.3.18-24.102.1 reiserfs-kmp-default-debuginfo-5.3.18-24.102.1 - SUSE Enterprise Storage 7 (noarch): kernel-devel-5.3.18-24.102.1 kernel-docs-5.3.18-24.102.1 kernel-macros-5.3.18-24.102.1 kernel-source-5.3.18-24.102.1 References: https://www.suse.com/security/cve/CVE-2021-22600.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-0435.html https://www.suse.com/security/cve/CVE-2022-22942.html https://bugzilla.suse.com/1177599 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193506 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1195009 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195184 https://bugzilla.suse.com/1195254 From sle-updates at lists.suse.com Thu Feb 10 20:32:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 21:32:44 +0100 (CET) Subject: SUSE-SU-2022:0363-1: critical: Security update for the Linux Kernel Message-ID: <20220210203244.3BBCCF355@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0363-1 Rating: critical References: #1154353 #1154488 #1160634 #1176447 #1177599 #1183405 #1185377 #1187428 #1187723 #1188605 #1191881 #1193096 #1193506 #1193767 #1193802 #1193861 #1193864 #1193867 #1194048 #1194227 #1194291 #1194880 #1195009 #1195062 #1195065 #1195073 #1195183 #1195184 #1195254 #1195267 #1195293 #1195371 Cross-References: CVE-2020-28097 CVE-2021-22600 CVE-2021-39648 CVE-2021-39657 CVE-2021-39685 CVE-2021-4159 CVE-2021-44733 CVE-2021-45095 CVE-2022-0286 CVE-2022-0330 CVE-2022-0435 CVE-2022-22942 CVSS scores: CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-39685 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0286 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0286 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 20 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). The following security references were added to already fixed issues: - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad "Not Charging" quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upper limit of processed events (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fix potential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-363=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.40.4 kernel-source-azure-5.3.18-150300.38.40.4 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.40.4 kernel-azure-debuginfo-5.3.18-150300.38.40.4 kernel-azure-debugsource-5.3.18-150300.38.40.4 kernel-azure-devel-5.3.18-150300.38.40.4 kernel-azure-devel-debuginfo-5.3.18-150300.38.40.4 kernel-syms-azure-5.3.18-150300.38.40.1 References: https://www.suse.com/security/cve/CVE-2020-28097.html https://www.suse.com/security/cve/CVE-2021-22600.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-39685.html https://www.suse.com/security/cve/CVE-2021-4159.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2022-0286.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-0435.html https://www.suse.com/security/cve/CVE-2022-22942.html https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154488 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1177599 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1187723 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1191881 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193506 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193802 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194291 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1195009 https://bugzilla.suse.com/1195062 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195073 https://bugzilla.suse.com/1195183 https://bugzilla.suse.com/1195184 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195267 https://bugzilla.suse.com/1195293 https://bugzilla.suse.com/1195371 From sle-updates at lists.suse.com Thu Feb 10 20:36:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 21:36:22 +0100 (CET) Subject: SUSE-SU-2022:0367-1: critical: Security update for the Linux Kernel Message-ID: <20220210203622.DA76EF355@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0367-1 Rating: critical References: #1071995 #1124431 #1167162 #1169514 #1172073 #1179599 #1184804 #1185377 #1186207 #1186222 #1187167 #1189305 #1189841 #1190358 #1190428 #1191229 #1191241 #1191384 #1191731 #1192032 #1192267 #1192740 #1192845 #1192847 #1192877 #1192946 #1193306 #1193440 #1193442 #1193506 #1193575 #1193669 #1193727 #1193731 #1193767 #1193861 #1193864 #1193867 #1194001 #1194048 #1194087 #1194227 #1194302 #1194516 #1194529 #1194880 #1194888 #1194985 #1195166 #1195254 Cross-References: CVE-2018-25020 CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4002 CVE-2021-4083 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45486 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-15126 (NVD) : 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-15126 (SUSE): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28711 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28712 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28713 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28714 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28714 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28715 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4149 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-0322 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that solves 27 vulnerabilities and has 23 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c (bnc#1194087). - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1193731). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28714: Fixed issue with xen/netback to handle rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device (bsc#1179599). - CVE-2021-4002: Fixed incorrect TLBs flush in hugetlbfs after huge_pmd_unshare (bsc#1192946). - CVE-2021-43975: hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allowed an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value (bnc#1192845). - CVE-2021-33098: Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1192877). - CVE-2021-43976: mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allowed an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic) (bnc#1192847). - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka "Kr00k" (bsc#1167162). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241 bsc#1195166). - elfcore: fix building with clang (bsc#1169514). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (bsc#1193506). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241 bsc#1195166). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec.in: add zstd to BuildRequires if used - kernel-binary.spec.in: make sure zstd is supported by kmod if used - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is enabled (jsc#SLE-17288). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net: Using proper atomic helper (bsc#1186222). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241 bsc#1195166). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193506). - net: mana: Fix spelling mistake "calledd" -> "called" (bsc#1193506). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193506). - net: mana: Improve the HWC error handling (bsc#1193506). - net: mana: Support hibernation and kexec (bsc#1193506). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193506). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-<version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm: fix kmp install path - rpm: fixup support gz and zst compression methods (bsc#1190428, bsc#1190358). - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-367=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-367=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-367=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-367=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-367=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-367=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150.83.1 kernel-default-base-4.12.14-150.83.1 kernel-default-debuginfo-4.12.14-150.83.1 kernel-default-debugsource-4.12.14-150.83.1 kernel-default-devel-4.12.14-150.83.1 kernel-default-devel-debuginfo-4.12.14-150.83.1 kernel-obs-build-4.12.14-150.83.1 kernel-obs-build-debugsource-4.12.14-150.83.1 kernel-syms-4.12.14-150.83.1 kernel-vanilla-base-4.12.14-150.83.1 kernel-vanilla-base-debuginfo-4.12.14-150.83.1 kernel-vanilla-debuginfo-4.12.14-150.83.1 kernel-vanilla-debugsource-4.12.14-150.83.1 reiserfs-kmp-default-4.12.14-150.83.1 reiserfs-kmp-default-debuginfo-4.12.14-150.83.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150.83.1 kernel-docs-4.12.14-150.83.1 kernel-macros-4.12.14-150.83.1 kernel-source-4.12.14-150.83.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150.83.1 kernel-default-base-4.12.14-150.83.1 kernel-default-debuginfo-4.12.14-150.83.1 kernel-default-debugsource-4.12.14-150.83.1 kernel-default-devel-4.12.14-150.83.1 kernel-default-devel-debuginfo-4.12.14-150.83.1 kernel-obs-build-4.12.14-150.83.1 kernel-obs-build-debugsource-4.12.14-150.83.1 kernel-syms-4.12.14-150.83.1 kernel-vanilla-base-4.12.14-150.83.1 kernel-vanilla-base-debuginfo-4.12.14-150.83.1 kernel-vanilla-debuginfo-4.12.14-150.83.1 kernel-vanilla-debugsource-4.12.14-150.83.1 reiserfs-kmp-default-4.12.14-150.83.1 reiserfs-kmp-default-debuginfo-4.12.14-150.83.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150.83.1 kernel-docs-4.12.14-150.83.1 kernel-macros-4.12.14-150.83.1 kernel-source-4.12.14-150.83.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150.83.1 kernel-zfcpdump-debuginfo-4.12.14-150.83.1 kernel-zfcpdump-debugsource-4.12.14-150.83.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.83.1 kernel-default-debugsource-4.12.14-150.83.1 kernel-default-livepatch-4.12.14-150.83.1 kernel-livepatch-4_12_14-150_83-default-1-1.5.1 kernel-livepatch-4_12_14-150_83-default-debuginfo-1-1.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150.83.1 kernel-default-base-4.12.14-150.83.1 kernel-default-debuginfo-4.12.14-150.83.1 kernel-default-debugsource-4.12.14-150.83.1 kernel-default-devel-4.12.14-150.83.1 kernel-default-devel-debuginfo-4.12.14-150.83.1 kernel-obs-build-4.12.14-150.83.1 kernel-obs-build-debugsource-4.12.14-150.83.1 kernel-syms-4.12.14-150.83.1 kernel-vanilla-base-4.12.14-150.83.1 kernel-vanilla-base-debuginfo-4.12.14-150.83.1 kernel-vanilla-debuginfo-4.12.14-150.83.1 kernel-vanilla-debugsource-4.12.14-150.83.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150.83.1 kernel-docs-4.12.14-150.83.1 kernel-macros-4.12.14-150.83.1 kernel-source-4.12.14-150.83.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150.83.1 kernel-default-base-4.12.14-150.83.1 kernel-default-debuginfo-4.12.14-150.83.1 kernel-default-debugsource-4.12.14-150.83.1 kernel-default-devel-4.12.14-150.83.1 kernel-default-devel-debuginfo-4.12.14-150.83.1 kernel-obs-build-4.12.14-150.83.1 kernel-obs-build-debugsource-4.12.14-150.83.1 kernel-syms-4.12.14-150.83.1 kernel-vanilla-base-4.12.14-150.83.1 kernel-vanilla-base-debuginfo-4.12.14-150.83.1 kernel-vanilla-debuginfo-4.12.14-150.83.1 kernel-vanilla-debugsource-4.12.14-150.83.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150.83.1 kernel-docs-4.12.14-150.83.1 kernel-macros-4.12.14-150.83.1 kernel-source-4.12.14-150.83.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.83.1 cluster-md-kmp-default-debuginfo-4.12.14-150.83.1 dlm-kmp-default-4.12.14-150.83.1 dlm-kmp-default-debuginfo-4.12.14-150.83.1 gfs2-kmp-default-4.12.14-150.83.1 gfs2-kmp-default-debuginfo-4.12.14-150.83.1 kernel-default-debuginfo-4.12.14-150.83.1 kernel-default-debugsource-4.12.14-150.83.1 ocfs2-kmp-default-4.12.14-150.83.1 ocfs2-kmp-default-debuginfo-4.12.14-150.83.1 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2019-15126.html https://www.suse.com/security/cve/CVE-2020-27820.html https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2021-0935.html https://www.suse.com/security/cve/CVE-2021-28711.html https://www.suse.com/security/cve/CVE-2021-28712.html https://www.suse.com/security/cve/CVE-2021-28713.html https://www.suse.com/security/cve/CVE-2021-28714.html https://www.suse.com/security/cve/CVE-2021-28715.html https://www.suse.com/security/cve/CVE-2021-33098.html https://www.suse.com/security/cve/CVE-2021-3564.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-4002.html https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4149.html https://www.suse.com/security/cve/CVE-2021-4197.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2021-43975.html https://www.suse.com/security/cve/CVE-2021-43976.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2021-45486.html https://www.suse.com/security/cve/CVE-2022-0322.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-0435.html https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1124431 https://bugzilla.suse.com/1167162 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1179599 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1186207 https://bugzilla.suse.com/1186222 https://bugzilla.suse.com/1187167 https://bugzilla.suse.com/1189305 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1190358 https://bugzilla.suse.com/1190428 https://bugzilla.suse.com/1191229 https://bugzilla.suse.com/1191241 https://bugzilla.suse.com/1191384 https://bugzilla.suse.com/1191731 https://bugzilla.suse.com/1192032 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192740 https://bugzilla.suse.com/1192845 https://bugzilla.suse.com/1192847 https://bugzilla.suse.com/1192877 https://bugzilla.suse.com/1192946 https://bugzilla.suse.com/1193306 https://bugzilla.suse.com/1193440 https://bugzilla.suse.com/1193442 https://bugzilla.suse.com/1193506 https://bugzilla.suse.com/1193575 https://bugzilla.suse.com/1193669 https://bugzilla.suse.com/1193727 https://bugzilla.suse.com/1193731 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194001 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194302 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194529 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1194888 https://bugzilla.suse.com/1194985 https://bugzilla.suse.com/1195166 https://bugzilla.suse.com/1195254 From sle-updates at lists.suse.com Thu Feb 10 20:41:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 21:41:59 +0100 (CET) Subject: SUSE-SU-2022:0366-1: critical: Security update for the Linux Kernel Message-ID: <20220210204159.B99F3F355@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0366-1 Rating: critical References: #1071995 #1124431 #1167162 #1169514 #1172073 #1179599 #1184804 #1185377 #1186207 #1186222 #1187167 #1189305 #1189841 #1190358 #1190428 #1191229 #1191241 #1191384 #1191731 #1192032 #1192267 #1192740 #1192845 #1192847 #1192877 #1192946 #1193306 #1193440 #1193442 #1193575 #1193669 #1193727 #1193731 #1193767 #1193861 #1193864 #1193867 #1193927 #1194001 #1194048 #1194087 #1194227 #1194302 #1194516 #1194529 #1194880 #1194888 #1194985 #1195166 #1195254 Cross-References: CVE-2018-25020 CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4002 CVE-2021-4083 CVE-2021-4135 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45486 CVE-2022-0322 CVE-2022-0330 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-15126 (NVD) : 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-15126 (SUSE): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28711 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28712 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28713 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28714 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28714 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28715 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4149 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-0322 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that solves 27 vulnerabilities and has 23 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c (bnc#1194087). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new map's value in function nsim_bpf_map_alloc (bsc#1193927). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4002: Fixed incorrect TLBs flush in hugetlbfs after huge_pmd_unshare (bsc#1192946). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-28714: Fixed issue with xen/netback to handle rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1193731). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device (bsc#1179599). - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka "Kr00k". (bsc#1167162) - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241 bsc#1195166). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - elfcore: fix building with clang (bsc#1169514). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241 bsc#1195166). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). - kernel-binary.spec.in: add zstd to BuildRequires if used - kernel-binary.spec.in: make sure zstd is supported by kmod if used - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is enabled (jsc#SLE-17288). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). The semantic changed in an incompatible way so invoking the macro now causes a build failure. - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: Using proper atomic helper (bsc#1186222). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193506). - net: mana: Fix spelling mistake "calledd" -> "called" (bsc#1193506). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193506). - net: mana: Improve the HWC error handling (bsc#1193506). - net: mana: Support hibernation and kexec (bsc#1193506). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193506). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306). - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305). - rpm/kernel-source.rpmlintrc: ignore new include/config files. - rpm/kernel-source.spec.in: do some more for vanilla_only. - rpm: Abolish image suffix (bsc#1189841). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. - rpm: Define $certs as rpm macro (bsc#1189841). - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value. - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-366=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-366=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-366=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-366=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-366=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-366=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-366=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-366=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-197.105.1 kernel-default-base-4.12.14-197.105.1 kernel-default-base-debuginfo-4.12.14-197.105.1 kernel-default-debuginfo-4.12.14-197.105.1 kernel-default-debugsource-4.12.14-197.105.1 kernel-default-devel-4.12.14-197.105.1 kernel-default-devel-debuginfo-4.12.14-197.105.1 kernel-obs-build-4.12.14-197.105.1 kernel-obs-build-debugsource-4.12.14-197.105.1 kernel-syms-4.12.14-197.105.1 reiserfs-kmp-default-4.12.14-197.105.1 reiserfs-kmp-default-debuginfo-4.12.14-197.105.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-197.105.1 kernel-docs-4.12.14-197.105.1 kernel-macros-4.12.14-197.105.1 kernel-source-4.12.14-197.105.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.105.1 kernel-default-base-4.12.14-197.105.1 kernel-default-base-debuginfo-4.12.14-197.105.1 kernel-default-debuginfo-4.12.14-197.105.1 kernel-default-debugsource-4.12.14-197.105.1 kernel-default-devel-4.12.14-197.105.1 kernel-default-devel-debuginfo-4.12.14-197.105.1 kernel-obs-build-4.12.14-197.105.1 kernel-obs-build-debugsource-4.12.14-197.105.1 kernel-syms-4.12.14-197.105.1 reiserfs-kmp-default-4.12.14-197.105.1 reiserfs-kmp-default-debuginfo-4.12.14-197.105.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.105.1 kernel-docs-4.12.14-197.105.1 kernel-macros-4.12.14-197.105.1 kernel-source-4.12.14-197.105.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-197.105.1 kernel-zfcpdump-debuginfo-4.12.14-197.105.1 kernel-zfcpdump-debugsource-4.12.14-197.105.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-197.105.1 kernel-default-base-4.12.14-197.105.1 kernel-default-base-debuginfo-4.12.14-197.105.1 kernel-default-debuginfo-4.12.14-197.105.1 kernel-default-debugsource-4.12.14-197.105.1 kernel-default-devel-4.12.14-197.105.1 kernel-default-devel-debuginfo-4.12.14-197.105.1 kernel-obs-build-4.12.14-197.105.1 kernel-obs-build-debugsource-4.12.14-197.105.1 kernel-syms-4.12.14-197.105.1 reiserfs-kmp-default-4.12.14-197.105.1 reiserfs-kmp-default-debuginfo-4.12.14-197.105.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-197.105.1 kernel-docs-4.12.14-197.105.1 kernel-macros-4.12.14-197.105.1 kernel-source-4.12.14-197.105.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.105.1 kernel-default-debugsource-4.12.14-197.105.1 kernel-default-livepatch-4.12.14-197.105.1 kernel-default-livepatch-devel-4.12.14-197.105.1 kernel-livepatch-4_12_14-197_105-default-1-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-197.105.1 kernel-default-base-4.12.14-197.105.1 kernel-default-base-debuginfo-4.12.14-197.105.1 kernel-default-debuginfo-4.12.14-197.105.1 kernel-default-debugsource-4.12.14-197.105.1 kernel-default-devel-4.12.14-197.105.1 kernel-default-devel-debuginfo-4.12.14-197.105.1 kernel-obs-build-4.12.14-197.105.1 kernel-obs-build-debugsource-4.12.14-197.105.1 kernel-syms-4.12.14-197.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.105.1 kernel-docs-4.12.14-197.105.1 kernel-macros-4.12.14-197.105.1 kernel-source-4.12.14-197.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-197.105.1 kernel-default-base-4.12.14-197.105.1 kernel-default-base-debuginfo-4.12.14-197.105.1 kernel-default-debuginfo-4.12.14-197.105.1 kernel-default-debugsource-4.12.14-197.105.1 kernel-default-devel-4.12.14-197.105.1 kernel-default-devel-debuginfo-4.12.14-197.105.1 kernel-obs-build-4.12.14-197.105.1 kernel-obs-build-debugsource-4.12.14-197.105.1 kernel-syms-4.12.14-197.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-197.105.1 kernel-docs-4.12.14-197.105.1 kernel-macros-4.12.14-197.105.1 kernel-source-4.12.14-197.105.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.105.1 cluster-md-kmp-default-debuginfo-4.12.14-197.105.1 dlm-kmp-default-4.12.14-197.105.1 dlm-kmp-default-debuginfo-4.12.14-197.105.1 gfs2-kmp-default-4.12.14-197.105.1 gfs2-kmp-default-debuginfo-4.12.14-197.105.1 kernel-default-debuginfo-4.12.14-197.105.1 kernel-default-debugsource-4.12.14-197.105.1 ocfs2-kmp-default-4.12.14-197.105.1 ocfs2-kmp-default-debuginfo-4.12.14-197.105.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-197.105.1 kernel-default-base-4.12.14-197.105.1 kernel-default-base-debuginfo-4.12.14-197.105.1 kernel-default-debuginfo-4.12.14-197.105.1 kernel-default-debugsource-4.12.14-197.105.1 kernel-default-devel-4.12.14-197.105.1 kernel-default-devel-debuginfo-4.12.14-197.105.1 kernel-obs-build-4.12.14-197.105.1 kernel-obs-build-debugsource-4.12.14-197.105.1 kernel-syms-4.12.14-197.105.1 reiserfs-kmp-default-4.12.14-197.105.1 reiserfs-kmp-default-debuginfo-4.12.14-197.105.1 - SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-197.105.1 kernel-docs-4.12.14-197.105.1 kernel-macros-4.12.14-197.105.1 kernel-source-4.12.14-197.105.1 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-197.105.1 kernel-default-base-4.12.14-197.105.1 kernel-default-base-debuginfo-4.12.14-197.105.1 kernel-default-debuginfo-4.12.14-197.105.1 kernel-default-debugsource-4.12.14-197.105.1 kernel-default-devel-4.12.14-197.105.1 kernel-default-devel-debuginfo-4.12.14-197.105.1 kernel-obs-build-4.12.14-197.105.1 kernel-obs-build-debugsource-4.12.14-197.105.1 kernel-syms-4.12.14-197.105.1 reiserfs-kmp-default-4.12.14-197.105.1 reiserfs-kmp-default-debuginfo-4.12.14-197.105.1 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-197.105.1 kernel-docs-4.12.14-197.105.1 kernel-macros-4.12.14-197.105.1 kernel-source-4.12.14-197.105.1 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2019-15126.html https://www.suse.com/security/cve/CVE-2020-27820.html https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2021-0935.html https://www.suse.com/security/cve/CVE-2021-28711.html https://www.suse.com/security/cve/CVE-2021-28712.html https://www.suse.com/security/cve/CVE-2021-28713.html https://www.suse.com/security/cve/CVE-2021-28714.html https://www.suse.com/security/cve/CVE-2021-28715.html https://www.suse.com/security/cve/CVE-2021-33098.html https://www.suse.com/security/cve/CVE-2021-3564.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-4002.html https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4135.html https://www.suse.com/security/cve/CVE-2021-4149.html https://www.suse.com/security/cve/CVE-2021-4197.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2021-43975.html https://www.suse.com/security/cve/CVE-2021-43976.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2021-45486.html https://www.suse.com/security/cve/CVE-2022-0322.html https://www.suse.com/security/cve/CVE-2022-0330.html https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1124431 https://bugzilla.suse.com/1167162 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1179599 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1186207 https://bugzilla.suse.com/1186222 https://bugzilla.suse.com/1187167 https://bugzilla.suse.com/1189305 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1190358 https://bugzilla.suse.com/1190428 https://bugzilla.suse.com/1191229 https://bugzilla.suse.com/1191241 https://bugzilla.suse.com/1191384 https://bugzilla.suse.com/1191731 https://bugzilla.suse.com/1192032 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192740 https://bugzilla.suse.com/1192845 https://bugzilla.suse.com/1192847 https://bugzilla.suse.com/1192877 https://bugzilla.suse.com/1192946 https://bugzilla.suse.com/1193306 https://bugzilla.suse.com/1193440 https://bugzilla.suse.com/1193442 https://bugzilla.suse.com/1193575 https://bugzilla.suse.com/1193669 https://bugzilla.suse.com/1193727 https://bugzilla.suse.com/1193731 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1193927 https://bugzilla.suse.com/1194001 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194302 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194529 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1194888 https://bugzilla.suse.com/1194985 https://bugzilla.suse.com/1195166 https://bugzilla.suse.com/1195254 From sle-updates at lists.suse.com Thu Feb 10 20:47:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Feb 2022 21:47:26 +0100 (CET) Subject: SUSE-SU-2022:0364-1: critical: Security update for the Linux Kernel Message-ID: <20220210204726.661C0F368@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0364-1 Rating: critical References: #1065729 #1071995 #1082555 #1163405 #1177599 #1183405 #1184209 #1186207 #1186222 #1187428 #1187723 #1188605 #1190973 #1192729 #1193096 #1193234 #1193235 #1193242 #1193507 #1193660 #1193669 #1193727 #1193767 #1193861 #1193864 #1193927 #1194001 #1194027 #1194227 #1194302 #1194410 #1194493 #1194516 #1194529 #1194814 #1194880 #1194888 #1194965 #1194985 #1195065 #1195073 #1195254 #1195272 Cross-References: CVE-2020-28097 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4083 CVE-2021-4135 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-44733 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 CVE-2022-22942 CVSS scores: CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4149 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2022-0322 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 29 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985). - CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new map's value in function nsim_bpf_map_alloc (bsc#1193927). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). The following non-security bugs were fixed: - KVM: remember position in kvm->vcpus array (bsc#1190973). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1190973). - SUNRPC: Add basic load balancing to the transport switch - kabi fix. (bnc#1192729). - SUNRPC: Add basic load balancing to the transport switch. (bnc#1192729) - SUNRPC: Fix initialisation of struct rpc_xprt_switch (bnc#1192729). - SUNRPC: Optimise transport balancing code (bnc#1192729). - SUNRPC: Replace division by multiplication in calculation of queue length (bnc#1192729). - SUNRPC: Skip zero-refcount transports (bnc#1192729). - USB: serial: option: add Telit FN990 compositions (git-fixes). - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195272). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - hv_netvsc: Set needed_headroom according to VF (bsc#1193507). - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190973). - kabi: mask new member "empty" of struct Qdisc (bsc#1183405). - kabi: revert drop of Qdisc::atomic_qlen (bsc#1183405). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - mm/hwpoison: do not lock page again when me_huge_page() successfully recovers (bsc#1194814). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193507). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193507). - net/sched: annotate lockless accesses to qdisc->empty (bsc#1183405). - net/sched: fix race between deactivation and dequeue for NOLOCK qdisc (bsc#1183405). - net/sched: pfifo_fast: fix wrong dereference in pfifo_fast_enqueue (bsc#1183405). - net/sched: pfifo_fast: fix wrong dereference when qdisc is reset (bsc#1183405). - net: Using proper atomic helper (bsc#1186222). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: caif: avoid using qdisc_qlen() (bsc#1183405). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: dev: introduce support for sch BYPASS for lockless qdisc (bsc#1183405). - net: mana: Add RX fencing (bsc#1193507). - net: mana: Add XDP support (bsc#1193507). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: Avoid using yield() in a busy waiting loop (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: add empty status flag for NOLOCK qdisc (bsc#1183405). - net: sched: always do stats accounting according to TCQ_F_CPUSTATS (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: prefer qdisc_is_empty() over direct qlen access (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sched: when clearing NOLOCK, clear TCQ_F_CPUSTATS, too (bsc#1183405). - net: tipc: validate domain record count on input (bsc#1195254). - net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nfs: do not dirty kernel pages read by direct-io (bsc#1194410). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: return BLK_STS_TRANSPORT unless DNR for NVME_SC_NS_NOT_READY (bsc#1163405). - of: Add cpu node iterator for_each_of_cpu_node() (bsc#1065729). - of: Add device_type access helper functions (bsc#1065729). - of: Fix cpu node iterator to not ignore disabled cpu nodes (bsc#1065729). - of: Fix property name in of_node_get_device_type (bsc#1065729). - of: add node name compare helper functions (bsc#1065729). - powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729). - powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729). - powerpc/pseries/cpuhp: cache node corrections (bsc#1065729). - powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729). - powerpc/pseries/mobility: ignore ibm, platform-facilities updates (bsc#1065729). - powerpc/traps: do not enable irqs in _exception (bsc#1065729). - powerpc: add interrupt_cond_local_irq_enable helper (bsc#1065729). - s390/cio: make ccw_device_dma_* more robust (bsc#1193242). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193234). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194965). - select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027). - tpm: Check for integer overflow in tpm2_map_response_body() (bsc#1082555). - tpm: add request_locality before write TPM_INT_ENABLE (bsc#1082555). - tpm: fix potential NULL pointer access in tpm_del_char_device (bsc#1184209 ltc#190917 git-fixes bsc#1193660 ltc#195634). - tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes). - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - usb: core: config: fix validation of wMaxPacketValue entries (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - virtio: write back F_VERSION_1 before validate (bsc#1193235). - x86/platform/uv: Add more to secondary CPU kdump info (bsc#1194493). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-364=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-364=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-364=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-364=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-364=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.110.1 kernel-default-debugsource-4.12.14-122.110.1 kernel-default-extra-4.12.14-122.110.1 kernel-default-extra-debuginfo-4.12.14-122.110.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.110.1 kernel-obs-build-debugsource-4.12.14-122.110.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.110.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.110.1 kernel-default-base-4.12.14-122.110.1 kernel-default-base-debuginfo-4.12.14-122.110.1 kernel-default-debuginfo-4.12.14-122.110.1 kernel-default-debugsource-4.12.14-122.110.1 kernel-default-devel-4.12.14-122.110.1 kernel-syms-4.12.14-122.110.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.110.1 kernel-macros-4.12.14-122.110.1 kernel-source-4.12.14-122.110.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.110.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.110.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.110.1 kernel-default-debugsource-4.12.14-122.110.1 kernel-default-kgraft-4.12.14-122.110.1 kernel-default-kgraft-devel-4.12.14-122.110.1 kgraft-patch-4_12_14-122_110-default-1-8.3.2 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.110.1 cluster-md-kmp-default-debuginfo-4.12.14-122.110.1 dlm-kmp-default-4.12.14-122.110.1 dlm-kmp-default-debuginfo-4.12.14-122.110.1 gfs2-kmp-default-4.12.14-122.110.1 gfs2-kmp-default-debuginfo-4.12.14-122.110.1 kernel-default-debuginfo-4.12.14-122.110.1 kernel-default-debugsource-4.12.14-122.110.1 ocfs2-kmp-default-4.12.14-122.110.1 ocfs2-kmp-default-debuginfo-4.12.14-122.110.1 References: https://www.suse.com/security/cve/CVE-2020-28097.html https://www.suse.com/security/cve/CVE-2021-3564.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4135.html https://www.suse.com/security/cve/CVE-2021-4149.html https://www.suse.com/security/cve/CVE-2021-4197.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2022-0322.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-0435.html https://www.suse.com/security/cve/CVE-2022-22942.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1163405 https://bugzilla.suse.com/1177599 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1184209 https://bugzilla.suse.com/1186207 https://bugzilla.suse.com/1186222 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1187723 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1190973 https://bugzilla.suse.com/1192729 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193234 https://bugzilla.suse.com/1193235 https://bugzilla.suse.com/1193242 https://bugzilla.suse.com/1193507 https://bugzilla.suse.com/1193660 https://bugzilla.suse.com/1193669 https://bugzilla.suse.com/1193727 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193927 https://bugzilla.suse.com/1194001 https://bugzilla.suse.com/1194027 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194302 https://bugzilla.suse.com/1194410 https://bugzilla.suse.com/1194493 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194529 https://bugzilla.suse.com/1194814 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1194888 https://bugzilla.suse.com/1194965 https://bugzilla.suse.com/1194985 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195073 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195272 From sle-updates at lists.suse.com Thu Feb 10 23:18:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Feb 2022 00:18:12 +0100 (CET) Subject: SUSE-RU-2022:0368-1: moderate: Recommended update for grub2 Message-ID: <20220210231812.09A5BF355@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0368-1 Rating: moderate References: #1187645 #1193532 Affected Products: SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix grub error 'not a Btrfs filesystem' on s390x (bsc#1187645) - Add support for simplefb (bsc#1193532) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-368=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-368=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): grub2-arm64-efi-2.04-9.55.2 grub2-i386-pc-2.04-9.55.2 grub2-snapper-plugin-2.04-9.55.2 grub2-systemd-sleep-plugin-2.04-9.55.2 grub2-x86_64-efi-2.04-9.55.2 grub2-x86_64-xen-2.04-9.55.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): grub2-2.04-9.55.2 grub2-debuginfo-2.04-9.55.2 grub2-debugsource-2.04-9.55.2 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): grub2-2.04-9.55.2 grub2-debuginfo-2.04-9.55.2 grub2-debugsource-2.04-9.55.2 - SUSE Linux Enterprise Micro 5.0 (noarch): grub2-arm64-efi-2.04-9.55.2 grub2-i386-pc-2.04-9.55.2 grub2-snapper-plugin-2.04-9.55.2 grub2-x86_64-efi-2.04-9.55.2 grub2-x86_64-xen-2.04-9.55.2 References: https://bugzilla.suse.com/1187645 https://bugzilla.suse.com/1193532 From sle-updates at lists.suse.com Fri Feb 11 08:17:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Feb 2022 09:17:48 +0100 (CET) Subject: SUSE-RU-2022:0369-1: moderate: Recommended update for suseconnect-ng Message-ID: <20220211081748.27EB7F355@maintenance.suse.de> SUSE Recommended Update: Recommended update for suseconnect-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0369-1 Rating: moderate References: #1161891 #1174657 #1195003 Affected Products: SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for suseconnect-ng fixes the following issues: Update to version 0.0.6: - Implement `zypper migration` plugin - Implement YaST integration but it is not not used in SUSE Linux Enterprise Micro - Added man pages - Added offline migrations support - Added API for package search - Added ARM cluster count to hwinfo test and adjusted the test - Added PowerPC ppc64le support to hwinfo test - Added SUSE Manager and Uyuni detection check - Added `--clean` as an alias for `--cleanup` (bsc#1195003) - Added `-l` as an alias for `--list-extensions` - Added `update-ca-certificates` command - Added `zypper search-packages` command line tool - Added flag to import product repo keys (bsc#1174657) - Added note in DIFFERENCES.md about abbreviated flags - Added option for quiet debug logger - Added output of executed commands to console - Added snapper support - Adjusted error logging in TLS test - Allow de-register/de-activate a single product - Allow non-root users to see commands usage help text - Allow usage of options `--instance-data` together with `--regcode` - Always show subscription information if available - Cleanup services during migration (bsc#1161891) - Disable reading UUID in hwinfo test - Fix SSLCertificate mixins - Fix logger crash and restore mixin - Fix sorting of products in 'status' - Get proxy credentials from curlrc - Improved SSL error handling - Improved debug logging - Removed dependency on systemd Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-369=1 Package List: - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): suseconnect-ng-0.0.6~git0.77933db-150300.3.5.1 References: https://bugzilla.suse.com/1161891 https://bugzilla.suse.com/1174657 https://bugzilla.suse.com/1195003 From sle-updates at lists.suse.com Fri Feb 11 11:19:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Feb 2022 12:19:05 +0100 (CET) Subject: SUSE-SU-2022:0370-1: critical: Security update for the Linux Kernel Message-ID: <20220211111905.6ECB2F368@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0370-1 Rating: critical References: #1154353 #1154488 #1156395 #1160634 #1176447 #1177599 #1183405 #1185377 #1187428 #1187723 #1188605 #1191881 #1193096 #1193506 #1193767 #1193802 #1193861 #1193864 #1193867 #1194048 #1194227 #1194291 #1194880 #1195009 #1195062 #1195065 #1195073 #1195183 #1195184 #1195254 #1195267 #1195293 #1195371 #1195476 #1195477 #1195478 #1195479 #1195480 #1195481 #1195482 Cross-References: CVE-2020-28097 CVE-2021-22600 CVE-2021-39648 CVE-2021-39657 CVE-2021-39685 CVE-2021-44733 CVE-2021-45095 CVE-2022-0286 CVE-2022-0330 CVE-2022-0435 CVE-2022-22942 CVSS scores: CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-39685 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0286 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0286 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 29 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad "Not Charging" quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upper limit of processed events (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Bluetooth: refactor malicious adv data check (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) - RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: refactor ns->ctrl by request (git-fixes). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fix potential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: Add support for Brainboxes UC cards (git-fixes). - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-370=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-370=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-370=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-370=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-370=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-370=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-370=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debugsource-5.3.18-150300.59.49.1 kernel-default-extra-5.3.18-150300.59.49.1 kernel-default-extra-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-debugsource-5.3.18-150300.59.49.1 kernel-preempt-extra-5.3.18-150300.59.49.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debugsource-5.3.18-150300.59.49.1 kernel-default-livepatch-5.3.18-150300.59.49.1 kernel-default-livepatch-devel-5.3.18-150300.59.49.1 kernel-livepatch-5_3_18-150300_59_49-default-1-150300.7.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debugsource-5.3.18-150300.59.49.1 reiserfs-kmp-default-5.3.18-150300.59.49.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.49.1 kernel-obs-build-debugsource-5.3.18-150300.59.49.1 kernel-syms-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-debugsource-5.3.18-150300.59.49.1 kernel-preempt-devel-5.3.18-150300.59.49.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.49.1 kernel-source-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.49.1 kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1 kernel-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debugsource-5.3.18-150300.59.49.1 kernel-default-devel-5.3.18-150300.59.49.1 kernel-default-devel-debuginfo-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.49.1 kernel-preempt-debuginfo-5.3.18-150300.59.49.1 kernel-preempt-debugsource-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.49.1 kernel-64kb-debuginfo-5.3.18-150300.59.49.1 kernel-64kb-debugsource-5.3.18-150300.59.49.1 kernel-64kb-devel-5.3.18-150300.59.49.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.49.1 kernel-macros-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.49.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.49.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.49.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.49.1 kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1 kernel-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debugsource-5.3.18-150300.59.49.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.49.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.49.1 dlm-kmp-default-5.3.18-150300.59.49.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.49.1 gfs2-kmp-default-5.3.18-150300.59.49.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debuginfo-5.3.18-150300.59.49.1 kernel-default-debugsource-5.3.18-150300.59.49.1 ocfs2-kmp-default-5.3.18-150300.59.49.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.49.1 References: https://www.suse.com/security/cve/CVE-2020-28097.html https://www.suse.com/security/cve/CVE-2021-22600.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-39685.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2022-0286.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-0435.html https://www.suse.com/security/cve/CVE-2022-22942.html https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154488 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1177599 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1187723 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1191881 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193506 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193802 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194291 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1195009 https://bugzilla.suse.com/1195062 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195073 https://bugzilla.suse.com/1195183 https://bugzilla.suse.com/1195184 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195267 https://bugzilla.suse.com/1195293 https://bugzilla.suse.com/1195371 https://bugzilla.suse.com/1195476 https://bugzilla.suse.com/1195477 https://bugzilla.suse.com/1195478 https://bugzilla.suse.com/1195479 https://bugzilla.suse.com/1195480 https://bugzilla.suse.com/1195481 https://bugzilla.suse.com/1195482 From sle-updates at lists.suse.com Fri Feb 11 11:27:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Feb 2022 12:27:45 +0100 (CET) Subject: SUSE-SU-2022:0371-1: important: Security update for the Linux Kernel Message-ID: <20220211112745.2CA3AF368@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0371-1 Rating: important References: #1071995 #1124431 #1167162 #1169514 #1172073 #1177101 #1179599 #1184804 #1185377 #1186207 #1186222 #1187167 #1189305 #1189841 #1190358 #1190428 #1191229 #1191384 #1191731 #1192032 #1192267 #1192740 #1192845 #1192847 #1192877 #1192946 #1193306 #1193440 #1193442 #1193507 #1193575 #1193669 #1193727 #1193731 #1193767 #1193861 #1193864 #1193867 #1194001 #1194048 #1194087 #1194227 #1194302 #1194516 #1194529 #1194880 #1194888 #1194985 #1195254 Cross-References: CVE-2018-25020 CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4002 CVE-2021-4083 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45486 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-15126 (NVD) : 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-15126 (SUSE): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28711 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28712 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28713 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28714 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28714 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28715 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4149 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-0322 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 27 vulnerabilities and has 22 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985). - CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4002: Fixed a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-28714: Fixed issue with xen/netback to add rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-0920: Fixed use after free bug due to a race condition in unix_scm_to_skb of af_unix.c. This could have led to local escalation of privilege with System execution privileges needed (bnc#1193731). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599) - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka "Kr00k". (bsc#1167162) - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - elfcore: fix building with clang (bsc#1169514). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (bsc#1193507). - hv_netvsc: Set needed_headroom according to VF (bsc#1193507). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well (bsc#1189841). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net: Using proper atomic helper (bsc#1186222). - net: mana: Add RX fencing (bsc#1193507). - net: mana: Add XDP support (bsc#1193507). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193507). - net: mana: Fix spelling mistake "calledd" -> "called" (bsc#1193507). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193507). - net: mana: Improve the HWC error handling (bsc#1193507). - net: mana: Support hibernation and kexec (bsc#1193507). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193507). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-<version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - rpm: fixup support gz and zst compression methods (bsc#1190428, bsc#1190358). - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101). - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-371=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-371=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-371=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-371=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-371=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-371=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.88.1 kernel-macros-4.12.14-95.88.1 kernel-source-4.12.14-95.88.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.88.1 kernel-default-base-4.12.14-95.88.1 kernel-default-base-debuginfo-4.12.14-95.88.1 kernel-default-debuginfo-4.12.14-95.88.1 kernel-default-debugsource-4.12.14-95.88.1 kernel-default-devel-4.12.14-95.88.1 kernel-default-devel-debuginfo-4.12.14-95.88.1 kernel-syms-4.12.14-95.88.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.88.1 kernel-macros-4.12.14-95.88.1 kernel-source-4.12.14-95.88.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.88.1 kernel-default-base-4.12.14-95.88.1 kernel-default-base-debuginfo-4.12.14-95.88.1 kernel-default-debuginfo-4.12.14-95.88.1 kernel-default-debugsource-4.12.14-95.88.1 kernel-default-devel-4.12.14-95.88.1 kernel-default-devel-debuginfo-4.12.14-95.88.1 kernel-syms-4.12.14-95.88.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.88.1 kernel-default-base-4.12.14-95.88.1 kernel-default-base-debuginfo-4.12.14-95.88.1 kernel-default-debuginfo-4.12.14-95.88.1 kernel-default-debugsource-4.12.14-95.88.1 kernel-default-devel-4.12.14-95.88.1 kernel-syms-4.12.14-95.88.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.88.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.88.1 kernel-macros-4.12.14-95.88.1 kernel-source-4.12.14-95.88.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.88.1 kernel-default-base-4.12.14-95.88.1 kernel-default-base-debuginfo-4.12.14-95.88.1 kernel-default-debuginfo-4.12.14-95.88.1 kernel-default-debugsource-4.12.14-95.88.1 kernel-default-devel-4.12.14-95.88.1 kernel-syms-4.12.14-95.88.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.88.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.88.1 kernel-macros-4.12.14-95.88.1 kernel-source-4.12.14-95.88.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.88.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.88.1 kernel-default-kgraft-devel-4.12.14-95.88.1 kgraft-patch-4_12_14-95_88-default-1-6.5.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.88.1 cluster-md-kmp-default-debuginfo-4.12.14-95.88.1 dlm-kmp-default-4.12.14-95.88.1 dlm-kmp-default-debuginfo-4.12.14-95.88.1 gfs2-kmp-default-4.12.14-95.88.1 gfs2-kmp-default-debuginfo-4.12.14-95.88.1 kernel-default-debuginfo-4.12.14-95.88.1 kernel-default-debugsource-4.12.14-95.88.1 ocfs2-kmp-default-4.12.14-95.88.1 ocfs2-kmp-default-debuginfo-4.12.14-95.88.1 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2019-15126.html https://www.suse.com/security/cve/CVE-2020-27820.html https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2021-0935.html https://www.suse.com/security/cve/CVE-2021-28711.html https://www.suse.com/security/cve/CVE-2021-28712.html https://www.suse.com/security/cve/CVE-2021-28713.html https://www.suse.com/security/cve/CVE-2021-28714.html https://www.suse.com/security/cve/CVE-2021-28715.html https://www.suse.com/security/cve/CVE-2021-33098.html https://www.suse.com/security/cve/CVE-2021-3564.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-4002.html https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4149.html https://www.suse.com/security/cve/CVE-2021-4197.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2021-43975.html https://www.suse.com/security/cve/CVE-2021-43976.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2021-45486.html https://www.suse.com/security/cve/CVE-2022-0322.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-0435.html https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1124431 https://bugzilla.suse.com/1167162 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1177101 https://bugzilla.suse.com/1179599 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1186207 https://bugzilla.suse.com/1186222 https://bugzilla.suse.com/1187167 https://bugzilla.suse.com/1189305 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1190358 https://bugzilla.suse.com/1190428 https://bugzilla.suse.com/1191229 https://bugzilla.suse.com/1191384 https://bugzilla.suse.com/1191731 https://bugzilla.suse.com/1192032 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192740 https://bugzilla.suse.com/1192845 https://bugzilla.suse.com/1192847 https://bugzilla.suse.com/1192877 https://bugzilla.suse.com/1192946 https://bugzilla.suse.com/1193306 https://bugzilla.suse.com/1193440 https://bugzilla.suse.com/1193442 https://bugzilla.suse.com/1193507 https://bugzilla.suse.com/1193575 https://bugzilla.suse.com/1193669 https://bugzilla.suse.com/1193727 https://bugzilla.suse.com/1193731 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194001 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194302 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194529 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1194888 https://bugzilla.suse.com/1194985 https://bugzilla.suse.com/1195254 From sle-updates at lists.suse.com Fri Feb 11 11:33:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Feb 2022 12:33:17 +0100 (CET) Subject: SUSE-SU-2022:0372-1: critical: Security update for the Linux Kernel Message-ID: <20220211113317.382CFF368@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0372-1 Rating: critical References: #1065729 #1071995 #1082555 #1163405 #1177599 #1183405 #1184209 #1186207 #1186222 #1187428 #1187723 #1188605 #1190973 #1192729 #1193096 #1193234 #1193235 #1193242 #1193507 #1193660 #1193727 #1193767 #1193861 #1193864 #1193927 #1194027 #1194227 #1194302 #1194410 #1194493 #1194516 #1194529 #1194814 #1194880 #1194888 #1194965 #1194985 #1195065 #1195073 #1195254 #1195272 Cross-References: CVE-2020-28097 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4083 CVE-2021-4135 CVE-2021-4197 CVE-2021-4202 CVE-2021-44733 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 CVE-2022-22942 CVSS scores: CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2022-0322 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 28 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985). - CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new map's value in function nsim_bpf_map_alloc (bsc#1193927). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). The following non-security bugs were fixed: - KVM: remember position in kvm->vcpus array (bsc#1190973). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1190973). - SUNRPC: Add basic load balancing to the transport switch - kabi fix. (bnc#1192729). - SUNRPC: Add basic load balancing to the transport switch. (bnc#1192729) - SUNRPC: Fix initialisation of struct rpc_xprt_switch (bnc#1192729). - SUNRPC: Optimise transport balancing code (bnc#1192729). - SUNRPC: Replace division by multiplication in calculation of queue length (bnc#1192729). - SUNRPC: Skip zero-refcount transports (bnc#1192729). - USB: serial: option: add Telit FN990 compositions (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195272). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - hv_netvsc: Set needed_headroom according to VF (bsc#1193507). - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190973). - kabi: mask new member "empty" of struct Qdisc (bsc#1183405). - kabi: revert drop of Qdisc::atomic_qlen (bsc#1183405). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - mm/hwpoison: do not lock page again when me_huge_page() successfully recovers (bsc#1194814). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193507). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193507). - net/sched: annotate lockless accesses to qdisc->empty (bsc#1183405). - net/sched: fix race between deactivation and dequeue for NOLOCK qdisc (bsc#1183405). - net/sched: pfifo_fast: fix wrong dereference in pfifo_fast_enqueue (bsc#1183405). - net/sched: pfifo_fast: fix wrong dereference when qdisc is reset (bsc#1183405). - net: Using proper atomic helper (bsc#1186222). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: caif: avoid using qdisc_qlen() (bsc#1183405). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: dev: introduce support for sch BYPASS for lockless qdisc (bsc#1183405). - net: mana: Add RX fencing (bsc#1193507). - net: mana: Add XDP support (bsc#1193507). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: Avoid using yield() in a busy waiting loop (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: add empty status flag for NOLOCK qdisc (bsc#1183405). - net: sched: always do stats accounting according to TCQ_F_CPUSTATS (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: prefer qdisc_is_empty() over direct qlen access (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sched: when clearing NOLOCK, clear TCQ_F_CPUSTATS, too (bsc#1183405). - net: tipc: validate domain record count on input (bsc#1195254). - net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nfs: do not dirty kernel pages read by direct-io (bsc#1194410). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: return BLK_STS_TRANSPORT unless DNR for NVME_SC_NS_NOT_READY (bsc#1163405). - of: Add cpu node iterator for_each_of_cpu_node() (bsc#1065729). - of: Add device_type access helper functions (bsc#1065729). - of: Fix cpu node iterator to not ignore disabled cpu nodes (bsc#1065729). - of: Fix property name in of_node_get_device_type (bsc#1065729). - of: add node name compare helper functions (bsc#1065729). - powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729). - powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729). - powerpc/pseries/cpuhp: cache node corrections (bsc#1065729). - powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729). - powerpc/pseries/mobility: ignore ibm, platform-facilities updates (bsc#1065729). - powerpc/traps: do not enable irqs in _exception (bsc#1065729). - powerpc: add interrupt_cond_local_irq_enable helper (bsc#1065729). - s390/cio: make ccw_device_dma_* more robust (bsc#1193242). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193234). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194965). - select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027). - tpm: Check for integer overflow in tpm2_map_response_body() (bsc#1082555). - tpm: add request_locality before write TPM_INT_ENABLE (bsc#1082555). - tpm: fix potential NULL pointer access in tpm_del_char_device (bsc#1184209 ltc#190917 git-fixes bsc#1193660 ltc#195634). - tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes). - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - usb: core: config: fix validation of wMaxPacketValue entries (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - virtio: write back F_VERSION_1 before validate (bsc#1193235). - x86/platform/uv: Add more to secondary CPU kdump info (bsc#1194493). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-372=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.88.1 kernel-azure-base-4.12.14-16.88.1 kernel-azure-base-debuginfo-4.12.14-16.88.1 kernel-azure-debuginfo-4.12.14-16.88.1 kernel-azure-debugsource-4.12.14-16.88.1 kernel-azure-devel-4.12.14-16.88.1 kernel-syms-azure-4.12.14-16.88.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.88.1 kernel-source-azure-4.12.14-16.88.1 References: https://www.suse.com/security/cve/CVE-2020-28097.html https://www.suse.com/security/cve/CVE-2021-3564.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4135.html https://www.suse.com/security/cve/CVE-2021-4197.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2022-0322.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-0435.html https://www.suse.com/security/cve/CVE-2022-22942.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1163405 https://bugzilla.suse.com/1177599 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1184209 https://bugzilla.suse.com/1186207 https://bugzilla.suse.com/1186222 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1187723 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1190973 https://bugzilla.suse.com/1192729 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193234 https://bugzilla.suse.com/1193235 https://bugzilla.suse.com/1193242 https://bugzilla.suse.com/1193507 https://bugzilla.suse.com/1193660 https://bugzilla.suse.com/1193727 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193927 https://bugzilla.suse.com/1194027 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194302 https://bugzilla.suse.com/1194410 https://bugzilla.suse.com/1194493 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194529 https://bugzilla.suse.com/1194814 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1194888 https://bugzilla.suse.com/1194965 https://bugzilla.suse.com/1194985 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195073 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195272 From sle-updates at lists.suse.com Sat Feb 12 07:52:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Feb 2022 08:52:14 +0100 (CET) Subject: SUSE-CU-2022:15-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220212075214.CEDF8F355@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:15-1 Container Tags : bci/dotnet-aspnet:3.1 Container Release : 7.8 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china The following package changes have been done: - timezone-2021e-75.4.1 updated From sle-updates at lists.suse.com Sat Feb 12 07:52:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Feb 2022 08:52:49 +0100 (CET) Subject: SUSE-CU-2022:16-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220212075249.C9595F355@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:16-1 Container Tags : bci/dotnet-aspnet:6.0 Container Release : 4.8 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china The following package changes have been done: - timezone-2021e-75.4.1 updated From sle-updates at lists.suse.com Sat Feb 12 07:53:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Feb 2022 08:53:40 +0100 (CET) Subject: SUSE-CU-2022:17-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220212075340.A3CE9F355@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:17-1 Container Tags : bci/dotnet-aspnet:5.0 Container Release : 7.8 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china The following package changes have been done: - timezone-2021e-75.4.1 updated From sle-updates at lists.suse.com Mon Feb 14 14:18:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:18:49 +0100 (CET) Subject: SUSE-RU-2022:0124-2: moderate: Recommended update for shared-mime-info Message-ID: <20220214141849.F26C1F355@maintenance.suse.de> SUSE Recommended Update: Recommended update for shared-mime-info ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0124-2 Rating: moderate References: #1191630 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for shared-mime-info fixes the following issues: - Fix nautilus not launching applications because all applications are not detected as executable program but as shared library (bsc#1191630) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-124=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): shared-mime-info-1.12-3.3.1 shared-mime-info-debuginfo-1.12-3.3.1 shared-mime-info-debugsource-1.12-3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): shared-mime-info-lang-1.12-3.3.1 References: https://bugzilla.suse.com/1191630 From sle-updates at lists.suse.com Mon Feb 14 14:20:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:20:16 +0100 (CET) Subject: SUSE-SU-2022:0088-2: moderate: Security update for ghostscript Message-ID: <20220214142016.D5B3EF355@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0088-2 Rating: moderate References: #1194303 #1194304 Cross-References: CVE-2021-45944 CVE-2021-45949 CVSS scores: CVE-2021-45944 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45944 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-45949 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45949 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ghostscript fixes the following issues: - CVE-2021-45944: Fixed use-after-free in sampled_data_sample (bsc#1194303) - CVE-2021-45949: Fixed heap-based buffer overflow in sampled_data_finish (bsc#1194304) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-88=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): ghostscript-9.52-161.1 ghostscript-debuginfo-9.52-161.1 ghostscript-debugsource-9.52-161.1 ghostscript-devel-9.52-161.1 ghostscript-x11-9.52-161.1 ghostscript-x11-debuginfo-9.52-161.1 References: https://www.suse.com/security/cve/CVE-2021-45944.html https://www.suse.com/security/cve/CVE-2021-45949.html https://bugzilla.suse.com/1194303 https://bugzilla.suse.com/1194304 From sle-updates at lists.suse.com Mon Feb 14 14:22:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:22:39 +0100 (CET) Subject: SUSE-SU-2022:0135-2: important: Security update for busybox Message-ID: <20220214142239.12F7FF355@maintenance.suse.de> SUSE Security Update: Security update for busybox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0135-2 Rating: important References: #1064976 #1064978 #1069412 #1099260 #1099263 #1102912 #1121426 #1121428 #1184522 #1192869 #951562 #970662 #970663 #991940 Cross-References: CVE-2011-5325 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2016-6301 CVE-2017-15873 CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 CVE-2021-28831 CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 CVSS scores: CVE-2011-5325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2015-9261 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2015-9261 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-2147 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-2148 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6301 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-15873 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-15873 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-15874 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-15874 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-16544 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16544 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-1000500 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000500 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2018-1000517 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000517 (SUSE): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2018-20679 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-20679 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-5747 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-28831 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28831 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-42378 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42379 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42380 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42381 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42382 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42383 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42384 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42385 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42386 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes 27 vulnerabilities is now available. Description: This update for busybox fixes the following issues: - CVE-2011-5325: Fixed tar directory traversal (bsc#951562). - CVE-2015-9261: Fixed segfalts and application crashes in huft_build (bsc#1102912). - CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663). - CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662). - CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940). - CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976). - CVE-2017-15874: Fixed integer underflow in archival/libarchive/decompress_unlzma.c (bsc#1064978). - CVE-2017-16544: Fixed Insufficient sanitization of filenames when autocompleting (bsc#1069412). - CVE-2018-1000500 : Fixed missing SSL certificate validation in wget (bsc#1099263). - CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260). - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426). - CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428). - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522). - CVE-2021-42373: Fixed NULL pointer dereference in man leading to DoS when a section name is supplied but no page argument is given (bsc#1192869). - CVE-2021-42374: Fixed out-of-bounds heap read in unlzma leading to information leak and DoS when crafted LZMA-compressed input is decompressed (bsc#1192869). - CVE-2021-42375: Fixed incorrect handling of a special element in ash leading to DoS when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters (bsc#1192869). - CVE-2021-42376: Fixed NULL pointer dereference in hush leading to DoS when processing a crafted shell command (bsc#1192869). - CVE-2021-42377: Fixed attacker-controlled pointer free in hush leading to DoS and possible code execution when processing a crafted shell command (bsc#1192869). - CVE-2021-42378: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the getvar_i function (bsc#1192869). - CVE-2021-42379: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the next_input_file function (bsc#1192869). - CVE-2021-42380: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the clrvar function (bsc#1192869). - CVE-2021-42381: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the hash_init function (bsc#1192869). - CVE-2021-42382: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the getvar_s function (bsc#1192869). - CVE-2021-42383: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the evaluate function (bsc#1192869). - CVE-2021-42384: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the handle_special function (bsc#1192869). - CVE-2021-42385: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the evaluate function (bsc#1192869). - CVE-2021-42386: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the nvalloc function (bsc#1192869). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-135=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 References: https://www.suse.com/security/cve/CVE-2011-5325.html https://www.suse.com/security/cve/CVE-2015-9261.html https://www.suse.com/security/cve/CVE-2016-2147.html https://www.suse.com/security/cve/CVE-2016-2148.html https://www.suse.com/security/cve/CVE-2016-6301.html https://www.suse.com/security/cve/CVE-2017-15873.html https://www.suse.com/security/cve/CVE-2017-15874.html https://www.suse.com/security/cve/CVE-2017-16544.html https://www.suse.com/security/cve/CVE-2018-1000500.html https://www.suse.com/security/cve/CVE-2018-1000517.html https://www.suse.com/security/cve/CVE-2018-20679.html https://www.suse.com/security/cve/CVE-2019-5747.html https://www.suse.com/security/cve/CVE-2021-28831.html https://www.suse.com/security/cve/CVE-2021-42373.html https://www.suse.com/security/cve/CVE-2021-42374.html https://www.suse.com/security/cve/CVE-2021-42375.html https://www.suse.com/security/cve/CVE-2021-42376.html https://www.suse.com/security/cve/CVE-2021-42377.html https://www.suse.com/security/cve/CVE-2021-42378.html https://www.suse.com/security/cve/CVE-2021-42379.html https://www.suse.com/security/cve/CVE-2021-42380.html https://www.suse.com/security/cve/CVE-2021-42381.html https://www.suse.com/security/cve/CVE-2021-42382.html https://www.suse.com/security/cve/CVE-2021-42383.html https://www.suse.com/security/cve/CVE-2021-42384.html https://www.suse.com/security/cve/CVE-2021-42385.html https://www.suse.com/security/cve/CVE-2021-42386.html https://bugzilla.suse.com/1064976 https://bugzilla.suse.com/1064978 https://bugzilla.suse.com/1069412 https://bugzilla.suse.com/1099260 https://bugzilla.suse.com/1099263 https://bugzilla.suse.com/1102912 https://bugzilla.suse.com/1121426 https://bugzilla.suse.com/1121428 https://bugzilla.suse.com/1184522 https://bugzilla.suse.com/1192869 https://bugzilla.suse.com/951562 https://bugzilla.suse.com/970662 https://bugzilla.suse.com/970663 https://bugzilla.suse.com/991940 From sle-updates at lists.suse.com Mon Feb 14 14:24:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:24:39 +0100 (CET) Subject: SUSE-RU-2022:0087-2: moderate: Recommended update for go1.16 Message-ID: <20220214142439.F201EF355@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.16 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0087-2 Rating: moderate References: #1182345 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for go1.16 fixes the following issues: Update to go1.16.13 (bsc#1182345) - it includes fixes to the compiler, linker, runtime, and the net/http package. * x/net/http2: `http.Server.WriteTimeout` does not fire if the http2 stream's window is out of space. * runtime/race: building for iOS, but linking in object file built for macOS * runtime: race detector `SIGABRT` or `SIGSEGV` on macOS Monterey * runtime: mallocs cause "base outside usable address space" panic when running on iOS 14 * cmd/link: does not set section type of `.init_array` correctly * cmd/link: support more load commands on `Mach-O` * cmd/compile: internal compiler error: `Op...LECall and OpDereference have mismatched mem` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-87=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): go1.16-1.16.13-1.40.1 go1.16-doc-1.16.13-1.40.1 go1.16-race-1.16.13-1.40.1 References: https://bugzilla.suse.com/1182345 From sle-updates at lists.suse.com Mon Feb 14 14:25:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:25:09 +0100 (CET) Subject: SUSE-RU-2022:0100-2: moderate: Recommended update for hwdata Message-ID: <20220214142509.B5306F355@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwdata ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0100-2 Rating: moderate References: #1194338 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-100=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): hwdata-0.355-3.39.1 References: https://bugzilla.suse.com/1194338 From sle-updates at lists.suse.com Mon Feb 14 14:26:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:26:45 +0100 (CET) Subject: SUSE-RU-2022:0078-2: moderate: Recommended update for go1.17 Message-ID: <20220214142645.C582EF355@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.17 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0078-2 Rating: moderate References: #1190649 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for go1.17 fixes the following issues: Update to go1.17.6 released 2022-01-06. (bsc#1190649) - It includes fixes to the compiler, linker, runtime, and the crypto/x509, net/http, and reflect packages. * go#50165 crypto/x509: error parsing large ASN.1 identifiers * go#50073 runtime: race detector `SIGABRT` or `SIGSEGV` on macOS Monterey * go#49961 reflect: segmentation violation while using html/template * go#49921 x/net/http2: `http.Server.WriteTimeout` does not fire if the http2 stream's window is out of space. * go#49413 cmd/compile: internal compiler error: `Op...LECall and OpDereference have mismatched mem` * go#48116 runtime: mallocs cause `base outside usable address space` panic when running on iOS 14 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-78=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): go1.17-1.17.6-1.17.1 go1.17-doc-1.17.6-1.17.1 go1.17-race-1.17.6-1.17.1 References: https://bugzilla.suse.com/1190649 From sle-updates at lists.suse.com Mon Feb 14 14:27:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:27:17 +0100 (CET) Subject: SUSE-RU-2022:0070-2: moderate: Recommended update for python-configshell-fb Message-ID: <20220214142717.2E991F355@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-configshell-fb ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0070-2 Rating: moderate References: SLE-17360 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for python-configshell-fb fixes the following issues: - Upgrade to latest upstream version v1.1.29 (jsc#SLE-17360): * setup.py: specify a version range for pyparsing * setup.py: lets stick to pyparsing v2.4.7 * Don't warn if prefs file doesn't exist - Update to version v1.1.28 from v1.1.27 (jsc#SLE-17360): * version 1.1.28 * Ensure that all output reaches the client when daemonized * Remove Epydoc markup from command messages * Remove epydoc imports and epydoc calls Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-70=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): python3-configshell-fb-1.1.29-3.3.1 References: From sle-updates at lists.suse.com Mon Feb 14 14:27:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:27:59 +0100 (CET) Subject: SUSE-SU-2022:0375-1: moderate: Security update for wireshark Message-ID: <20220214142759.89FE5F355@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0375-1 Rating: moderate References: #1194166 #1194167 #1194168 #1194169 #1194170 #1194171 #1194780 SLE-18727 Cross-References: CVE-2021-4181 CVE-2021-4182 CVE-2021-4183 CVE-2021-4184 CVE-2021-4185 CVE-2021-4190 CVSS scores: CVE-2021-4181 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-4181 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-4182 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-4182 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-4183 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-4183 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-4184 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-4184 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-4185 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-4185 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-4190 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-4190 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has one errata is now available. Description: This update for wireshark fixes the following issues: Update to version 3.6.1: - CVE-2021-4185: RTMPT dissector infinite loop (bsc#1194166) - CVE-2021-4184: BitTorrent DHT dissector infinite loop (bsc#1194167) - CVE-2021-4183: pcapng file parser crash (bsc#1194168) - CVE-2021-4182: RFC 7468 file parser infinite loop (bsc#1194169) - CVE-2021-4181: Sysdig Event dissector crash (bsc#1194170) - CVE-2021-4190: Kafka dissector infinite loop (bsc#1194171) - Support for Shared Memory Communications (SMC) (jsc#SLE-18727) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-375=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-375=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-375=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-375=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-375=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-375=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-375=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-375=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-375=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-375=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-375=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-375=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-375=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-375=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-375=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-375=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-375=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-375=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-375=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-375=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-375=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-375=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-375=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Manager Proxy 4.1 (x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libvirt-7.1.0-150300.6.23.1 libvirt-admin-7.1.0-150300.6.23.1 libvirt-admin-debuginfo-7.1.0-150300.6.23.1 libvirt-client-7.1.0-150300.6.23.1 libvirt-client-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-7.1.0-150300.6.23.1 libvirt-daemon-config-network-7.1.0-150300.6.23.1 libvirt-daemon-config-nwfilter-7.1.0-150300.6.23.1 libvirt-daemon-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-interface-7.1.0-150300.6.23.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-lxc-7.1.0-150300.6.23.1 libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-network-7.1.0-150300.6.23.1 libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-nodedev-7.1.0-150300.6.23.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-nwfilter-7.1.0-150300.6.23.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-qemu-7.1.0-150300.6.23.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-secret-7.1.0-150300.6.23.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-core-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-disk-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-logical-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-hooks-7.1.0-150300.6.23.1 libvirt-daemon-lxc-7.1.0-150300.6.23.1 libvirt-daemon-qemu-7.1.0-150300.6.23.1 libvirt-debugsource-7.1.0-150300.6.23.1 libvirt-devel-7.1.0-150300.6.23.1 libvirt-lock-sanlock-7.1.0-150300.6.23.1 libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.23.1 libvirt-nss-7.1.0-150300.6.23.1 libvirt-nss-debuginfo-7.1.0-150300.6.23.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.23.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): libvirt-bash-completion-7.1.0-150300.6.23.1 libvirt-doc-7.1.0-150300.6.23.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): libvirt-daemon-driver-libxl-7.1.0-150300.6.23.1 libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-xen-7.1.0-150300.6.23.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-7.1.0-150300.6.23.1 libvirt-libs-7.1.0-150300.6.23.1 libvirt-libs-debuginfo-7.1.0-150300.6.23.1 libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libvirt-daemon-7.1.0-150300.6.23.1 libvirt-daemon-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-interface-7.1.0-150300.6.23.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-network-7.1.0-150300.6.23.1 libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-nodedev-7.1.0-150300.6.23.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-nwfilter-7.1.0-150300.6.23.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-qemu-7.1.0-150300.6.23.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-secret-7.1.0-150300.6.23.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-core-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-disk-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-logical-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.23.1 libvirt-daemon-qemu-7.1.0-150300.6.23.1 libvirt-debugsource-7.1.0-150300.6.23.1 libvirt-libs-7.1.0-150300.6.23.1 libvirt-libs-debuginfo-7.1.0-150300.6.23.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.23.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 - SUSE CaaS Platform 4.0 (x86_64): libwireshark15-3.6.1-3.68.1 libwireshark15-debuginfo-3.6.1-3.68.1 libwiretap12-3.6.1-3.68.1 libwiretap12-debuginfo-3.6.1-3.68.1 libwsutil13-3.6.1-3.68.1 libwsutil13-debuginfo-3.6.1-3.68.1 wireshark-3.6.1-3.68.1 wireshark-debuginfo-3.6.1-3.68.1 wireshark-debugsource-3.6.1-3.68.1 wireshark-devel-3.6.1-3.68.1 wireshark-ui-qt-3.6.1-3.68.1 wireshark-ui-qt-debuginfo-3.6.1-3.68.1 References: https://www.suse.com/security/cve/CVE-2021-4181.html https://www.suse.com/security/cve/CVE-2021-4182.html https://www.suse.com/security/cve/CVE-2021-4183.html https://www.suse.com/security/cve/CVE-2021-4184.html https://www.suse.com/security/cve/CVE-2021-4185.html https://www.suse.com/security/cve/CVE-2021-4190.html https://bugzilla.suse.com/1194166 https://bugzilla.suse.com/1194167 https://bugzilla.suse.com/1194168 https://bugzilla.suse.com/1194169 https://bugzilla.suse.com/1194170 https://bugzilla.suse.com/1194171 https://bugzilla.suse.com/1194780 From sle-updates at lists.suse.com Mon Feb 14 14:29:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:29:17 +0100 (CET) Subject: SUSE-RU-2022:0373-1: moderate: Recommended update for rpmlint Message-ID: <20220214142917.6BB03F355@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpmlint ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0373-1 Rating: moderate References: #1195491 #1195548 #1195662 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rpmlint fixes the following issues: - Whitelisting `kdenetwork-filesharing`. (bsc#1195548) - Whitelisting of `powerdevil5`. (bsc#1195662) - Whitelisting of `plasma5-disks`. (bsc#1195491) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-373=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-373=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): rpmlint-1.10-7.38.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-150300.18.10.2 rpmlint-mini-debuginfo-1.10-150300.18.10.2 rpmlint-mini-debugsource-1.10-150300.18.10.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): rpmlint-1.10-7.38.1 References: https://bugzilla.suse.com/1195491 https://bugzilla.suse.com/1195548 https://bugzilla.suse.com/1195662 From sle-updates at lists.suse.com Mon Feb 14 14:29:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:29:57 +0100 (CET) Subject: SUSE-RU-2022:0098-2: moderate: Recommended update for xdg-desktop-portal-gtk Message-ID: <20220214142957.6DAB0F355@maintenance.suse.de> SUSE Recommended Update: Recommended update for xdg-desktop-portal-gtk ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0098-2 Rating: moderate References: #1194102 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xdg-desktop-portal-gtk fixes the following issues: - Fix regression that makes some dialogs disappear after one second (bsc#1194102) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-98=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): xdg-desktop-portal-gtk-1.8.0-3.9.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.9.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.9.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.9.1 References: https://bugzilla.suse.com/1194102 From sle-updates at lists.suse.com Mon Feb 14 14:31:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:31:09 +0100 (CET) Subject: SUSE-RU-2022:0153-2: moderate: Recommended update for enchant Message-ID: <20220214143109.9100FF355@maintenance.suse.de> SUSE Recommended Update: Recommended update for enchant ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0153-2 Rating: moderate References: #1089434 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for enchant fixes the following issues: - Add missing closing parentheses for packageand Supplements. (bsc#1089434) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-153=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): enchant-2-backend-hunspell-2.2.5-4.6.1 enchant-2-backend-hunspell-debuginfo-2.2.5-4.6.1 enchant-data-2.2.5-4.6.1 enchant-debugsource-2.2.5-4.6.1 enchant-devel-2.2.5-4.6.1 libenchant-2-2-2.2.5-4.6.1 libenchant-2-2-debuginfo-2.2.5-4.6.1 References: https://bugzilla.suse.com/1089434 From sle-updates at lists.suse.com Mon Feb 14 14:32:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:32:17 +0100 (CET) Subject: SUSE-SU-2022:0141-2: moderate: Security update for permissions Message-ID: <20220214143217.DE943F355@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0141-2 Rating: moderate References: #1169614 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-141=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): permissions-zypp-plugin-20181225-23.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): permissions-20181225-23.12.1 permissions-debuginfo-20181225-23.12.1 permissions-debugsource-20181225-23.12.1 rpmlint-mini-1.10-13.9.1 rpmlint-mini-debuginfo-1.10-13.9.1 rpmlint-mini-debugsource-1.10-13.9.1 References: https://bugzilla.suse.com/1169614 From sle-updates at lists.suse.com Mon Feb 14 14:32:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:32:51 +0100 (CET) Subject: SUSE-SU-2022:0062-2: important: Security update for openexr Message-ID: <20220214143251.09C08F355@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0062-2 Rating: important References: #1194333 Cross-References: CVE-2021-45942 CVSS scores: CVE-2021-45942 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45942 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openexr fixes the following issues: - CVE-2021-45942: Fixed heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute. (bsc#1194333) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-62=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libIlmImf-2_2-23-2.2.1-3.41.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.41.1 libIlmImfUtil-2_2-23-2.2.1-3.41.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.41.1 openexr-debuginfo-2.2.1-3.41.1 openexr-debugsource-2.2.1-3.41.1 openexr-devel-2.2.1-3.41.1 References: https://www.suse.com/security/cve/CVE-2021-45942.html https://bugzilla.suse.com/1194333 From sle-updates at lists.suse.com Mon Feb 14 14:33:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Feb 2022 15:33:24 +0100 (CET) Subject: SUSE-SU-2022:0104-2: important: Security update for SDL2 Message-ID: <20220214143324.234DEF355@maintenance.suse.de> SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0104-2 Rating: important References: #1181201 #1181202 Cross-References: CVE-2020-14409 CVE-2020-14410 CVSS scores: CVE-2020-14409 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-14409 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14410 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2020-14410 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for SDL2 fixes the following issues: - CVE-2020-14409: Fixed Integer Overflow resulting in heap corruption in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP (bsc#1181202). - CVE-2020-14410: Fixed heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP (bsc#1181201). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-104=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): SDL2-debugsource-2.0.8-11.3.1 libSDL2-2_0-0-2.0.8-11.3.1 libSDL2-2_0-0-debuginfo-2.0.8-11.3.1 libSDL2-devel-2.0.8-11.3.1 References: https://www.suse.com/security/cve/CVE-2020-14409.html https://www.suse.com/security/cve/CVE-2020-14410.html https://bugzilla.suse.com/1181201 https://bugzilla.suse.com/1181202 From sle-updates at lists.suse.com Tue Feb 15 02:18:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Feb 2022 03:18:29 +0100 (CET) Subject: SUSE-RU-2022:0376-1: moderate: Recommended update for libqb Message-ID: <20220215021829.502C7F355@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqb ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0376-1 Rating: moderate References: #1188212 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Server 4.0 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libqb fixes the following issues: - IPC server: avoid temporary channel priority loss (bsc#1188212). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-376=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-376=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): libqb-debugsource-1.0.3+20190326.a521604-3.6.1 libqb-devel-1.0.3+20190326.a521604-3.6.1 libqb-tests-1.0.3+20190326.a521604-3.6.1 libqb-tests-debuginfo-1.0.3+20190326.a521604-3.6.1 libqb-tools-1.0.3+20190326.a521604-3.6.1 libqb-tools-debuginfo-1.0.3+20190326.a521604-3.6.1 libqb20-1.0.3+20190326.a521604-3.6.1 libqb20-debuginfo-1.0.3+20190326.a521604-3.6.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): libqb-debugsource-1.0.3+20190326.a521604-3.6.1 libqb-devel-1.0.3+20190326.a521604-3.6.1 libqb-tests-1.0.3+20190326.a521604-3.6.1 libqb-tests-debuginfo-1.0.3+20190326.a521604-3.6.1 libqb-tools-1.0.3+20190326.a521604-3.6.1 libqb-tools-debuginfo-1.0.3+20190326.a521604-3.6.1 libqb20-1.0.3+20190326.a521604-3.6.1 libqb20-debuginfo-1.0.3+20190326.a521604-3.6.1 References: https://bugzilla.suse.com/1188212 From sle-updates at lists.suse.com Tue Feb 15 11:17:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Feb 2022 12:17:51 +0100 (CET) Subject: SUSE-SU-2022:0176-2: important: Security update for unbound Message-ID: <20220215111751.B690BF368@maintenance.suse.de> SUSE Security Update: Security update for unbound ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0176-2 Rating: important References: #1076963 #1112009 #1112033 #1179191 #1185382 #1185383 #1185384 #1185385 #1185386 #1185387 #1185388 #1185389 #1185390 #1185391 #1185392 #1185393 Cross-References: CVE-2019-25031 CVE-2019-25032 CVE-2019-25033 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2020-28935 CVSS scores: CVE-2019-25031 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-25031 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2019-25032 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25032 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25033 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25033 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25034 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25034 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2019-25035 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25035 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2019-25036 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-25036 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25037 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-25037 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25038 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25038 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25039 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25039 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25040 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-25040 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25041 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-25041 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-25042 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-25042 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2020-28935 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-28935 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has three fixes is now available. Description: This update for unbound fixes the following issues: - CVE-2019-25031: Fixed configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack (bsc#1185382). - CVE-2019-25032: Fixed integer overflow in the regional allocator via regional_alloc (bsc#1185383). - CVE-2019-25033: Fixed integer overflow in the regional allocator via the ALIGN_UP macro (bsc#1185384). - CVE-2019-25034: Fixed integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write (bsc#1185385). - CVE-2019-25035: Fixed out-of-bounds write in sldns_bget_token_par (bsc#1185386). - CVE-2019-25036: Fixed assertion failure and denial of service in synth_cname (bsc#1185387). - CVE-2019-25037: Fixed assertion failure and denial of service in dname_pkt_copy via an invalid packet (bsc#1185388). - CVE-2019-25038: Fixed integer overflow in a size calculation in dnscrypt/dnscrypt.c (bsc#1185389). - CVE-2019-25039: Fixed integer overflow in a size calculation in respip/respip.c (bsc#1185390). - CVE-2019-25040: Fixed infinite loop via a compressed name in dname_pkt_copy (bsc#1185391). - CVE-2019-25041: Fixed assertion failure via a compressed name in dname_pkt_copy (bsc#1185392). - CVE-2019-25042: Fixed out-of-bounds write via a compressed name in rdata_copy (bsc#1185393). - CVE-2020-28935: Fixed symbolic link traversal when writing PID file (bsc#1179191). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-176=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libunbound2-1.6.8-10.6.1 libunbound2-debuginfo-1.6.8-10.6.1 unbound-anchor-1.6.8-10.6.1 unbound-anchor-debuginfo-1.6.8-10.6.1 unbound-debuginfo-1.6.8-10.6.1 unbound-debugsource-1.6.8-10.6.1 unbound-devel-1.6.8-10.6.1 References: https://www.suse.com/security/cve/CVE-2019-25031.html https://www.suse.com/security/cve/CVE-2019-25032.html https://www.suse.com/security/cve/CVE-2019-25033.html https://www.suse.com/security/cve/CVE-2019-25034.html https://www.suse.com/security/cve/CVE-2019-25035.html https://www.suse.com/security/cve/CVE-2019-25036.html https://www.suse.com/security/cve/CVE-2019-25037.html https://www.suse.com/security/cve/CVE-2019-25038.html https://www.suse.com/security/cve/CVE-2019-25039.html https://www.suse.com/security/cve/CVE-2019-25040.html https://www.suse.com/security/cve/CVE-2019-25041.html https://www.suse.com/security/cve/CVE-2019-25042.html https://www.suse.com/security/cve/CVE-2020-28935.html https://bugzilla.suse.com/1076963 https://bugzilla.suse.com/1112009 https://bugzilla.suse.com/1112033 https://bugzilla.suse.com/1179191 https://bugzilla.suse.com/1185382 https://bugzilla.suse.com/1185383 https://bugzilla.suse.com/1185384 https://bugzilla.suse.com/1185385 https://bugzilla.suse.com/1185386 https://bugzilla.suse.com/1185387 https://bugzilla.suse.com/1185388 https://bugzilla.suse.com/1185389 https://bugzilla.suse.com/1185390 https://bugzilla.suse.com/1185391 https://bugzilla.suse.com/1185392 https://bugzilla.suse.com/1185393 From sle-updates at lists.suse.com Tue Feb 15 17:18:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Feb 2022 18:18:13 +0100 (CET) Subject: SUSE-RU-2022:0377-1: moderate: Recommended update for pacemaker Message-ID: <20220215171813.051C4F355@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0377-1 Rating: moderate References: #1191676 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pacemaker fixes the following issues: - attrd: check election status upon loss of a voter to prevent unexpected pending (bsc#1191676) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-377=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.4+20200616.2deceaa3a-3.15.1 libpacemaker3-2.0.4+20200616.2deceaa3a-3.15.1 libpacemaker3-debuginfo-2.0.4+20200616.2deceaa3a-3.15.1 pacemaker-2.0.4+20200616.2deceaa3a-3.15.1 pacemaker-cli-2.0.4+20200616.2deceaa3a-3.15.1 pacemaker-cli-debuginfo-2.0.4+20200616.2deceaa3a-3.15.1 pacemaker-debuginfo-2.0.4+20200616.2deceaa3a-3.15.1 pacemaker-debugsource-2.0.4+20200616.2deceaa3a-3.15.1 pacemaker-remote-2.0.4+20200616.2deceaa3a-3.15.1 pacemaker-remote-debuginfo-2.0.4+20200616.2deceaa3a-3.15.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): pacemaker-cts-2.0.4+20200616.2deceaa3a-3.15.1 References: https://bugzilla.suse.com/1191676 From sle-updates at lists.suse.com Tue Feb 15 17:18:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Feb 2022 18:18:44 +0100 (CET) Subject: SUSE-RU-2022:0379-1: moderate: Recommended update for gnutls Message-ID: <20220215171844.C658CF355@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0379-1 Rating: moderate References: #1195583 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnutls fixes the following issues: - Explicitly require libp11-kit0 >= 0.23.1 in libgnutls30 [bsc#1195583] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-379=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libgnutls30-3.4.17-8.8.1 libgnutls30-debuginfo-3.4.17-8.8.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): gnutls-debugsource-3.4.17-8.8.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libgnutls30-32bit-3.4.17-8.8.1 libgnutls30-debuginfo-32bit-3.4.17-8.8.1 References: https://bugzilla.suse.com/1195583 From sle-updates at lists.suse.com Tue Feb 15 17:19:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Feb 2022 18:19:18 +0100 (CET) Subject: SUSE-RU-2022:0378-1: moderate: Recommended update for pacemaker Message-ID: <20220215171918.1299AF355@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0378-1 Rating: moderate References: #1191676 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pacemaker fixes the following issues: - attrd: check election status upon loss of a voter to prevent unexpected pending (bsc#1191676) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-378=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.5+20201202.ba59be712-150300.4.16.1 libpacemaker3-2.0.5+20201202.ba59be712-150300.4.16.1 libpacemaker3-debuginfo-2.0.5+20201202.ba59be712-150300.4.16.1 pacemaker-2.0.5+20201202.ba59be712-150300.4.16.1 pacemaker-cli-2.0.5+20201202.ba59be712-150300.4.16.1 pacemaker-cli-debuginfo-2.0.5+20201202.ba59be712-150300.4.16.1 pacemaker-debuginfo-2.0.5+20201202.ba59be712-150300.4.16.1 pacemaker-debugsource-2.0.5+20201202.ba59be712-150300.4.16.1 pacemaker-remote-2.0.5+20201202.ba59be712-150300.4.16.1 pacemaker-remote-debuginfo-2.0.5+20201202.ba59be712-150300.4.16.1 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): pacemaker-cts-2.0.5+20201202.ba59be712-150300.4.16.1 References: https://bugzilla.suse.com/1191676 From sle-updates at lists.suse.com Tue Feb 15 20:17:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Feb 2022 21:17:57 +0100 (CET) Subject: SUSE-RU-2022:0381-1: moderate: Recommended update for pacemaker Message-ID: <20220215201757.9D6E7F355@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0381-1 Rating: moderate References: #1188212 #1191676 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - attrd: check election status upon loss of a voter to prevent unexpected pending (bsc#1191676) - stonith-ng's function cannot be blocked with CIB updates forever (bsc#1188212) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-381=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.1+20190417.13d370ca9-3.24.1 libpacemaker3-2.0.1+20190417.13d370ca9-3.24.1 libpacemaker3-debuginfo-2.0.1+20190417.13d370ca9-3.24.1 pacemaker-2.0.1+20190417.13d370ca9-3.24.1 pacemaker-cli-2.0.1+20190417.13d370ca9-3.24.1 pacemaker-cli-debuginfo-2.0.1+20190417.13d370ca9-3.24.1 pacemaker-debuginfo-2.0.1+20190417.13d370ca9-3.24.1 pacemaker-debugsource-2.0.1+20190417.13d370ca9-3.24.1 pacemaker-remote-2.0.1+20190417.13d370ca9-3.24.1 pacemaker-remote-debuginfo-2.0.1+20190417.13d370ca9-3.24.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): pacemaker-cts-2.0.1+20190417.13d370ca9-3.24.1 References: https://bugzilla.suse.com/1188212 https://bugzilla.suse.com/1191676 From sle-updates at lists.suse.com Tue Feb 15 20:19:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Feb 2022 21:19:04 +0100 (CET) Subject: SUSE-RU-2022:0383-1: moderate: Recommended update for cyrus-sasl Message-ID: <20220215201904.DEDD9F355@maintenance.suse.de> SUSE Recommended Update: Recommended update for cyrus-sasl ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0383-1 Rating: moderate References: #1194265 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-383=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-383=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-383=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-383=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): cyrus-sasl-bdb-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-bdb-debugsource-2.1.27-150300.4.3.1 cyrus-sasl-bdb-devel-2.1.27-150300.4.3.1 cyrus-sasl-saslauthd-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-saslauthd-debugsource-2.1.27-150300.4.3.1 cyrus-sasl-sqlauxprop-2.1.27-150300.4.3.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.27-150300.4.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): cyrus-sasl-bdb-2.1.27-150300.4.3.1 cyrus-sasl-bdb-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-bdb-debugsource-2.1.27-150300.4.3.1 cyrus-sasl-bdb-digestmd5-2.1.27-150300.4.3.1 cyrus-sasl-bdb-digestmd5-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-bdb-gs2-2.1.27-150300.4.3.1 cyrus-sasl-bdb-gs2-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-bdb-gssapi-2.1.27-150300.4.3.1 cyrus-sasl-bdb-gssapi-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-bdb-ntlm-2.1.27-150300.4.3.1 cyrus-sasl-bdb-ntlm-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-bdb-otp-2.1.27-150300.4.3.1 cyrus-sasl-bdb-otp-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-bdb-plain-2.1.27-150300.4.3.1 cyrus-sasl-bdb-plain-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-bdb-scram-2.1.27-150300.4.3.1 cyrus-sasl-bdb-scram-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-saslauthd-bdb-2.1.27-150300.4.3.1 cyrus-sasl-saslauthd-bdb-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-saslauthd-bdb-debugsource-2.1.27-150300.4.3.1 cyrus-sasl-sqlauxprop-bdb-2.1.27-150300.4.3.1 cyrus-sasl-sqlauxprop-bdb-debuginfo-2.1.27-150300.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cyrus-sasl-2.1.27-150300.4.3.1 cyrus-sasl-crammd5-2.1.27-150300.4.3.1 cyrus-sasl-crammd5-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-debugsource-2.1.27-150300.4.3.1 cyrus-sasl-devel-2.1.27-150300.4.3.1 cyrus-sasl-digestmd5-2.1.27-150300.4.3.1 cyrus-sasl-digestmd5-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-gssapi-2.1.27-150300.4.3.1 cyrus-sasl-gssapi-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-otp-2.1.27-150300.4.3.1 cyrus-sasl-otp-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-plain-2.1.27-150300.4.3.1 cyrus-sasl-plain-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-saslauthd-2.1.27-150300.4.3.1 cyrus-sasl-saslauthd-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-saslauthd-debugsource-2.1.27-150300.4.3.1 libsasl2-3-2.1.27-150300.4.3.1 libsasl2-3-debuginfo-2.1.27-150300.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): cyrus-sasl-32bit-2.1.27-150300.4.3.1 cyrus-sasl-32bit-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-crammd5-32bit-2.1.27-150300.4.3.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-digestmd5-32bit-2.1.27-150300.4.3.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-gssapi-32bit-2.1.27-150300.4.3.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-plain-32bit-2.1.27-150300.4.3.1 cyrus-sasl-plain-32bit-debuginfo-2.1.27-150300.4.3.1 libsasl2-3-32bit-2.1.27-150300.4.3.1 libsasl2-3-32bit-debuginfo-2.1.27-150300.4.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): cyrus-sasl-2.1.27-150300.4.3.1 cyrus-sasl-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-debugsource-2.1.27-150300.4.3.1 cyrus-sasl-digestmd5-2.1.27-150300.4.3.1 cyrus-sasl-digestmd5-debuginfo-2.1.27-150300.4.3.1 cyrus-sasl-gssapi-2.1.27-150300.4.3.1 cyrus-sasl-gssapi-debuginfo-2.1.27-150300.4.3.1 libsasl2-3-2.1.27-150300.4.3.1 libsasl2-3-debuginfo-2.1.27-150300.4.3.1 References: https://bugzilla.suse.com/1194265 From sle-updates at lists.suse.com Tue Feb 15 20:20:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Feb 2022 21:20:15 +0100 (CET) Subject: SUSE-RU-2022:0382-1: important: Recommended update for samba Message-ID: <20220215202015.91642F355@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0382-1 Rating: important References: #1195510 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for samba fixes the following issues: - Updated samba to not provide nor require the bundled talloc, tdb, tevent and ldb libraries. (bsc#1195510); Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-382=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-382=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-382=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.4+git.327.37e0a40d45f-3.57.1 libsamba-policy-python3-devel-4.15.4+git.327.37e0a40d45f-3.57.1 samba-debuginfo-4.15.4+git.327.37e0a40d45f-3.57.1 samba-debugsource-4.15.4+git.327.37e0a40d45f-3.57.1 samba-devel-4.15.4+git.327.37e0a40d45f-3.57.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): samba-devel-32bit-4.15.4+git.327.37e0a40d45f-3.57.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsamba-policy0-python3-4.15.4+git.327.37e0a40d45f-3.57.1 libsamba-policy0-python3-debuginfo-4.15.4+git.327.37e0a40d45f-3.57.1 samba-4.15.4+git.327.37e0a40d45f-3.57.1 samba-client-4.15.4+git.327.37e0a40d45f-3.57.1 samba-client-debuginfo-4.15.4+git.327.37e0a40d45f-3.57.1 samba-client-libs-4.15.4+git.327.37e0a40d45f-3.57.1 samba-client-libs-debuginfo-4.15.4+git.327.37e0a40d45f-3.57.1 samba-debuginfo-4.15.4+git.327.37e0a40d45f-3.57.1 samba-debugsource-4.15.4+git.327.37e0a40d45f-3.57.1 samba-ldb-ldap-4.15.4+git.327.37e0a40d45f-3.57.1 samba-ldb-ldap-debuginfo-4.15.4+git.327.37e0a40d45f-3.57.1 samba-libs-4.15.4+git.327.37e0a40d45f-3.57.1 samba-libs-debuginfo-4.15.4+git.327.37e0a40d45f-3.57.1 samba-libs-python3-4.15.4+git.327.37e0a40d45f-3.57.1 samba-libs-python3-debuginfo-4.15.4+git.327.37e0a40d45f-3.57.1 samba-python3-4.15.4+git.327.37e0a40d45f-3.57.1 samba-python3-debuginfo-4.15.4+git.327.37e0a40d45f-3.57.1 samba-tool-4.15.4+git.327.37e0a40d45f-3.57.1 samba-winbind-4.15.4+git.327.37e0a40d45f-3.57.1 samba-winbind-debuginfo-4.15.4+git.327.37e0a40d45f-3.57.1 samba-winbind-libs-4.15.4+git.327.37e0a40d45f-3.57.1 samba-winbind-libs-debuginfo-4.15.4+git.327.37e0a40d45f-3.57.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsamba-policy0-python3-32bit-4.15.4+git.327.37e0a40d45f-3.57.1 libsamba-policy0-python3-debuginfo-32bit-4.15.4+git.327.37e0a40d45f-3.57.1 samba-client-32bit-4.15.4+git.327.37e0a40d45f-3.57.1 samba-client-debuginfo-32bit-4.15.4+git.327.37e0a40d45f-3.57.1 samba-client-libs-32bit-4.15.4+git.327.37e0a40d45f-3.57.1 samba-client-libs-debuginfo-32bit-4.15.4+git.327.37e0a40d45f-3.57.1 samba-libs-32bit-4.15.4+git.327.37e0a40d45f-3.57.1 samba-libs-debuginfo-32bit-4.15.4+git.327.37e0a40d45f-3.57.1 samba-libs-python3-32bit-4.15.4+git.327.37e0a40d45f-3.57.1 samba-libs-python3-debuginfo-32bit-4.15.4+git.327.37e0a40d45f-3.57.1 samba-winbind-libs-32bit-4.15.4+git.327.37e0a40d45f-3.57.1 samba-winbind-libs-debuginfo-32bit-4.15.4+git.327.37e0a40d45f-3.57.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): libsamba-policy-python3-devel-4.15.4+git.327.37e0a40d45f-3.57.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): samba-devel-4.15.4+git.327.37e0a40d45f-3.57.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.15.4+git.327.37e0a40d45f-3.57.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.15.4+git.327.37e0a40d45f-3.57.1 ctdb-debuginfo-4.15.4+git.327.37e0a40d45f-3.57.1 samba-debuginfo-4.15.4+git.327.37e0a40d45f-3.57.1 samba-debugsource-4.15.4+git.327.37e0a40d45f-3.57.1 References: https://bugzilla.suse.com/1195510 From sle-updates at lists.suse.com Wed Feb 16 08:00:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 09:00:30 +0100 (CET) Subject: SUSE-CU-2022:174-1: Recommended update of suse/sle15 Message-ID: <20220216080030.CB676F355@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:174-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.77 Container Release : 17.8.77 Severity : moderate Type : recommended References : 1194265 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. The following package changes have been done: - libsasl2-3-2.1.27-150300.4.3.1 updated From sle-updates at lists.suse.com Wed Feb 16 08:01:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 09:01:46 +0100 (CET) Subject: SUSE-CU-2022:175-1: Security update of suse/sle15 Message-ID: <20220216080146.74BCCF355@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:175-1 Container Tags : suse/sle15:15.4 , suse/sle15:15.4.23.6 Container Release : 23.6 Severity : important Type : security References : 1194640 1194768 1194770 1194785 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) The following package changes have been done: - bash-4.4-150400.23.60 updated - coreutils-8.32-150400.7.1 updated - cpio-2.13-150400.1.49 updated - glibc-2.31-150300.9.12.1 updated - libaudit1-3.0.6-150400.1.1 updated - libblkid1-2.37.2-150400.4.7 updated - libbz2-1-1.0.8-150400.1.63 updated - libcom_err2-1.46.4-150400.1.33 updated - libdw1-0.185-150400.2.63 updated - libelf1-0.185-150400.2.63 updated - libfdisk1-2.37.2-150400.4.7 updated - libgcrypt20-hmac-1.9.4-150400.1.75 updated - libgcrypt20-1.9.4-150400.1.75 updated - libgpg-error0-1.42-150400.1.73 updated - libgpgme11-1.16.0-150400.1.41 updated - libmount1-2.37.2-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.2.47 updated - libopenssl1_1-1.1.1l-150400.2.47 updated - libreadline7-7.0-150400.23.60 updated - libselinux1-3.1-150400.1.19 updated - libsemanage1-3.1-150400.1.17 updated - libsepol1-3.1-150400.1.20 updated - libsmartcols1-2.37.2-150400.4.7 updated - libsystemd0-249.7-150400.2.22 updated - libudev1-249.7-150400.2.22 updated - libuuid1-2.37.2-150400.4.7 updated - libzstd1-1.5.0-150400.1.26 updated - libzypp-17.29.4-150400.1.1 updated - login_defs-4.8.1-150400.8.8 updated - openssl-1_1-1.1.1l-150400.2.47 updated - patterns-base-fips-20200124-150400.18.1 updated - rpm-config-SUSE-1-150400.11.39 updated - shadow-4.8.1-150400.8.8 updated - sles-release-15.4-150400.39.3 updated - system-group-hardware-20170617-150400.21.38 updated - util-linux-2.37.2-150400.4.7 updated - zypper-1.14.51-150400.1.2 updated From sle-updates at lists.suse.com Wed Feb 16 14:20:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 15:20:26 +0100 (CET) Subject: SUSE-SU-2022:0429-1: critical: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP3) Message-ID: <20220216142026.9572AF368@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0429-1 Rating: critical References: #1195308 Cross-References: CVE-2022-0435 CVSS scores: CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_46 fixes one issue. The following security issue was fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-437=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-438=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-429=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-2-150300.2.2 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-2-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-2-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-2-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_99-default-2-2.2 kernel-livepatch-5_3_18-24_99-default-debuginfo-2-2.2 kernel-livepatch-SLE15-SP2_Update_23-debugsource-2-2.2 References: https://www.suse.com/security/cve/CVE-2022-0435.html https://bugzilla.suse.com/1195308 From sle-updates at lists.suse.com Wed Feb 16 14:22:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 15:22:35 +0100 (CET) Subject: SUSE-RU-2022:0387-1: moderate: Recommended update for pacemaker Message-ID: <20220216142235.F24B2F368@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0387-1 Rating: moderate References: #1188212 #1191676 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - attrd: check election status upon loss of a voter to prevent unexpected pending (bsc#1191676) - attrd: start new election if writer is lost (rh#1535221) - stonith-ng's function cannot be blocked with CIB updates forever (bsc#1188212) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-387=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libpacemaker3-1.1.19+20181105.ccd6b5b10-3.31.1 libpacemaker3-debuginfo-1.1.19+20181105.ccd6b5b10-3.31.1 pacemaker-1.1.19+20181105.ccd6b5b10-3.31.1 pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.31.1 pacemaker-cli-debuginfo-1.1.19+20181105.ccd6b5b10-3.31.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.31.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.31.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.31.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.31.1 pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.31.1 pacemaker-remote-debuginfo-1.1.19+20181105.ccd6b5b10-3.31.1 References: https://bugzilla.suse.com/1188212 https://bugzilla.suse.com/1191676 From sle-updates at lists.suse.com Wed Feb 16 14:23:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 15:23:51 +0100 (CET) Subject: SUSE-SU-2022:0418-1: critical: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) Message-ID: <20220216142351.3F529F368@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0418-1 Rating: critical References: #1194460 #1194533 #1195308 Cross-References: CVE-2021-4083 CVE-2021-4202 CVE-2022-0435 CVSS scores: CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_103 fixes several issues. The following security issues were fixed: - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533). - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-430=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-431=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-432=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-433=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-434=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-435=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-418=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-419=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-420=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-421=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-422=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-423=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-424=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-425=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-426=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-427=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-428=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-412=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-413=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-414=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-415=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-416=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-417=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-407=1 SUSE-SLE-Module-Live-Patching-15-2022-408=1 SUSE-SLE-Module-Live-Patching-15-2022-409=1 SUSE-SLE-Module-Live-Patching-15-2022-410=1 SUSE-SLE-Module-Live-Patching-15-2022-411=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-395=1 SUSE-SLE-Live-Patching-12-SP5-2022-396=1 SUSE-SLE-Live-Patching-12-SP5-2022-397=1 SUSE-SLE-Live-Patching-12-SP5-2022-398=1 SUSE-SLE-Live-Patching-12-SP5-2022-399=1 SUSE-SLE-Live-Patching-12-SP5-2022-400=1 SUSE-SLE-Live-Patching-12-SP5-2022-401=1 SUSE-SLE-Live-Patching-12-SP5-2022-402=1 SUSE-SLE-Live-Patching-12-SP5-2022-403=1 SUSE-SLE-Live-Patching-12-SP5-2022-404=1 SUSE-SLE-Live-Patching-12-SP5-2022-405=1 SUSE-SLE-Live-Patching-12-SP5-2022-406=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-389=1 SUSE-SLE-Live-Patching-12-SP4-2022-390=1 SUSE-SLE-Live-Patching-12-SP4-2022-391=1 SUSE-SLE-Live-Patching-12-SP4-2022-392=1 SUSE-SLE-Live-Patching-12-SP4-2022-393=1 SUSE-SLE-Live-Patching-12-SP4-2022-394=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-57-default-11-3.2 kernel-livepatch-5_3_18-57-default-debuginfo-11-3.2 kernel-livepatch-5_3_18-59_13-default-9-150300.2.2 kernel-livepatch-5_3_18-59_13-default-debuginfo-9-150300.2.2 kernel-livepatch-5_3_18-59_16-default-8-150300.2.2 kernel-livepatch-5_3_18-59_16-default-debuginfo-8-150300.2.2 kernel-livepatch-5_3_18-59_19-default-7-150300.2.2 kernel-livepatch-5_3_18-59_19-default-debuginfo-7-150300.2.2 kernel-livepatch-5_3_18-59_34-default-4-150300.2.2 kernel-livepatch-5_3_18-59_34-default-debuginfo-4-150300.2.2 kernel-livepatch-5_3_18-59_37-default-3-150300.2.2 kernel-livepatch-5_3_18-59_37-default-debuginfo-3-150300.2.2 kernel-livepatch-SLE15-SP3_Update_0-debugsource-11-3.2 kernel-livepatch-SLE15-SP3_Update_10-debugsource-3-150300.2.2 kernel-livepatch-SLE15-SP3_Update_3-debugsource-9-150300.2.2 kernel-livepatch-SLE15-SP3_Update_4-debugsource-8-150300.2.2 kernel-livepatch-SLE15-SP3_Update_5-debugsource-7-150300.2.2 kernel-livepatch-SLE15-SP3_Update_9-debugsource-4-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_53_4-default-9-2.2 kernel-livepatch-5_3_18-24_53_4-default-debuginfo-9-2.2 kernel-livepatch-5_3_18-24_61-default-11-2.2 kernel-livepatch-5_3_18-24_61-default-debuginfo-11-2.2 kernel-livepatch-5_3_18-24_64-default-11-2.2 kernel-livepatch-5_3_18-24_64-default-debuginfo-11-2.2 kernel-livepatch-5_3_18-24_67-default-9-2.2 kernel-livepatch-5_3_18-24_67-default-debuginfo-9-2.2 kernel-livepatch-5_3_18-24_70-default-9-2.2 kernel-livepatch-5_3_18-24_70-default-debuginfo-9-2.2 kernel-livepatch-5_3_18-24_75-default-8-2.2 kernel-livepatch-5_3_18-24_75-default-debuginfo-8-2.2 kernel-livepatch-5_3_18-24_78-default-7-2.2 kernel-livepatch-5_3_18-24_78-default-debuginfo-7-2.2 kernel-livepatch-5_3_18-24_83-default-5-2.2 kernel-livepatch-5_3_18-24_83-default-debuginfo-5-2.2 kernel-livepatch-5_3_18-24_86-default-5-2.2 kernel-livepatch-5_3_18-24_86-default-debuginfo-5-2.2 kernel-livepatch-5_3_18-24_93-default-4-2.2 kernel-livepatch-5_3_18-24_93-default-debuginfo-4-2.2 kernel-livepatch-5_3_18-24_96-default-3-2.2 kernel-livepatch-5_3_18-24_96-default-debuginfo-3-2.2 kernel-livepatch-SLE15-SP2_Update_12-debugsource-11-2.2 kernel-livepatch-SLE15-SP2_Update_13-debugsource-11-2.2 kernel-livepatch-SLE15-SP2_Update_14-debugsource-9-2.2 kernel-livepatch-SLE15-SP2_Update_15-debugsource-9-2.2 kernel-livepatch-SLE15-SP2_Update_16-debugsource-9-2.2 kernel-livepatch-SLE15-SP2_Update_17-debugsource-8-2.2 kernel-livepatch-SLE15-SP2_Update_18-debugsource-7-2.2 kernel-livepatch-SLE15-SP2_Update_19-debugsource-5-2.2 kernel-livepatch-SLE15-SP2_Update_20-debugsource-5-2.2 kernel-livepatch-SLE15-SP2_Update_21-debugsource-4-2.2 kernel-livepatch-SLE15-SP2_Update_22-debugsource-3-2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_102-default-3-2.2 kernel-livepatch-4_12_14-197_83-default-15-2.2 kernel-livepatch-4_12_14-197_86-default-14-2.2 kernel-livepatch-4_12_14-197_89-default-11-2.2 kernel-livepatch-4_12_14-197_92-default-10-2.2 kernel-livepatch-4_12_14-197_99-default-8-2.2 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_66-default-15-2.2 kernel-livepatch-4_12_14-150_66-default-debuginfo-15-2.2 kernel-livepatch-4_12_14-150_69-default-14-2.2 kernel-livepatch-4_12_14-150_69-default-debuginfo-14-2.2 kernel-livepatch-4_12_14-150_72-default-11-2.2 kernel-livepatch-4_12_14-150_72-default-debuginfo-11-2.2 kernel-livepatch-4_12_14-150_75-default-8-2.2 kernel-livepatch-4_12_14-150_75-default-debuginfo-8-2.2 kernel-livepatch-4_12_14-150_78-default-3-2.2 kernel-livepatch-4_12_14-150_78-default-debuginfo-3-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-3-2.2 kgraft-patch-4_12_14-122_106-default-2-2.2 kgraft-patch-4_12_14-122_63-default-14-2.2 kgraft-patch-4_12_14-122_66-default-12-2.2 kgraft-patch-4_12_14-122_71-default-11-2.2 kgraft-patch-4_12_14-122_74-default-9-2.2 kgraft-patch-4_12_14-122_77-default-9-2.2 kgraft-patch-4_12_14-122_80-default-8-2.2 kgraft-patch-4_12_14-122_83-default-7-2.2 kgraft-patch-4_12_14-122_88-default-5-2.2 kgraft-patch-4_12_14-122_91-default-5-2.2 kgraft-patch-4_12_14-122_98-default-3-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_68-default-15-2.2 kgraft-patch-4_12_14-95_71-default-14-2.2 kgraft-patch-4_12_14-95_74-default-11-2.2 kgraft-patch-4_12_14-95_77-default-10-2.2 kgraft-patch-4_12_14-95_80-default-8-2.2 kgraft-patch-4_12_14-95_83-default-3-2.2 References: https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2022-0435.html https://bugzilla.suse.com/1194460 https://bugzilla.suse.com/1194533 https://bugzilla.suse.com/1195308 From sle-updates at lists.suse.com Wed Feb 16 14:25:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 15:25:48 +0100 (CET) Subject: SUSE-SU-2022:0436-1: critical: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP3) Message-ID: <20220216142548.29F6DF368@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0436-1 Rating: critical References: #1194460 #1195308 Cross-References: CVE-2021-4083 CVE-2022-0435 CVSS scores: CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-59_40 fixes several issues. The following security issues were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-436=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_40-default-3-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-3-150300.2.2 References: https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2022-0435.html https://bugzilla.suse.com/1194460 https://bugzilla.suse.com/1195308 From sle-updates at lists.suse.com Wed Feb 16 14:26:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 15:26:30 +0100 (CET) Subject: SUSE-RU-2022:0386-1: moderate: Recommended update for autoyast2 Message-ID: <20220216142630.BDA89F368@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0386-1 Rating: moderate References: #1192437 #1194440 #1194881 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for autoyast2 fixes the following issues: - Fix handling of add-on signature settings (bsc#1194881). - Properly merge the autoupgrade workflow when using the online medium (bsc#1192437, bsc#1194440). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-386=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-386=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): autoyast2-4.3.96-150300.3.35.1 autoyast2-installation-4.3.96-150300.3.35.1 - SUSE Linux Enterprise Installer 15-SP3 (noarch): autoyast2-4.3.96-150300.3.35.1 autoyast2-installation-4.3.96-150300.3.35.1 References: https://bugzilla.suse.com/1192437 https://bugzilla.suse.com/1194440 https://bugzilla.suse.com/1194881 From sle-updates at lists.suse.com Wed Feb 16 17:18:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 18:18:08 +0100 (CET) Subject: SUSE-RU-2022:0439-1: important: Recommended update for release-notes-sles Message-ID: <20220216171808.D85DDF368@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0439-1 Rating: important References: #1192121 #1193843 #1195107 #933411 SLE-20555 SLE-22663 SLE-22690 Affected Products: SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Server 15-SP3 ______________________________________________________________________________ An update that has four recommended fixes and contains three features can now be installed. Description: This update for release-notes-sles fixes the following issues: - 15.3.20220202 (tracked in bsc#933411) - Added kernel parameter changes (bsc#1195107) - Added note about IBM Power10 support (bsc#1192121) - Added note about deprecating XFS V4 (jsc#SLE-22663) - Updated note about unixODBC drivers in production (jsc#SLE-20555) - Added note about RTL8821CE support (jsc#SLE-22690) - Updated KillMode=none note (bsc#1193843) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-2022-439=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-439=1 Package List: - SUSE Linux Enterprise Server 15-SP3 (noarch): release-notes-sles-15.3.20220202-150300.3.20.1 - SUSE Linux Enterprise Installer 15-SP3 (noarch): release-notes-sles-15.3.20220202-150300.3.20.1 References: https://bugzilla.suse.com/1192121 https://bugzilla.suse.com/1193843 https://bugzilla.suse.com/1195107 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Wed Feb 16 17:20:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 18:20:17 +0100 (CET) Subject: SUSE-SU-2022:0441-1: important: Security update for glibc Message-ID: <20220216172017.7023DF368@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0441-1 Rating: important References: #1191835 #1192620 #1193478 #1194640 #1194768 #1194770 Cross-References: CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 CVSS scores: CVE-2021-3999 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23218 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-23219 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: glibc was updated to fix the following issues: Security issues fixed: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for "unix" (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Bugs fixed: - Make endian-conversion macros always return correct types (bsc#1193478, BZ #16458) - Allow dlopen of filter object to work (bsc#1192620, BZ #16272) - x86: fix stack alignment in cancelable syscall stub (bsc#1191835) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-441=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-441=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-441=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-441=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-441=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-441=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): glibc-html-2.22-114.19.1 glibc-i18ndata-2.22-114.19.1 glibc-info-2.22-114.19.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): glibc-2.22-114.19.1 glibc-32bit-2.22-114.19.1 glibc-debuginfo-2.22-114.19.1 glibc-debuginfo-32bit-2.22-114.19.1 glibc-debugsource-2.22-114.19.1 glibc-devel-2.22-114.19.1 glibc-devel-32bit-2.22-114.19.1 glibc-devel-debuginfo-2.22-114.19.1 glibc-devel-debuginfo-32bit-2.22-114.19.1 glibc-locale-2.22-114.19.1 glibc-locale-32bit-2.22-114.19.1 glibc-locale-debuginfo-2.22-114.19.1 glibc-locale-debuginfo-32bit-2.22-114.19.1 glibc-profile-2.22-114.19.1 glibc-profile-32bit-2.22-114.19.1 nscd-2.22-114.19.1 nscd-debuginfo-2.22-114.19.1 - SUSE OpenStack Cloud 9 (noarch): glibc-html-2.22-114.19.1 glibc-i18ndata-2.22-114.19.1 glibc-info-2.22-114.19.1 - SUSE OpenStack Cloud 9 (x86_64): glibc-2.22-114.19.1 glibc-32bit-2.22-114.19.1 glibc-debuginfo-2.22-114.19.1 glibc-debuginfo-32bit-2.22-114.19.1 glibc-debugsource-2.22-114.19.1 glibc-devel-2.22-114.19.1 glibc-devel-32bit-2.22-114.19.1 glibc-devel-debuginfo-2.22-114.19.1 glibc-devel-debuginfo-32bit-2.22-114.19.1 glibc-locale-2.22-114.19.1 glibc-locale-32bit-2.22-114.19.1 glibc-locale-debuginfo-2.22-114.19.1 glibc-locale-debuginfo-32bit-2.22-114.19.1 glibc-profile-2.22-114.19.1 glibc-profile-32bit-2.22-114.19.1 nscd-2.22-114.19.1 nscd-debuginfo-2.22-114.19.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-114.19.1 glibc-debugsource-2.22-114.19.1 glibc-devel-static-2.22-114.19.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): glibc-info-2.22-114.19.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): glibc-2.22-114.19.1 glibc-debuginfo-2.22-114.19.1 glibc-debugsource-2.22-114.19.1 glibc-devel-2.22-114.19.1 glibc-devel-debuginfo-2.22-114.19.1 glibc-locale-2.22-114.19.1 glibc-locale-debuginfo-2.22-114.19.1 glibc-profile-2.22-114.19.1 nscd-2.22-114.19.1 nscd-debuginfo-2.22-114.19.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): glibc-html-2.22-114.19.1 glibc-i18ndata-2.22-114.19.1 glibc-info-2.22-114.19.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): glibc-32bit-2.22-114.19.1 glibc-debuginfo-32bit-2.22-114.19.1 glibc-devel-32bit-2.22-114.19.1 glibc-devel-debuginfo-32bit-2.22-114.19.1 glibc-locale-32bit-2.22-114.19.1 glibc-locale-debuginfo-32bit-2.22-114.19.1 glibc-profile-32bit-2.22-114.19.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): glibc-2.22-114.19.1 glibc-debuginfo-2.22-114.19.1 glibc-debugsource-2.22-114.19.1 glibc-devel-2.22-114.19.1 glibc-devel-debuginfo-2.22-114.19.1 glibc-locale-2.22-114.19.1 glibc-locale-debuginfo-2.22-114.19.1 glibc-profile-2.22-114.19.1 nscd-2.22-114.19.1 nscd-debuginfo-2.22-114.19.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): glibc-32bit-2.22-114.19.1 glibc-debuginfo-32bit-2.22-114.19.1 glibc-devel-32bit-2.22-114.19.1 glibc-devel-debuginfo-32bit-2.22-114.19.1 glibc-locale-32bit-2.22-114.19.1 glibc-locale-debuginfo-32bit-2.22-114.19.1 glibc-profile-32bit-2.22-114.19.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): glibc-html-2.22-114.19.1 glibc-i18ndata-2.22-114.19.1 glibc-info-2.22-114.19.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): glibc-2.22-114.19.1 glibc-debuginfo-2.22-114.19.1 glibc-debugsource-2.22-114.19.1 glibc-devel-2.22-114.19.1 glibc-devel-debuginfo-2.22-114.19.1 glibc-locale-2.22-114.19.1 glibc-locale-debuginfo-2.22-114.19.1 glibc-profile-2.22-114.19.1 nscd-2.22-114.19.1 nscd-debuginfo-2.22-114.19.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): glibc-32bit-2.22-114.19.1 glibc-debuginfo-32bit-2.22-114.19.1 glibc-devel-32bit-2.22-114.19.1 glibc-devel-debuginfo-32bit-2.22-114.19.1 glibc-locale-32bit-2.22-114.19.1 glibc-locale-debuginfo-32bit-2.22-114.19.1 glibc-profile-32bit-2.22-114.19.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): glibc-html-2.22-114.19.1 glibc-i18ndata-2.22-114.19.1 glibc-info-2.22-114.19.1 References: https://www.suse.com/security/cve/CVE-2021-3999.html https://www.suse.com/security/cve/CVE-2022-23218.html https://www.suse.com/security/cve/CVE-2022-23219.html https://bugzilla.suse.com/1191835 https://bugzilla.suse.com/1192620 https://bugzilla.suse.com/1193478 https://bugzilla.suse.com/1194640 https://bugzilla.suse.com/1194768 https://bugzilla.suse.com/1194770 From sle-updates at lists.suse.com Wed Feb 16 17:21:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 18:21:23 +0100 (CET) Subject: SUSE-SU-2022:0440-1: important: Security update for apache2 Message-ID: <20220216172123.56CC8F368@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0440-1 Rating: important References: #1193942 #1193943 SLE-18664 Cross-References: CVE-2021-44224 CVE-2021-44790 CVSS scores: CVE-2021-44224 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2021-44224 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44790 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44790 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities, contains one feature is now available. Description: This update for apache2 fixes the following issues: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations (bsc#1193943) - CVE-2021-44790: Fixed a buffer overflow when parsing multipart content in mod_lua (bsc#1193942) This update also enables TLS 1.3 support, by building against openssl 1.1 [jsc#SLE-18664] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-440=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-440=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-35.7.1 apache2-debugsource-2.4.51-35.7.1 apache2-devel-2.4.51-35.7.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-2.4.51-35.7.1 apache2-debuginfo-2.4.51-35.7.1 apache2-debugsource-2.4.51-35.7.1 apache2-example-pages-2.4.51-35.7.1 apache2-prefork-2.4.51-35.7.1 apache2-prefork-debuginfo-2.4.51-35.7.1 apache2-utils-2.4.51-35.7.1 apache2-utils-debuginfo-2.4.51-35.7.1 apache2-worker-2.4.51-35.7.1 apache2-worker-debuginfo-2.4.51-35.7.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apache2-doc-2.4.51-35.7.1 References: https://www.suse.com/security/cve/CVE-2021-44224.html https://www.suse.com/security/cve/CVE-2021-44790.html https://bugzilla.suse.com/1193942 https://bugzilla.suse.com/1193943 From sle-updates at lists.suse.com Wed Feb 16 20:19:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 21:19:12 +0100 (CET) Subject: SUSE-FU-2022:0454-1: moderate: Feature update for venv-salt-minion Message-ID: <20220216201912.F2438F355@maintenance.suse.de> SUSE Feature Update: Feature update for venv-salt-minion ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0454-1 Rating: moderate References: #1000080 #1000117 #1000194 #1000742 #1002895 #1003091 #1005246 #1010874 #1010966 #1011936 #1015549 #1027610 #1027705 #1029902 #1030038 #1032118 #1032119 #1035604 #1039469 #1040164 #1040256 #1041090 #1042670 #1049186 #1049304 #1050653 #1050665 #1055478 #1055542 #1056951 #1057496 #1062237 #1066873 #1068790 #1070737 #1070738 #1070853 #1071941 #1073310 #1073845 #1073879 #1074247 #1076519 #1077096 #1077230 #1078329 #1079761 #1080301 #1081005 #1081750 #1081751 #1082155 #1082163 #1082318 #1083826 #1084117 #1084157 #1085276 #1085529 #1085661 #1087104 #1088573 #1090427 #1090953 #1093518 #1093917 #1094788 #1094814 #1094883 #1095267 #1096738 #1096937 #1097531 #1098535 #1099308 #1099569 #1102868 #1108508 #1109882 #1109998 #1110435 #1110869 #1110871 #1111493 #1111622 #1111657 #1112357 #1115769 #1118611 #1119376 #1119416 #1119792 #1121717 #1121852 #1122191 #1123064 #1123185 #1123186 #1123558 #1124885 #1125815 #1126283 #1126318 #1127173 #1128146 #1128323 #1128355 #1129071 #1129566 #1130840 #1132174 #1132323 #1132455 #1132663 #1132900 #1135009 #1136444 #1138666 #1138715 #1138746 #1139915 #1140255 #1141168 #1142899 #1143033 #1143454 #1143893 #1144506 #1149686 #1149792 #1150190 #1150895 #1153830 #1155815 #1156677 #1156694 #1156908 #1157104 #1157354 #1159235 #1159538 #1161557 #1161770 #1162224 #1162367 #1162743 #1163978 #1164310 #1165439 #1165578 #1165730 #1165823 #1165960 #1166139 #1166758 #1167008 #1167501 #1167732 #1167746 #1168480 #1168973 #1169489 #1170175 #1170863 #1171368 #1171561 #1172226 #1172908 #1172928 #1173226 #1173356 #1174009 #1174091 #1174514 #1175729 #1176116 #1176129 #1176134 #1176232 #1176256 #1176257 #1176258 #1176259 #1176262 #1176389 #1176785 #1176977 #1177120 #1177127 #1178168 #1178341 #1178670 #1179562 #1179630 #1179805 #1180125 #1180781 #1181126 #1181324 #1181944 #1182066 #1182211 #1182244 #1182264 #1182379 #1182963 #1183059 #1183374 #1183858 #1184505 #1185588 #1185706 #1185748 #1186738 #1187045 #1190781 #1193357 #428177 #431945 #589441 #613497 #637176 #657698 #658604 #673071 #715423 #743787 #747125 #750618 #751718 #754447 #754677 #761500 #784670 #787526 #799119 #809831 #811890 #825221 #828513 #831629 #834601 #835687 #839107 #84331 #855666 #858239 #867887 #871152 #885662 #885882 #889363 #892480 #898917 #907584 #912460 #913229 #915479 #917607 #917759 #917815 #922448 #929736 #930189 #931978 #935856 #937912 #939456 #940608 #942385 #942751 #944204 #945455 #946648 #947357 #947679 #948198 #954486 #954690 #961334 #962291 #963974 #964204 #964472 #964474 #965830 #967128 #968270 #968601 #975875 #981848 #988086 #992988 #992989 #992992 #993130 #993825 #993968 #994910 #996255 #997614 ECO-3105 SLE-12986 SLE-17532 SLE-17957 SLE-7686 SLE-9135 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available. Description: This feature update for venv-salt-minion provides the following changes: - Introduce `venv-salt-minion` salt bundle. - Mention already fixed issues provided with the bundle. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-18.04-CLIENT-TOOLS-BETA-2022-454=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3002.2-2.3.2 References: https://www.suse.com/security/cve/CVE-2011-3389.html https://www.suse.com/security/cve/CVE-2011-4944.html https://www.suse.com/security/cve/CVE-2012-0845.html https://www.suse.com/security/cve/CVE-2012-1150.html https://www.suse.com/security/cve/CVE-2013-1437.html https://www.suse.com/security/cve/CVE-2013-1752.html https://www.suse.com/security/cve/CVE-2013-4238.html https://www.suse.com/security/cve/CVE-2013-4314.html https://www.suse.com/security/cve/CVE-2014-0012.html https://www.suse.com/security/cve/CVE-2014-1829.html https://www.suse.com/security/cve/CVE-2014-1830.html https://www.suse.com/security/cve/CVE-2014-2667.html https://www.suse.com/security/cve/CVE-2014-4650.html https://www.suse.com/security/cve/CVE-2014-7202.html https://www.suse.com/security/cve/CVE-2014-7203.html https://www.suse.com/security/cve/CVE-2014-9721.html https://www.suse.com/security/cve/CVE-2015-2296.html https://www.suse.com/security/cve/CVE-2016-10745.html https://www.suse.com/security/cve/CVE-2016-1238.html https://www.suse.com/security/cve/CVE-2016-9015.html https://www.suse.com/security/cve/CVE-2017-18342.html https://www.suse.com/security/cve/CVE-2017-6512.html https://www.suse.com/security/cve/CVE-2018-18074.html https://www.suse.com/security/cve/CVE-2018-20060.html https://www.suse.com/security/cve/CVE-2018-7750.html https://www.suse.com/security/cve/CVE-2019-10906.html https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-11324.html https://www.suse.com/security/cve/CVE-2019-13132.html https://www.suse.com/security/cve/CVE-2019-20907.html https://www.suse.com/security/cve/CVE-2019-20916.html https://www.suse.com/security/cve/CVE-2019-5010.html https://www.suse.com/security/cve/CVE-2019-6250.html https://www.suse.com/security/cve/CVE-2019-8341.html https://www.suse.com/security/cve/CVE-2019-9740.html https://www.suse.com/security/cve/CVE-2019-9947.html https://www.suse.com/security/cve/CVE-2020-14343.html https://www.suse.com/security/cve/CVE-2020-15166.html https://www.suse.com/security/cve/CVE-2020-15523.html https://www.suse.com/security/cve/CVE-2020-15801.html https://www.suse.com/security/cve/CVE-2020-1747.html https://www.suse.com/security/cve/CVE-2020-25659.html https://www.suse.com/security/cve/CVE-2020-26137.html https://www.suse.com/security/cve/CVE-2020-27783.html https://www.suse.com/security/cve/CVE-2020-28493.html https://www.suse.com/security/cve/CVE-2020-29651.html https://www.suse.com/security/cve/CVE-2020-36242.html https://www.suse.com/security/cve/CVE-2020-8492.html https://www.suse.com/security/cve/CVE-2021-23336.html https://www.suse.com/security/cve/CVE-2021-28957.html https://www.suse.com/security/cve/CVE-2021-29921.html https://www.suse.com/security/cve/CVE-2021-3177.html https://www.suse.com/security/cve/CVE-2021-33503.html https://www.suse.com/security/cve/CVE-2021-3426.html https://bugzilla.suse.com/1000080 https://bugzilla.suse.com/1000117 https://bugzilla.suse.com/1000194 https://bugzilla.suse.com/1000742 https://bugzilla.suse.com/1002895 https://bugzilla.suse.com/1003091 https://bugzilla.suse.com/1005246 https://bugzilla.suse.com/1010874 https://bugzilla.suse.com/1010966 https://bugzilla.suse.com/1011936 https://bugzilla.suse.com/1015549 https://bugzilla.suse.com/1027610 https://bugzilla.suse.com/1027705 https://bugzilla.suse.com/1029902 https://bugzilla.suse.com/1030038 https://bugzilla.suse.com/1032118 https://bugzilla.suse.com/1032119 https://bugzilla.suse.com/1035604 https://bugzilla.suse.com/1039469 https://bugzilla.suse.com/1040164 https://bugzilla.suse.com/1040256 https://bugzilla.suse.com/1041090 https://bugzilla.suse.com/1042670 https://bugzilla.suse.com/1049186 https://bugzilla.suse.com/1049304 https://bugzilla.suse.com/1050653 https://bugzilla.suse.com/1050665 https://bugzilla.suse.com/1055478 https://bugzilla.suse.com/1055542 https://bugzilla.suse.com/1056951 https://bugzilla.suse.com/1057496 https://bugzilla.suse.com/1062237 https://bugzilla.suse.com/1066873 https://bugzilla.suse.com/1068790 https://bugzilla.suse.com/1070737 https://bugzilla.suse.com/1070738 https://bugzilla.suse.com/1070853 https://bugzilla.suse.com/1071941 https://bugzilla.suse.com/1073310 https://bugzilla.suse.com/1073845 https://bugzilla.suse.com/1073879 https://bugzilla.suse.com/1074247 https://bugzilla.suse.com/1076519 https://bugzilla.suse.com/1077096 https://bugzilla.suse.com/1077230 https://bugzilla.suse.com/1078329 https://bugzilla.suse.com/1079761 https://bugzilla.suse.com/1080301 https://bugzilla.suse.com/1081005 https://bugzilla.suse.com/1081750 https://bugzilla.suse.com/1081751 https://bugzilla.suse.com/1082155 https://bugzilla.suse.com/1082163 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1083826 https://bugzilla.suse.com/1084117 https://bugzilla.suse.com/1084157 https://bugzilla.suse.com/1085276 https://bugzilla.suse.com/1085529 https://bugzilla.suse.com/1085661 https://bugzilla.suse.com/1087104 https://bugzilla.suse.com/1088573 https://bugzilla.suse.com/1090427 https://bugzilla.suse.com/1090953 https://bugzilla.suse.com/1093518 https://bugzilla.suse.com/1093917 https://bugzilla.suse.com/1094788 https://bugzilla.suse.com/1094814 https://bugzilla.suse.com/1094883 https://bugzilla.suse.com/1095267 https://bugzilla.suse.com/1096738 https://bugzilla.suse.com/1096937 https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1098535 https://bugzilla.suse.com/1099308 https://bugzilla.suse.com/1099569 https://bugzilla.suse.com/1102868 https://bugzilla.suse.com/1108508 https://bugzilla.suse.com/1109882 https://bugzilla.suse.com/1109998 https://bugzilla.suse.com/1110435 https://bugzilla.suse.com/1110869 https://bugzilla.suse.com/1110871 https://bugzilla.suse.com/1111493 https://bugzilla.suse.com/1111622 https://bugzilla.suse.com/1111657 https://bugzilla.suse.com/1112357 https://bugzilla.suse.com/1115769 https://bugzilla.suse.com/1118611 https://bugzilla.suse.com/1119376 https://bugzilla.suse.com/1119416 https://bugzilla.suse.com/1119792 https://bugzilla.suse.com/1121717 https://bugzilla.suse.com/1121852 https://bugzilla.suse.com/1122191 https://bugzilla.suse.com/1123064 https://bugzilla.suse.com/1123185 https://bugzilla.suse.com/1123186 https://bugzilla.suse.com/1123558 https://bugzilla.suse.com/1124885 https://bugzilla.suse.com/1125815 https://bugzilla.suse.com/1126283 https://bugzilla.suse.com/1126318 https://bugzilla.suse.com/1127173 https://bugzilla.suse.com/1128146 https://bugzilla.suse.com/1128323 https://bugzilla.suse.com/1128355 https://bugzilla.suse.com/1129071 https://bugzilla.suse.com/1129566 https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1132174 https://bugzilla.suse.com/1132323 https://bugzilla.suse.com/1132455 https://bugzilla.suse.com/1132663 https://bugzilla.suse.com/1132900 https://bugzilla.suse.com/1135009 https://bugzilla.suse.com/1136444 https://bugzilla.suse.com/1138666 https://bugzilla.suse.com/1138715 https://bugzilla.suse.com/1138746 https://bugzilla.suse.com/1139915 https://bugzilla.suse.com/1140255 https://bugzilla.suse.com/1141168 https://bugzilla.suse.com/1142899 https://bugzilla.suse.com/1143033 https://bugzilla.suse.com/1143454 https://bugzilla.suse.com/1143893 https://bugzilla.suse.com/1144506 https://bugzilla.suse.com/1149686 https://bugzilla.suse.com/1149792 https://bugzilla.suse.com/1150190 https://bugzilla.suse.com/1150895 https://bugzilla.suse.com/1153830 https://bugzilla.suse.com/1155815 https://bugzilla.suse.com/1156677 https://bugzilla.suse.com/1156694 https://bugzilla.suse.com/1156908 https://bugzilla.suse.com/1157104 https://bugzilla.suse.com/1157354 https://bugzilla.suse.com/1159235 https://bugzilla.suse.com/1159538 https://bugzilla.suse.com/1161557 https://bugzilla.suse.com/1161770 https://bugzilla.suse.com/1162224 https://bugzilla.suse.com/1162367 https://bugzilla.suse.com/1162743 https://bugzilla.suse.com/1163978 https://bugzilla.suse.com/1164310 https://bugzilla.suse.com/1165439 https://bugzilla.suse.com/1165578 https://bugzilla.suse.com/1165730 https://bugzilla.suse.com/1165823 https://bugzilla.suse.com/1165960 https://bugzilla.suse.com/1166139 https://bugzilla.suse.com/1166758 https://bugzilla.suse.com/1167008 https://bugzilla.suse.com/1167501 https://bugzilla.suse.com/1167732 https://bugzilla.suse.com/1167746 https://bugzilla.suse.com/1168480 https://bugzilla.suse.com/1168973 https://bugzilla.suse.com/1169489 https://bugzilla.suse.com/1170175 https://bugzilla.suse.com/1170863 https://bugzilla.suse.com/1171368 https://bugzilla.suse.com/1171561 https://bugzilla.suse.com/1172226 https://bugzilla.suse.com/1172908 https://bugzilla.suse.com/1172928 https://bugzilla.suse.com/1173226 https://bugzilla.suse.com/1173356 https://bugzilla.suse.com/1174009 https://bugzilla.suse.com/1174091 https://bugzilla.suse.com/1174514 https://bugzilla.suse.com/1175729 https://bugzilla.suse.com/1176116 https://bugzilla.suse.com/1176129 https://bugzilla.suse.com/1176134 https://bugzilla.suse.com/1176232 https://bugzilla.suse.com/1176256 https://bugzilla.suse.com/1176257 https://bugzilla.suse.com/1176258 https://bugzilla.suse.com/1176259 https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1176389 https://bugzilla.suse.com/1176785 https://bugzilla.suse.com/1176977 https://bugzilla.suse.com/1177120 https://bugzilla.suse.com/1177127 https://bugzilla.suse.com/1178168 https://bugzilla.suse.com/1178341 https://bugzilla.suse.com/1178670 https://bugzilla.suse.com/1179562 https://bugzilla.suse.com/1179630 https://bugzilla.suse.com/1179805 https://bugzilla.suse.com/1180125 https://bugzilla.suse.com/1180781 https://bugzilla.suse.com/1181126 https://bugzilla.suse.com/1181324 https://bugzilla.suse.com/1181944 https://bugzilla.suse.com/1182066 https://bugzilla.suse.com/1182211 https://bugzilla.suse.com/1182244 https://bugzilla.suse.com/1182264 https://bugzilla.suse.com/1182379 https://bugzilla.suse.com/1182963 https://bugzilla.suse.com/1183059 https://bugzilla.suse.com/1183374 https://bugzilla.suse.com/1183858 https://bugzilla.suse.com/1184505 https://bugzilla.suse.com/1185588 https://bugzilla.suse.com/1185706 https://bugzilla.suse.com/1185748 https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1187045 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/428177 https://bugzilla.suse.com/431945 https://bugzilla.suse.com/589441 https://bugzilla.suse.com/613497 https://bugzilla.suse.com/637176 https://bugzilla.suse.com/657698 https://bugzilla.suse.com/658604 https://bugzilla.suse.com/673071 https://bugzilla.suse.com/715423 https://bugzilla.suse.com/743787 https://bugzilla.suse.com/747125 https://bugzilla.suse.com/750618 https://bugzilla.suse.com/751718 https://bugzilla.suse.com/754447 https://bugzilla.suse.com/754677 https://bugzilla.suse.com/761500 https://bugzilla.suse.com/784670 https://bugzilla.suse.com/787526 https://bugzilla.suse.com/799119 https://bugzilla.suse.com/809831 https://bugzilla.suse.com/811890 https://bugzilla.suse.com/825221 https://bugzilla.suse.com/828513 https://bugzilla.suse.com/831629 https://bugzilla.suse.com/834601 https://bugzilla.suse.com/835687 https://bugzilla.suse.com/839107 https://bugzilla.suse.com/84331 https://bugzilla.suse.com/855666 https://bugzilla.suse.com/858239 https://bugzilla.suse.com/867887 https://bugzilla.suse.com/871152 https://bugzilla.suse.com/885662 https://bugzilla.suse.com/885882 https://bugzilla.suse.com/889363 https://bugzilla.suse.com/892480 https://bugzilla.suse.com/898917 https://bugzilla.suse.com/907584 https://bugzilla.suse.com/912460 https://bugzilla.suse.com/913229 https://bugzilla.suse.com/915479 https://bugzilla.suse.com/917607 https://bugzilla.suse.com/917759 https://bugzilla.suse.com/917815 https://bugzilla.suse.com/922448 https://bugzilla.suse.com/929736 https://bugzilla.suse.com/930189 https://bugzilla.suse.com/931978 https://bugzilla.suse.com/935856 https://bugzilla.suse.com/937912 https://bugzilla.suse.com/939456 https://bugzilla.suse.com/940608 https://bugzilla.suse.com/942385 https://bugzilla.suse.com/942751 https://bugzilla.suse.com/944204 https://bugzilla.suse.com/945455 https://bugzilla.suse.com/946648 https://bugzilla.suse.com/947357 https://bugzilla.suse.com/947679 https://bugzilla.suse.com/948198 https://bugzilla.suse.com/954486 https://bugzilla.suse.com/954690 https://bugzilla.suse.com/961334 https://bugzilla.suse.com/962291 https://bugzilla.suse.com/963974 https://bugzilla.suse.com/964204 https://bugzilla.suse.com/964472 https://bugzilla.suse.com/964474 https://bugzilla.suse.com/965830 https://bugzilla.suse.com/967128 https://bugzilla.suse.com/968270 https://bugzilla.suse.com/968601 https://bugzilla.suse.com/975875 https://bugzilla.suse.com/981848 https://bugzilla.suse.com/988086 https://bugzilla.suse.com/992988 https://bugzilla.suse.com/992989 https://bugzilla.suse.com/992992 https://bugzilla.suse.com/993130 https://bugzilla.suse.com/993825 https://bugzilla.suse.com/993968 https://bugzilla.suse.com/994910 https://bugzilla.suse.com/996255 https://bugzilla.suse.com/997614 From sle-updates at lists.suse.com Wed Feb 16 20:45:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 21:45:05 +0100 (CET) Subject: SUSE-FU-2022:0445-1: moderate: Feature update for venv-salt-minion Message-ID: <20220216204505.9EBF5F368@maintenance.suse.de> SUSE Feature Update: Feature update for venv-salt-minion ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0445-1 Rating: moderate References: #1000080 #1000117 #1000194 #1000677 #1000742 #1001148 #1001912 #1002585 #1002895 #1003091 #1005246 #1009528 #1010874 #1010966 #1011936 #1015549 #1019637 #1021641 #1022085 #1022086 #1022271 #1027079 #1027610 #1027688 #1027705 #1027908 #1028281 #1028723 #1029523 #1029902 #1030038 #1032118 #1032119 #1035604 #1039469 #1040164 #1040256 #1041090 #1042392 #1042670 #1044095 #1044107 #1044175 #1049186 #1049304 #1050653 #1050665 #1055478 #1055542 #1055825 #1056058 #1056951 #1057496 #1062237 #1065363 #1066242 #1066873 #1068790 #1070737 #1070738 #1070853 #1071905 #1071906 #1071941 #1073310 #1073845 #1073879 #1074247 #1076519 #1077096 #1077230 #1078329 #1079761 #1080301 #1081005 #1081750 #1081751 #1082155 #1082163 #1082318 #1083826 #1084117 #1084157 #1085276 #1085529 #1085661 #1087102 #1087104 #1088573 #1089039 #1090427 #1090765 #1090953 #1093518 #1093917 #1094788 #1094814 #1094883 #1095267 #1096738 #1096937 #1097158 #1097531 #1097624 #1098535 #1098592 #1099308 #1099569 #1100078 #1101246 #1101470 #1102868 #1104789 #1106197 #1108508 #1109882 #1109998 #1110435 #1110869 #1110871 #1111493 #1111622 #1111657 #1112209 #1112357 #1113534 #1113652 #1113742 #1113975 #1115769 #1117951 #1118611 #1119376 #1119416 #1119792 #1121717 #1121852 #1122191 #1123064 #1123185 #1123186 #1123558 #1124885 #1125815 #1126283 #1126318 #1127080 #1127173 #1128146 #1128323 #1128355 #1129071 #1129566 #1130840 #1131291 #1132174 #1132323 #1132455 #1132663 #1132900 #1135009 #1136444 #1138666 #1138715 #1138746 #1139915 #1140255 #1141168 #1142899 #1143033 #1143454 #1143893 #1144506 #1149686 #1149792 #1150003 #1150190 #1150250 #1150895 #1153830 #1155815 #1156677 #1156694 #1156908 #1157104 #1157354 #1158809 #1159235 #1159538 #1160163 #1161557 #1161770 #1162224 #1162367 #1162743 #1163978 #1164310 #1165439 #1165578 #1165730 #1165823 #1165960 #1166139 #1166758 #1167008 #1167501 #1167732 #1167746 #1168480 #1168973 #1169489 #1170175 #1170863 #1171368 #1171561 #1172226 #1172908 #1172928 #1173226 #1173356 #1174009 #1174091 #1174514 #1175729 #1176116 #1176129 #1176134 #1176232 #1176256 #1176257 #1176258 #1176259 #1176262 #1176389 #1176785 #1176977 #1177120 #1177127 #1177559 #1178168 #1178341 #1178670 #1179491 #1179562 #1179630 #1179805 #1180125 #1180781 #1181126 #1181324 #1181944 #1182066 #1182211 #1182244 #1182264 #1182331 #1182333 #1182379 #1182963 #1183059 #1183374 #1183858 #1184505 #1185588 #1185706 #1185748 #1186738 #1187045 #1189521 #1190781 #1193357 #356549 #381844 #394317 #408865 #428177 #430141 #431945 #437293 #442740 #459468 #489641 #504687 #509031 #526319 #590833 #610223 #610642 #629905 #637176 #651003 #657698 #658604 #670526 #673071 #693027 #715423 #720601 #743787 #747125 #748738 #749210 #749213 #749735 #750618 #751718 #751946 #751977 #754447 #754677 #761500 #774710 #784670 #784994 #787526 #793420 #799119 #802184 #803004 #809831 #811890 #822642 #825221 #828513 #831629 #832833 #834601 #835687 #839107 #84331 #849377 #855666 #855676 #856687 #857203 #857850 #858239 #867887 #869945 #871152 #872299 #873351 #876282 #876710 #876712 #876748 #880891 #885662 #885882 #889013 #889363 #892477 #892480 #895129 #898917 #901223 #901277 #901902 #902364 #906878 #907584 #908362 #908372 #912014 #912015 #912018 #912292 #912293 #912294 #912296 #912460 #913229 #915479 #917607 #917759 #917815 #919648 #920236 #922448 #922488 #922496 #922499 #922500 #926597 #929678 #929736 #930189 #931698 #931978 #933898 #933911 #934487 #934489 #934491 #934493 #935856 #937085 #937212 #937492 #937634 #937912 #939456 #940608 #942385 #942751 #943421 #944204 #945455 #946648 #947104 #947357 #947679 #948198 #952871 #954256 #954486 #954690 #957812 #957813 #957815 #958501 #961334 #962291 #963415 #963974 #964204 #964472 #964474 #965830 #967128 #968046 #968047 #968048 #968050 #968265 #968270 #968374 #968601 #975875 #976942 #977584 #977614 #977615 #977616 #977663 #978224 #981848 #982268 #982575 #983249 #984323 #985054 #988086 #990207 #990392 #990419 #990428 #991193 #991877 #992120 #992988 #992989 #992992 #993130 #993819 #993825 #993968 #994749 #994844 #994910 #995075 #995324 #995359 #995377 #995959 #996255 #997043 #997614 #998190 #999665 #999666 #999668 ECO-3105 SLE-11435 SLE-12684 SLE-12986 SLE-13688 SLE-14253 SLE-15159 SLE-15860 SLE-15861 SLE-16754 SLE-17532 SLE-17957 SLE-18260 SLE-18354 SLE-18446 SLE-19264 SLE-3887 SLE-4480 SLE-4577 SLE-7686 SLE-9135 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available. Description: This feature update for venv-salt-minion provides the following changes: - Introduce `venv-salt-minion`. - Mention fixed issues provided with the bundle. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2022-445=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): venv-salt-minion-3002.2-3.3.2 References: https://www.suse.com/security/cve/CVE-2006-2937.html https://www.suse.com/security/cve/CVE-2006-2940.html https://www.suse.com/security/cve/CVE-2006-3738.html https://www.suse.com/security/cve/CVE-2006-4339.html https://www.suse.com/security/cve/CVE-2006-4343.html https://www.suse.com/security/cve/CVE-2006-7250.html https://www.suse.com/security/cve/CVE-2007-3108.html https://www.suse.com/security/cve/CVE-2007-4995.html https://www.suse.com/security/cve/CVE-2007-5135.html https://www.suse.com/security/cve/CVE-2008-0891.html https://www.suse.com/security/cve/CVE-2008-1672.html https://www.suse.com/security/cve/CVE-2008-5077.html https://www.suse.com/security/cve/CVE-2009-0590.html https://www.suse.com/security/cve/CVE-2009-0591.html https://www.suse.com/security/cve/CVE-2009-0789.html https://www.suse.com/security/cve/CVE-2009-1377.html https://www.suse.com/security/cve/CVE-2009-1378.html https://www.suse.com/security/cve/CVE-2009-1379.html https://www.suse.com/security/cve/CVE-2009-1386.html https://www.suse.com/security/cve/CVE-2009-1387.html https://www.suse.com/security/cve/CVE-2010-0740.html https://www.suse.com/security/cve/CVE-2010-0742.html https://www.suse.com/security/cve/CVE-2010-1633.html https://www.suse.com/security/cve/CVE-2010-2939.html https://www.suse.com/security/cve/CVE-2010-3864.html https://www.suse.com/security/cve/CVE-2010-5298.html https://www.suse.com/security/cve/CVE-2011-0014.html https://www.suse.com/security/cve/CVE-2011-3207.html https://www.suse.com/security/cve/CVE-2011-3210.html https://www.suse.com/security/cve/CVE-2011-3389.html https://www.suse.com/security/cve/CVE-2011-4108.html https://www.suse.com/security/cve/CVE-2011-4576.html https://www.suse.com/security/cve/CVE-2011-4577.html https://www.suse.com/security/cve/CVE-2011-4619.html https://www.suse.com/security/cve/CVE-2011-4944.html https://www.suse.com/security/cve/CVE-2012-0027.html https://www.suse.com/security/cve/CVE-2012-0050.html https://www.suse.com/security/cve/CVE-2012-0845.html https://www.suse.com/security/cve/CVE-2012-0884.html https://www.suse.com/security/cve/CVE-2012-1150.html https://www.suse.com/security/cve/CVE-2012-1165.html https://www.suse.com/security/cve/CVE-2012-2110.html https://www.suse.com/security/cve/CVE-2012-2686.html https://www.suse.com/security/cve/CVE-2012-4929.html https://www.suse.com/security/cve/CVE-2013-0166.html https://www.suse.com/security/cve/CVE-2013-0169.html https://www.suse.com/security/cve/CVE-2013-1752.html https://www.suse.com/security/cve/CVE-2013-4238.html https://www.suse.com/security/cve/CVE-2013-4314.html https://www.suse.com/security/cve/CVE-2013-4353.html https://www.suse.com/security/cve/CVE-2013-6449.html https://www.suse.com/security/cve/CVE-2013-6450.html https://www.suse.com/security/cve/CVE-2014-0012.html https://www.suse.com/security/cve/CVE-2014-0076.html https://www.suse.com/security/cve/CVE-2014-0160.html https://www.suse.com/security/cve/CVE-2014-0195.html https://www.suse.com/security/cve/CVE-2014-0198.html https://www.suse.com/security/cve/CVE-2014-0221.html https://www.suse.com/security/cve/CVE-2014-0224.html https://www.suse.com/security/cve/CVE-2014-1829.html https://www.suse.com/security/cve/CVE-2014-1830.html https://www.suse.com/security/cve/CVE-2014-2667.html https://www.suse.com/security/cve/CVE-2014-3470.html https://www.suse.com/security/cve/CVE-2014-3505.html https://www.suse.com/security/cve/CVE-2014-3506.html https://www.suse.com/security/cve/CVE-2014-3507.html https://www.suse.com/security/cve/CVE-2014-3508.html https://www.suse.com/security/cve/CVE-2014-3509.html https://www.suse.com/security/cve/CVE-2014-3510.html https://www.suse.com/security/cve/CVE-2014-3511.html https://www.suse.com/security/cve/CVE-2014-3512.html https://www.suse.com/security/cve/CVE-2014-3513.html https://www.suse.com/security/cve/CVE-2014-3566.html https://www.suse.com/security/cve/CVE-2014-3567.html https://www.suse.com/security/cve/CVE-2014-3568.html https://www.suse.com/security/cve/CVE-2014-3570.html https://www.suse.com/security/cve/CVE-2014-3571.html https://www.suse.com/security/cve/CVE-2014-3572.html https://www.suse.com/security/cve/CVE-2014-4650.html https://www.suse.com/security/cve/CVE-2014-5139.html https://www.suse.com/security/cve/CVE-2014-7202.html https://www.suse.com/security/cve/CVE-2014-7203.html https://www.suse.com/security/cve/CVE-2014-8275.html https://www.suse.com/security/cve/CVE-2014-9721.html https://www.suse.com/security/cve/CVE-2015-0204.html https://www.suse.com/security/cve/CVE-2015-0205.html https://www.suse.com/security/cve/CVE-2015-0206.html https://www.suse.com/security/cve/CVE-2015-0209.html https://www.suse.com/security/cve/CVE-2015-0286.html https://www.suse.com/security/cve/CVE-2015-0287.html https://www.suse.com/security/cve/CVE-2015-0288.html https://www.suse.com/security/cve/CVE-2015-0289.html https://www.suse.com/security/cve/CVE-2015-0293.html https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1791.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-2296.html https://www.suse.com/security/cve/CVE-2015-3194.html https://www.suse.com/security/cve/CVE-2015-3195.html https://www.suse.com/security/cve/CVE-2015-3196.html https://www.suse.com/security/cve/CVE-2015-3197.html https://www.suse.com/security/cve/CVE-2015-3216.html https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2016-0702.html https://www.suse.com/security/cve/CVE-2016-0705.html https://www.suse.com/security/cve/CVE-2016-0797.html https://www.suse.com/security/cve/CVE-2016-0798.html https://www.suse.com/security/cve/CVE-2016-0799.html https://www.suse.com/security/cve/CVE-2016-0800.html https://www.suse.com/security/cve/CVE-2016-10745.html https://www.suse.com/security/cve/CVE-2016-2105.html https://www.suse.com/security/cve/CVE-2016-2106.html https://www.suse.com/security/cve/CVE-2016-2107.html https://www.suse.com/security/cve/CVE-2016-2109.html https://www.suse.com/security/cve/CVE-2016-2176.html https://www.suse.com/security/cve/CVE-2016-2177.html https://www.suse.com/security/cve/CVE-2016-2178.html https://www.suse.com/security/cve/CVE-2016-2179.html https://www.suse.com/security/cve/CVE-2016-2180.html https://www.suse.com/security/cve/CVE-2016-2181.html https://www.suse.com/security/cve/CVE-2016-2182.html https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-6302.html https://www.suse.com/security/cve/CVE-2016-6303.html https://www.suse.com/security/cve/CVE-2016-6304.html https://www.suse.com/security/cve/CVE-2016-6306.html https://www.suse.com/security/cve/CVE-2016-7052.html https://www.suse.com/security/cve/CVE-2016-7055.html https://www.suse.com/security/cve/CVE-2016-9015.html https://www.suse.com/security/cve/CVE-2017-18342.html https://www.suse.com/security/cve/CVE-2017-3731.html https://www.suse.com/security/cve/CVE-2017-3732.html https://www.suse.com/security/cve/CVE-2017-3735.html https://www.suse.com/security/cve/CVE-2017-3736.html https://www.suse.com/security/cve/CVE-2017-3737.html https://www.suse.com/security/cve/CVE-2017-3738.html https://www.suse.com/security/cve/CVE-2018-0732.html https://www.suse.com/security/cve/CVE-2018-0734.html https://www.suse.com/security/cve/CVE-2018-0737.html https://www.suse.com/security/cve/CVE-2018-0739.html https://www.suse.com/security/cve/CVE-2018-18074.html https://www.suse.com/security/cve/CVE-2018-20060.html https://www.suse.com/security/cve/CVE-2018-5407.html https://www.suse.com/security/cve/CVE-2018-7750.html https://www.suse.com/security/cve/CVE-2019-10906.html https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-11324.html https://www.suse.com/security/cve/CVE-2019-13132.html https://www.suse.com/security/cve/CVE-2019-1547.html https://www.suse.com/security/cve/CVE-2019-1551.html https://www.suse.com/security/cve/CVE-2019-1559.html https://www.suse.com/security/cve/CVE-2019-1563.html https://www.suse.com/security/cve/CVE-2019-20907.html https://www.suse.com/security/cve/CVE-2019-20916.html https://www.suse.com/security/cve/CVE-2019-5010.html https://www.suse.com/security/cve/CVE-2019-6250.html https://www.suse.com/security/cve/CVE-2019-8341.html https://www.suse.com/security/cve/CVE-2019-9740.html https://www.suse.com/security/cve/CVE-2019-9947.html https://www.suse.com/security/cve/CVE-2020-14343.html https://www.suse.com/security/cve/CVE-2020-15166.html https://www.suse.com/security/cve/CVE-2020-15523.html https://www.suse.com/security/cve/CVE-2020-15801.html https://www.suse.com/security/cve/CVE-2020-1747.html https://www.suse.com/security/cve/CVE-2020-1971.html https://www.suse.com/security/cve/CVE-2020-25659.html https://www.suse.com/security/cve/CVE-2020-26137.html https://www.suse.com/security/cve/CVE-2020-27783.html https://www.suse.com/security/cve/CVE-2020-28493.html https://www.suse.com/security/cve/CVE-2020-29651.html https://www.suse.com/security/cve/CVE-2020-36242.html https://www.suse.com/security/cve/CVE-2020-8492.html https://www.suse.com/security/cve/CVE-2021-23336.html https://www.suse.com/security/cve/CVE-2021-23840.html https://www.suse.com/security/cve/CVE-2021-23841.html https://www.suse.com/security/cve/CVE-2021-28957.html https://www.suse.com/security/cve/CVE-2021-29921.html https://www.suse.com/security/cve/CVE-2021-3177.html https://www.suse.com/security/cve/CVE-2021-33503.html https://www.suse.com/security/cve/CVE-2021-3426.html https://www.suse.com/security/cve/CVE-2021-3712.html https://bugzilla.suse.com/1000080 https://bugzilla.suse.com/1000117 https://bugzilla.suse.com/1000194 https://bugzilla.suse.com/1000677 https://bugzilla.suse.com/1000742 https://bugzilla.suse.com/1001148 https://bugzilla.suse.com/1001912 https://bugzilla.suse.com/1002585 https://bugzilla.suse.com/1002895 https://bugzilla.suse.com/1003091 https://bugzilla.suse.com/1005246 https://bugzilla.suse.com/1009528 https://bugzilla.suse.com/1010874 https://bugzilla.suse.com/1010966 https://bugzilla.suse.com/1011936 https://bugzilla.suse.com/1015549 https://bugzilla.suse.com/1019637 https://bugzilla.suse.com/1021641 https://bugzilla.suse.com/1022085 https://bugzilla.suse.com/1022086 https://bugzilla.suse.com/1022271 https://bugzilla.suse.com/1027079 https://bugzilla.suse.com/1027610 https://bugzilla.suse.com/1027688 https://bugzilla.suse.com/1027705 https://bugzilla.suse.com/1027908 https://bugzilla.suse.com/1028281 https://bugzilla.suse.com/1028723 https://bugzilla.suse.com/1029523 https://bugzilla.suse.com/1029902 https://bugzilla.suse.com/1030038 https://bugzilla.suse.com/1032118 https://bugzilla.suse.com/1032119 https://bugzilla.suse.com/1035604 https://bugzilla.suse.com/1039469 https://bugzilla.suse.com/1040164 https://bugzilla.suse.com/1040256 https://bugzilla.suse.com/1041090 https://bugzilla.suse.com/1042392 https://bugzilla.suse.com/1042670 https://bugzilla.suse.com/1044095 https://bugzilla.suse.com/1044107 https://bugzilla.suse.com/1044175 https://bugzilla.suse.com/1049186 https://bugzilla.suse.com/1049304 https://bugzilla.suse.com/1050653 https://bugzilla.suse.com/1050665 https://bugzilla.suse.com/1055478 https://bugzilla.suse.com/1055542 https://bugzilla.suse.com/1055825 https://bugzilla.suse.com/1056058 https://bugzilla.suse.com/1056951 https://bugzilla.suse.com/1057496 https://bugzilla.suse.com/1062237 https://bugzilla.suse.com/1065363 https://bugzilla.suse.com/1066242 https://bugzilla.suse.com/1066873 https://bugzilla.suse.com/1068790 https://bugzilla.suse.com/1070737 https://bugzilla.suse.com/1070738 https://bugzilla.suse.com/1070853 https://bugzilla.suse.com/1071905 https://bugzilla.suse.com/1071906 https://bugzilla.suse.com/1071941 https://bugzilla.suse.com/1073310 https://bugzilla.suse.com/1073845 https://bugzilla.suse.com/1073879 https://bugzilla.suse.com/1074247 https://bugzilla.suse.com/1076519 https://bugzilla.suse.com/1077096 https://bugzilla.suse.com/1077230 https://bugzilla.suse.com/1078329 https://bugzilla.suse.com/1079761 https://bugzilla.suse.com/1080301 https://bugzilla.suse.com/1081005 https://bugzilla.suse.com/1081750 https://bugzilla.suse.com/1081751 https://bugzilla.suse.com/1082155 https://bugzilla.suse.com/1082163 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1083826 https://bugzilla.suse.com/1084117 https://bugzilla.suse.com/1084157 https://bugzilla.suse.com/1085276 https://bugzilla.suse.com/1085529 https://bugzilla.suse.com/1085661 https://bugzilla.suse.com/1087102 https://bugzilla.suse.com/1087104 https://bugzilla.suse.com/1088573 https://bugzilla.suse.com/1089039 https://bugzilla.suse.com/1090427 https://bugzilla.suse.com/1090765 https://bugzilla.suse.com/1090953 https://bugzilla.suse.com/1093518 https://bugzilla.suse.com/1093917 https://bugzilla.suse.com/1094788 https://bugzilla.suse.com/1094814 https://bugzilla.suse.com/1094883 https://bugzilla.suse.com/1095267 https://bugzilla.suse.com/1096738 https://bugzilla.suse.com/1096937 https://bugzilla.suse.com/1097158 https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1097624 https://bugzilla.suse.com/1098535 https://bugzilla.suse.com/1098592 https://bugzilla.suse.com/1099308 https://bugzilla.suse.com/1099569 https://bugzilla.suse.com/1100078 https://bugzilla.suse.com/1101246 https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1102868 https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1106197 https://bugzilla.suse.com/1108508 https://bugzilla.suse.com/1109882 https://bugzilla.suse.com/1109998 https://bugzilla.suse.com/1110435 https://bugzilla.suse.com/1110869 https://bugzilla.suse.com/1110871 https://bugzilla.suse.com/1111493 https://bugzilla.suse.com/1111622 https://bugzilla.suse.com/1111657 https://bugzilla.suse.com/1112209 https://bugzilla.suse.com/1112357 https://bugzilla.suse.com/1113534 https://bugzilla.suse.com/1113652 https://bugzilla.suse.com/1113742 https://bugzilla.suse.com/1113975 https://bugzilla.suse.com/1115769 https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1118611 https://bugzilla.suse.com/1119376 https://bugzilla.suse.com/1119416 https://bugzilla.suse.com/1119792 https://bugzilla.suse.com/1121717 https://bugzilla.suse.com/1121852 https://bugzilla.suse.com/1122191 https://bugzilla.suse.com/1123064 https://bugzilla.suse.com/1123185 https://bugzilla.suse.com/1123186 https://bugzilla.suse.com/1123558 https://bugzilla.suse.com/1124885 https://bugzilla.suse.com/1125815 https://bugzilla.suse.com/1126283 https://bugzilla.suse.com/1126318 https://bugzilla.suse.com/1127080 https://bugzilla.suse.com/1127173 https://bugzilla.suse.com/1128146 https://bugzilla.suse.com/1128323 https://bugzilla.suse.com/1128355 https://bugzilla.suse.com/1129071 https://bugzilla.suse.com/1129566 https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1131291 https://bugzilla.suse.com/1132174 https://bugzilla.suse.com/1132323 https://bugzilla.suse.com/1132455 https://bugzilla.suse.com/1132663 https://bugzilla.suse.com/1132900 https://bugzilla.suse.com/1135009 https://bugzilla.suse.com/1136444 https://bugzilla.suse.com/1138666 https://bugzilla.suse.com/1138715 https://bugzilla.suse.com/1138746 https://bugzilla.suse.com/1139915 https://bugzilla.suse.com/1140255 https://bugzilla.suse.com/1141168 https://bugzilla.suse.com/1142899 https://bugzilla.suse.com/1143033 https://bugzilla.suse.com/1143454 https://bugzilla.suse.com/1143893 https://bugzilla.suse.com/1144506 https://bugzilla.suse.com/1149686 https://bugzilla.suse.com/1149792 https://bugzilla.suse.com/1150003 https://bugzilla.suse.com/1150190 https://bugzilla.suse.com/1150250 https://bugzilla.suse.com/1150895 https://bugzilla.suse.com/1153830 https://bugzilla.suse.com/1155815 https://bugzilla.suse.com/1156677 https://bugzilla.suse.com/1156694 https://bugzilla.suse.com/1156908 https://bugzilla.suse.com/1157104 https://bugzilla.suse.com/1157354 https://bugzilla.suse.com/1158809 https://bugzilla.suse.com/1159235 https://bugzilla.suse.com/1159538 https://bugzilla.suse.com/1160163 https://bugzilla.suse.com/1161557 https://bugzilla.suse.com/1161770 https://bugzilla.suse.com/1162224 https://bugzilla.suse.com/1162367 https://bugzilla.suse.com/1162743 https://bugzilla.suse.com/1163978 https://bugzilla.suse.com/1164310 https://bugzilla.suse.com/1165439 https://bugzilla.suse.com/1165578 https://bugzilla.suse.com/1165730 https://bugzilla.suse.com/1165823 https://bugzilla.suse.com/1165960 https://bugzilla.suse.com/1166139 https://bugzilla.suse.com/1166758 https://bugzilla.suse.com/1167008 https://bugzilla.suse.com/1167501 https://bugzilla.suse.com/1167732 https://bugzilla.suse.com/1167746 https://bugzilla.suse.com/1168480 https://bugzilla.suse.com/1168973 https://bugzilla.suse.com/1169489 https://bugzilla.suse.com/1170175 https://bugzilla.suse.com/1170863 https://bugzilla.suse.com/1171368 https://bugzilla.suse.com/1171561 https://bugzilla.suse.com/1172226 https://bugzilla.suse.com/1172908 https://bugzilla.suse.com/1172928 https://bugzilla.suse.com/1173226 https://bugzilla.suse.com/1173356 https://bugzilla.suse.com/1174009 https://bugzilla.suse.com/1174091 https://bugzilla.suse.com/1174514 https://bugzilla.suse.com/1175729 https://bugzilla.suse.com/1176116 https://bugzilla.suse.com/1176129 https://bugzilla.suse.com/1176134 https://bugzilla.suse.com/1176232 https://bugzilla.suse.com/1176256 https://bugzilla.suse.com/1176257 https://bugzilla.suse.com/1176258 https://bugzilla.suse.com/1176259 https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1176389 https://bugzilla.suse.com/1176785 https://bugzilla.suse.com/1176977 https://bugzilla.suse.com/1177120 https://bugzilla.suse.com/1177127 https://bugzilla.suse.com/1177559 https://bugzilla.suse.com/1178168 https://bugzilla.suse.com/1178341 https://bugzilla.suse.com/1178670 https://bugzilla.suse.com/1179491 https://bugzilla.suse.com/1179562 https://bugzilla.suse.com/1179630 https://bugzilla.suse.com/1179805 https://bugzilla.suse.com/1180125 https://bugzilla.suse.com/1180781 https://bugzilla.suse.com/1181126 https://bugzilla.suse.com/1181324 https://bugzilla.suse.com/1181944 https://bugzilla.suse.com/1182066 https://bugzilla.suse.com/1182211 https://bugzilla.suse.com/1182244 https://bugzilla.suse.com/1182264 https://bugzilla.suse.com/1182331 https://bugzilla.suse.com/1182333 https://bugzilla.suse.com/1182379 https://bugzilla.suse.com/1182963 https://bugzilla.suse.com/1183059 https://bugzilla.suse.com/1183374 https://bugzilla.suse.com/1183858 https://bugzilla.suse.com/1184505 https://bugzilla.suse.com/1185588 https://bugzilla.suse.com/1185706 https://bugzilla.suse.com/1185748 https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1187045 https://bugzilla.suse.com/1189521 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/356549 https://bugzilla.suse.com/381844 https://bugzilla.suse.com/394317 https://bugzilla.suse.com/408865 https://bugzilla.suse.com/428177 https://bugzilla.suse.com/430141 https://bugzilla.suse.com/431945 https://bugzilla.suse.com/437293 https://bugzilla.suse.com/442740 https://bugzilla.suse.com/459468 https://bugzilla.suse.com/489641 https://bugzilla.suse.com/504687 https://bugzilla.suse.com/509031 https://bugzilla.suse.com/526319 https://bugzilla.suse.com/590833 https://bugzilla.suse.com/610223 https://bugzilla.suse.com/610642 https://bugzilla.suse.com/629905 https://bugzilla.suse.com/637176 https://bugzilla.suse.com/651003 https://bugzilla.suse.com/657698 https://bugzilla.suse.com/658604 https://bugzilla.suse.com/670526 https://bugzilla.suse.com/673071 https://bugzilla.suse.com/693027 https://bugzilla.suse.com/715423 https://bugzilla.suse.com/720601 https://bugzilla.suse.com/743787 https://bugzilla.suse.com/747125 https://bugzilla.suse.com/748738 https://bugzilla.suse.com/749210 https://bugzilla.suse.com/749213 https://bugzilla.suse.com/749735 https://bugzilla.suse.com/750618 https://bugzilla.suse.com/751718 https://bugzilla.suse.com/751946 https://bugzilla.suse.com/751977 https://bugzilla.suse.com/754447 https://bugzilla.suse.com/754677 https://bugzilla.suse.com/761500 https://bugzilla.suse.com/774710 https://bugzilla.suse.com/784670 https://bugzilla.suse.com/784994 https://bugzilla.suse.com/787526 https://bugzilla.suse.com/793420 https://bugzilla.suse.com/799119 https://bugzilla.suse.com/802184 https://bugzilla.suse.com/803004 https://bugzilla.suse.com/809831 https://bugzilla.suse.com/811890 https://bugzilla.suse.com/822642 https://bugzilla.suse.com/825221 https://bugzilla.suse.com/828513 https://bugzilla.suse.com/831629 https://bugzilla.suse.com/832833 https://bugzilla.suse.com/834601 https://bugzilla.suse.com/835687 https://bugzilla.suse.com/839107 https://bugzilla.suse.com/84331 https://bugzilla.suse.com/849377 https://bugzilla.suse.com/855666 https://bugzilla.suse.com/855676 https://bugzilla.suse.com/856687 https://bugzilla.suse.com/857203 https://bugzilla.suse.com/857850 https://bugzilla.suse.com/858239 https://bugzilla.suse.com/867887 https://bugzilla.suse.com/869945 https://bugzilla.suse.com/871152 https://bugzilla.suse.com/872299 https://bugzilla.suse.com/873351 https://bugzilla.suse.com/876282 https://bugzilla.suse.com/876710 https://bugzilla.suse.com/876712 https://bugzilla.suse.com/876748 https://bugzilla.suse.com/880891 https://bugzilla.suse.com/885662 https://bugzilla.suse.com/885882 https://bugzilla.suse.com/889013 https://bugzilla.suse.com/889363 https://bugzilla.suse.com/892477 https://bugzilla.suse.com/892480 https://bugzilla.suse.com/895129 https://bugzilla.suse.com/898917 https://bugzilla.suse.com/901223 https://bugzilla.suse.com/901277 https://bugzilla.suse.com/901902 https://bugzilla.suse.com/902364 https://bugzilla.suse.com/906878 https://bugzilla.suse.com/907584 https://bugzilla.suse.com/908362 https://bugzilla.suse.com/908372 https://bugzilla.suse.com/912014 https://bugzilla.suse.com/912015 https://bugzilla.suse.com/912018 https://bugzilla.suse.com/912292 https://bugzilla.suse.com/912293 https://bugzilla.suse.com/912294 https://bugzilla.suse.com/912296 https://bugzilla.suse.com/912460 https://bugzilla.suse.com/913229 https://bugzilla.suse.com/915479 https://bugzilla.suse.com/917607 https://bugzilla.suse.com/917759 https://bugzilla.suse.com/917815 https://bugzilla.suse.com/919648 https://bugzilla.suse.com/920236 https://bugzilla.suse.com/922448 https://bugzilla.suse.com/922488 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 https://bugzilla.suse.com/926597 https://bugzilla.suse.com/929678 https://bugzilla.suse.com/929736 https://bugzilla.suse.com/930189 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/931978 https://bugzilla.suse.com/933898 https://bugzilla.suse.com/933911 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://bugzilla.suse.com/934493 https://bugzilla.suse.com/935856 https://bugzilla.suse.com/937085 https://bugzilla.suse.com/937212 https://bugzilla.suse.com/937492 https://bugzilla.suse.com/937634 https://bugzilla.suse.com/937912 https://bugzilla.suse.com/939456 https://bugzilla.suse.com/940608 https://bugzilla.suse.com/942385 https://bugzilla.suse.com/942751 https://bugzilla.suse.com/943421 https://bugzilla.suse.com/944204 https://bugzilla.suse.com/945455 https://bugzilla.suse.com/946648 https://bugzilla.suse.com/947104 https://bugzilla.suse.com/947357 https://bugzilla.suse.com/947679 https://bugzilla.suse.com/948198 https://bugzilla.suse.com/952871 https://bugzilla.suse.com/954256 https://bugzilla.suse.com/954486 https://bugzilla.suse.com/954690 https://bugzilla.suse.com/957812 https://bugzilla.suse.com/957813 https://bugzilla.suse.com/957815 https://bugzilla.suse.com/958501 https://bugzilla.suse.com/961334 https://bugzilla.suse.com/962291 https://bugzilla.suse.com/963415 https://bugzilla.suse.com/963974 https://bugzilla.suse.com/964204 https://bugzilla.suse.com/964472 https://bugzilla.suse.com/964474 https://bugzilla.suse.com/965830 https://bugzilla.suse.com/967128 https://bugzilla.suse.com/968046 https://bugzilla.suse.com/968047 https://bugzilla.suse.com/968048 https://bugzilla.suse.com/968050 https://bugzilla.suse.com/968265 https://bugzilla.suse.com/968270 https://bugzilla.suse.com/968374 https://bugzilla.suse.com/968601 https://bugzilla.suse.com/975875 https://bugzilla.suse.com/976942 https://bugzilla.suse.com/977584 https://bugzilla.suse.com/977614 https://bugzilla.suse.com/977615 https://bugzilla.suse.com/977616 https://bugzilla.suse.com/977663 https://bugzilla.suse.com/978224 https://bugzilla.suse.com/981848 https://bugzilla.suse.com/982268 https://bugzilla.suse.com/982575 https://bugzilla.suse.com/983249 https://bugzilla.suse.com/984323 https://bugzilla.suse.com/985054 https://bugzilla.suse.com/988086 https://bugzilla.suse.com/990207 https://bugzilla.suse.com/990392 https://bugzilla.suse.com/990419 https://bugzilla.suse.com/990428 https://bugzilla.suse.com/991193 https://bugzilla.suse.com/991877 https://bugzilla.suse.com/992120 https://bugzilla.suse.com/992988 https://bugzilla.suse.com/992989 https://bugzilla.suse.com/992992 https://bugzilla.suse.com/993130 https://bugzilla.suse.com/993819 https://bugzilla.suse.com/993825 https://bugzilla.suse.com/993968 https://bugzilla.suse.com/994749 https://bugzilla.suse.com/994844 https://bugzilla.suse.com/994910 https://bugzilla.suse.com/995075 https://bugzilla.suse.com/995324 https://bugzilla.suse.com/995359 https://bugzilla.suse.com/995377 https://bugzilla.suse.com/995959 https://bugzilla.suse.com/996255 https://bugzilla.suse.com/997043 https://bugzilla.suse.com/997614 https://bugzilla.suse.com/998190 https://bugzilla.suse.com/999665 https://bugzilla.suse.com/999666 https://bugzilla.suse.com/999668 From sle-updates at lists.suse.com Wed Feb 16 21:27:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 22:27:47 +0100 (CET) Subject: SUSE-FU-2022:0456-1: moderate: Feature update for venv-salt-minion Message-ID: <20220216212747.6F843F368@maintenance.suse.de> SUSE Feature Update: Feature update for venv-salt-minion ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0456-1 Rating: moderate References: #1000080 #1000117 #1000194 #1000742 #1002895 #1003091 #1005246 #1010874 #1010966 #1011936 #1015549 #1027610 #1027705 #1029902 #1030038 #1032118 #1032119 #1035604 #1039469 #1040164 #1040256 #1041090 #1042670 #1049186 #1049304 #1050653 #1050665 #1055478 #1055542 #1056951 #1057496 #1062237 #1066873 #1068790 #1070737 #1070738 #1070853 #1071941 #1073310 #1073845 #1073879 #1074247 #1076519 #1077096 #1077230 #1078329 #1079761 #1080301 #1081005 #1081750 #1081751 #1082155 #1082163 #1082318 #1083826 #1084117 #1084157 #1085276 #1085529 #1085661 #1087104 #1088573 #1090427 #1090953 #1093518 #1093917 #1094788 #1094814 #1094883 #1095267 #1096738 #1096937 #1097531 #1098535 #1099308 #1099569 #1102868 #1108508 #1109882 #1109998 #1110435 #1110869 #1110871 #1111493 #1111622 #1111657 #1112357 #1115769 #1118611 #1119376 #1119416 #1119792 #1121717 #1121852 #1122191 #1123064 #1123185 #1123186 #1123558 #1124885 #1125815 #1126283 #1126318 #1127173 #1128146 #1128323 #1128355 #1129071 #1129566 #1130840 #1132174 #1132323 #1132455 #1132663 #1132900 #1135009 #1136444 #1138666 #1138715 #1138746 #1139915 #1140255 #1141168 #1142899 #1143033 #1143454 #1143893 #1144506 #1149686 #1149792 #1150190 #1150895 #1153830 #1155815 #1156677 #1156694 #1156908 #1157104 #1157354 #1159235 #1159538 #1161557 #1161770 #1162224 #1162367 #1162743 #1163978 #1164310 #1165439 #1165578 #1165730 #1165823 #1165960 #1166139 #1166758 #1167008 #1167501 #1167732 #1167746 #1168480 #1168973 #1169489 #1170175 #1170863 #1171368 #1171561 #1172226 #1172908 #1172928 #1173226 #1173356 #1174009 #1174091 #1174514 #1175729 #1176116 #1176129 #1176134 #1176232 #1176256 #1176257 #1176258 #1176259 #1176262 #1176389 #1176785 #1176977 #1177120 #1177127 #1178168 #1178341 #1178670 #1179562 #1179630 #1179805 #1180125 #1180781 #1181126 #1181324 #1181944 #1182066 #1182211 #1182244 #1182264 #1182379 #1182963 #1183059 #1183374 #1183858 #1184505 #1185588 #1185706 #1185748 #1186738 #1187045 #1190781 #1193357 #428177 #431945 #589441 #613497 #637176 #657698 #658604 #673071 #715423 #743787 #747125 #750618 #751718 #754447 #754677 #761500 #784670 #787526 #799119 #809831 #811890 #825221 #828513 #831629 #834601 #835687 #839107 #84331 #855666 #858239 #867887 #871152 #885662 #885882 #889363 #892480 #898917 #907584 #912460 #913229 #915479 #917607 #917759 #917815 #922448 #929736 #930189 #931978 #935856 #937912 #939456 #940608 #942385 #942751 #944204 #945455 #946648 #947357 #947679 #948198 #954486 #954690 #961334 #962291 #963974 #964204 #964472 #964474 #965830 #967128 #968270 #968601 #975875 #981848 #988086 #992988 #992989 #992992 #993130 #993825 #993968 #994910 #996255 #997614 ECO-3105 SLE-12986 SLE-17532 SLE-17957 SLE-7686 SLE-9135 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available. Description: This feature update for venv-salt-minion provides the following changes: - Introduce `venv-salt-minion` salt bundle. - Mention already fixed issues provided with the bundle. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-20.04-CLIENT-TOOLS-BETA-2022-456=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3002.2-2.3.2 References: https://www.suse.com/security/cve/CVE-2011-3389.html https://www.suse.com/security/cve/CVE-2011-4944.html https://www.suse.com/security/cve/CVE-2012-0845.html https://www.suse.com/security/cve/CVE-2012-1150.html https://www.suse.com/security/cve/CVE-2013-1437.html https://www.suse.com/security/cve/CVE-2013-1752.html https://www.suse.com/security/cve/CVE-2013-4238.html https://www.suse.com/security/cve/CVE-2013-4314.html https://www.suse.com/security/cve/CVE-2014-0012.html https://www.suse.com/security/cve/CVE-2014-1829.html https://www.suse.com/security/cve/CVE-2014-1830.html https://www.suse.com/security/cve/CVE-2014-2667.html https://www.suse.com/security/cve/CVE-2014-4650.html https://www.suse.com/security/cve/CVE-2014-7202.html https://www.suse.com/security/cve/CVE-2014-7203.html https://www.suse.com/security/cve/CVE-2014-9721.html https://www.suse.com/security/cve/CVE-2015-2296.html https://www.suse.com/security/cve/CVE-2016-10745.html https://www.suse.com/security/cve/CVE-2016-1238.html https://www.suse.com/security/cve/CVE-2016-9015.html https://www.suse.com/security/cve/CVE-2017-18342.html https://www.suse.com/security/cve/CVE-2017-6512.html https://www.suse.com/security/cve/CVE-2018-18074.html https://www.suse.com/security/cve/CVE-2018-20060.html https://www.suse.com/security/cve/CVE-2018-7750.html https://www.suse.com/security/cve/CVE-2019-10906.html https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-11324.html https://www.suse.com/security/cve/CVE-2019-13132.html https://www.suse.com/security/cve/CVE-2019-20907.html https://www.suse.com/security/cve/CVE-2019-20916.html https://www.suse.com/security/cve/CVE-2019-5010.html https://www.suse.com/security/cve/CVE-2019-6250.html https://www.suse.com/security/cve/CVE-2019-8341.html https://www.suse.com/security/cve/CVE-2019-9740.html https://www.suse.com/security/cve/CVE-2019-9947.html https://www.suse.com/security/cve/CVE-2020-14343.html https://www.suse.com/security/cve/CVE-2020-15166.html https://www.suse.com/security/cve/CVE-2020-15523.html https://www.suse.com/security/cve/CVE-2020-15801.html https://www.suse.com/security/cve/CVE-2020-1747.html https://www.suse.com/security/cve/CVE-2020-25659.html https://www.suse.com/security/cve/CVE-2020-26137.html https://www.suse.com/security/cve/CVE-2020-27783.html https://www.suse.com/security/cve/CVE-2020-28493.html https://www.suse.com/security/cve/CVE-2020-29651.html https://www.suse.com/security/cve/CVE-2020-36242.html https://www.suse.com/security/cve/CVE-2020-8492.html https://www.suse.com/security/cve/CVE-2021-23336.html https://www.suse.com/security/cve/CVE-2021-28957.html https://www.suse.com/security/cve/CVE-2021-29921.html https://www.suse.com/security/cve/CVE-2021-3177.html https://www.suse.com/security/cve/CVE-2021-33503.html https://www.suse.com/security/cve/CVE-2021-3426.html https://bugzilla.suse.com/1000080 https://bugzilla.suse.com/1000117 https://bugzilla.suse.com/1000194 https://bugzilla.suse.com/1000742 https://bugzilla.suse.com/1002895 https://bugzilla.suse.com/1003091 https://bugzilla.suse.com/1005246 https://bugzilla.suse.com/1010874 https://bugzilla.suse.com/1010966 https://bugzilla.suse.com/1011936 https://bugzilla.suse.com/1015549 https://bugzilla.suse.com/1027610 https://bugzilla.suse.com/1027705 https://bugzilla.suse.com/1029902 https://bugzilla.suse.com/1030038 https://bugzilla.suse.com/1032118 https://bugzilla.suse.com/1032119 https://bugzilla.suse.com/1035604 https://bugzilla.suse.com/1039469 https://bugzilla.suse.com/1040164 https://bugzilla.suse.com/1040256 https://bugzilla.suse.com/1041090 https://bugzilla.suse.com/1042670 https://bugzilla.suse.com/1049186 https://bugzilla.suse.com/1049304 https://bugzilla.suse.com/1050653 https://bugzilla.suse.com/1050665 https://bugzilla.suse.com/1055478 https://bugzilla.suse.com/1055542 https://bugzilla.suse.com/1056951 https://bugzilla.suse.com/1057496 https://bugzilla.suse.com/1062237 https://bugzilla.suse.com/1066873 https://bugzilla.suse.com/1068790 https://bugzilla.suse.com/1070737 https://bugzilla.suse.com/1070738 https://bugzilla.suse.com/1070853 https://bugzilla.suse.com/1071941 https://bugzilla.suse.com/1073310 https://bugzilla.suse.com/1073845 https://bugzilla.suse.com/1073879 https://bugzilla.suse.com/1074247 https://bugzilla.suse.com/1076519 https://bugzilla.suse.com/1077096 https://bugzilla.suse.com/1077230 https://bugzilla.suse.com/1078329 https://bugzilla.suse.com/1079761 https://bugzilla.suse.com/1080301 https://bugzilla.suse.com/1081005 https://bugzilla.suse.com/1081750 https://bugzilla.suse.com/1081751 https://bugzilla.suse.com/1082155 https://bugzilla.suse.com/1082163 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1083826 https://bugzilla.suse.com/1084117 https://bugzilla.suse.com/1084157 https://bugzilla.suse.com/1085276 https://bugzilla.suse.com/1085529 https://bugzilla.suse.com/1085661 https://bugzilla.suse.com/1087104 https://bugzilla.suse.com/1088573 https://bugzilla.suse.com/1090427 https://bugzilla.suse.com/1090953 https://bugzilla.suse.com/1093518 https://bugzilla.suse.com/1093917 https://bugzilla.suse.com/1094788 https://bugzilla.suse.com/1094814 https://bugzilla.suse.com/1094883 https://bugzilla.suse.com/1095267 https://bugzilla.suse.com/1096738 https://bugzilla.suse.com/1096937 https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1098535 https://bugzilla.suse.com/1099308 https://bugzilla.suse.com/1099569 https://bugzilla.suse.com/1102868 https://bugzilla.suse.com/1108508 https://bugzilla.suse.com/1109882 https://bugzilla.suse.com/1109998 https://bugzilla.suse.com/1110435 https://bugzilla.suse.com/1110869 https://bugzilla.suse.com/1110871 https://bugzilla.suse.com/1111493 https://bugzilla.suse.com/1111622 https://bugzilla.suse.com/1111657 https://bugzilla.suse.com/1112357 https://bugzilla.suse.com/1115769 https://bugzilla.suse.com/1118611 https://bugzilla.suse.com/1119376 https://bugzilla.suse.com/1119416 https://bugzilla.suse.com/1119792 https://bugzilla.suse.com/1121717 https://bugzilla.suse.com/1121852 https://bugzilla.suse.com/1122191 https://bugzilla.suse.com/1123064 https://bugzilla.suse.com/1123185 https://bugzilla.suse.com/1123186 https://bugzilla.suse.com/1123558 https://bugzilla.suse.com/1124885 https://bugzilla.suse.com/1125815 https://bugzilla.suse.com/1126283 https://bugzilla.suse.com/1126318 https://bugzilla.suse.com/1127173 https://bugzilla.suse.com/1128146 https://bugzilla.suse.com/1128323 https://bugzilla.suse.com/1128355 https://bugzilla.suse.com/1129071 https://bugzilla.suse.com/1129566 https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1132174 https://bugzilla.suse.com/1132323 https://bugzilla.suse.com/1132455 https://bugzilla.suse.com/1132663 https://bugzilla.suse.com/1132900 https://bugzilla.suse.com/1135009 https://bugzilla.suse.com/1136444 https://bugzilla.suse.com/1138666 https://bugzilla.suse.com/1138715 https://bugzilla.suse.com/1138746 https://bugzilla.suse.com/1139915 https://bugzilla.suse.com/1140255 https://bugzilla.suse.com/1141168 https://bugzilla.suse.com/1142899 https://bugzilla.suse.com/1143033 https://bugzilla.suse.com/1143454 https://bugzilla.suse.com/1143893 https://bugzilla.suse.com/1144506 https://bugzilla.suse.com/1149686 https://bugzilla.suse.com/1149792 https://bugzilla.suse.com/1150190 https://bugzilla.suse.com/1150895 https://bugzilla.suse.com/1153830 https://bugzilla.suse.com/1155815 https://bugzilla.suse.com/1156677 https://bugzilla.suse.com/1156694 https://bugzilla.suse.com/1156908 https://bugzilla.suse.com/1157104 https://bugzilla.suse.com/1157354 https://bugzilla.suse.com/1159235 https://bugzilla.suse.com/1159538 https://bugzilla.suse.com/1161557 https://bugzilla.suse.com/1161770 https://bugzilla.suse.com/1162224 https://bugzilla.suse.com/1162367 https://bugzilla.suse.com/1162743 https://bugzilla.suse.com/1163978 https://bugzilla.suse.com/1164310 https://bugzilla.suse.com/1165439 https://bugzilla.suse.com/1165578 https://bugzilla.suse.com/1165730 https://bugzilla.suse.com/1165823 https://bugzilla.suse.com/1165960 https://bugzilla.suse.com/1166139 https://bugzilla.suse.com/1166758 https://bugzilla.suse.com/1167008 https://bugzilla.suse.com/1167501 https://bugzilla.suse.com/1167732 https://bugzilla.suse.com/1167746 https://bugzilla.suse.com/1168480 https://bugzilla.suse.com/1168973 https://bugzilla.suse.com/1169489 https://bugzilla.suse.com/1170175 https://bugzilla.suse.com/1170863 https://bugzilla.suse.com/1171368 https://bugzilla.suse.com/1171561 https://bugzilla.suse.com/1172226 https://bugzilla.suse.com/1172908 https://bugzilla.suse.com/1172928 https://bugzilla.suse.com/1173226 https://bugzilla.suse.com/1173356 https://bugzilla.suse.com/1174009 https://bugzilla.suse.com/1174091 https://bugzilla.suse.com/1174514 https://bugzilla.suse.com/1175729 https://bugzilla.suse.com/1176116 https://bugzilla.suse.com/1176129 https://bugzilla.suse.com/1176134 https://bugzilla.suse.com/1176232 https://bugzilla.suse.com/1176256 https://bugzilla.suse.com/1176257 https://bugzilla.suse.com/1176258 https://bugzilla.suse.com/1176259 https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1176389 https://bugzilla.suse.com/1176785 https://bugzilla.suse.com/1176977 https://bugzilla.suse.com/1177120 https://bugzilla.suse.com/1177127 https://bugzilla.suse.com/1178168 https://bugzilla.suse.com/1178341 https://bugzilla.suse.com/1178670 https://bugzilla.suse.com/1179562 https://bugzilla.suse.com/1179630 https://bugzilla.suse.com/1179805 https://bugzilla.suse.com/1180125 https://bugzilla.suse.com/1180781 https://bugzilla.suse.com/1181126 https://bugzilla.suse.com/1181324 https://bugzilla.suse.com/1181944 https://bugzilla.suse.com/1182066 https://bugzilla.suse.com/1182211 https://bugzilla.suse.com/1182244 https://bugzilla.suse.com/1182264 https://bugzilla.suse.com/1182379 https://bugzilla.suse.com/1182963 https://bugzilla.suse.com/1183059 https://bugzilla.suse.com/1183374 https://bugzilla.suse.com/1183858 https://bugzilla.suse.com/1184505 https://bugzilla.suse.com/1185588 https://bugzilla.suse.com/1185706 https://bugzilla.suse.com/1185748 https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1187045 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/428177 https://bugzilla.suse.com/431945 https://bugzilla.suse.com/589441 https://bugzilla.suse.com/613497 https://bugzilla.suse.com/637176 https://bugzilla.suse.com/657698 https://bugzilla.suse.com/658604 https://bugzilla.suse.com/673071 https://bugzilla.suse.com/715423 https://bugzilla.suse.com/743787 https://bugzilla.suse.com/747125 https://bugzilla.suse.com/750618 https://bugzilla.suse.com/751718 https://bugzilla.suse.com/754447 https://bugzilla.suse.com/754677 https://bugzilla.suse.com/761500 https://bugzilla.suse.com/784670 https://bugzilla.suse.com/787526 https://bugzilla.suse.com/799119 https://bugzilla.suse.com/809831 https://bugzilla.suse.com/811890 https://bugzilla.suse.com/825221 https://bugzilla.suse.com/828513 https://bugzilla.suse.com/831629 https://bugzilla.suse.com/834601 https://bugzilla.suse.com/835687 https://bugzilla.suse.com/839107 https://bugzilla.suse.com/84331 https://bugzilla.suse.com/855666 https://bugzilla.suse.com/858239 https://bugzilla.suse.com/867887 https://bugzilla.suse.com/871152 https://bugzilla.suse.com/885662 https://bugzilla.suse.com/885882 https://bugzilla.suse.com/889363 https://bugzilla.suse.com/892480 https://bugzilla.suse.com/898917 https://bugzilla.suse.com/907584 https://bugzilla.suse.com/912460 https://bugzilla.suse.com/913229 https://bugzilla.suse.com/915479 https://bugzilla.suse.com/917607 https://bugzilla.suse.com/917759 https://bugzilla.suse.com/917815 https://bugzilla.suse.com/922448 https://bugzilla.suse.com/929736 https://bugzilla.suse.com/930189 https://bugzilla.suse.com/931978 https://bugzilla.suse.com/935856 https://bugzilla.suse.com/937912 https://bugzilla.suse.com/939456 https://bugzilla.suse.com/940608 https://bugzilla.suse.com/942385 https://bugzilla.suse.com/942751 https://bugzilla.suse.com/944204 https://bugzilla.suse.com/945455 https://bugzilla.suse.com/946648 https://bugzilla.suse.com/947357 https://bugzilla.suse.com/947679 https://bugzilla.suse.com/948198 https://bugzilla.suse.com/954486 https://bugzilla.suse.com/954690 https://bugzilla.suse.com/961334 https://bugzilla.suse.com/962291 https://bugzilla.suse.com/963974 https://bugzilla.suse.com/964204 https://bugzilla.suse.com/964472 https://bugzilla.suse.com/964474 https://bugzilla.suse.com/965830 https://bugzilla.suse.com/967128 https://bugzilla.suse.com/968270 https://bugzilla.suse.com/968601 https://bugzilla.suse.com/975875 https://bugzilla.suse.com/981848 https://bugzilla.suse.com/988086 https://bugzilla.suse.com/992988 https://bugzilla.suse.com/992989 https://bugzilla.suse.com/992992 https://bugzilla.suse.com/993130 https://bugzilla.suse.com/993825 https://bugzilla.suse.com/993968 https://bugzilla.suse.com/994910 https://bugzilla.suse.com/996255 https://bugzilla.suse.com/997614 From sle-updates at lists.suse.com Wed Feb 16 21:54:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 22:54:06 +0100 (CET) Subject: SUSE-FU-2022:0450-1: moderate: Feature update for venv-salt-minion Message-ID: <20220216215406.5C6C2F368@maintenance.suse.de> SUSE Feature Update: Feature update for venv-salt-minion ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0450-1 Rating: moderate References: #1000080 #1000117 #1000194 #1000742 #1002895 #1003091 #1005246 #1010874 #1010966 #1011936 #1015549 #1027610 #1027705 #1029902 #1030038 #1032118 #1032119 #1035604 #1039469 #1040164 #1040256 #1041090 #1042670 #1049186 #1049304 #1050653 #1050665 #1055478 #1055542 #1056951 #1057496 #1062237 #1066873 #1068790 #1070737 #1070738 #1070853 #1071941 #1073310 #1073845 #1073879 #1074247 #1076519 #1077096 #1077230 #1078329 #1079761 #1080301 #1081005 #1081750 #1081751 #1082155 #1082163 #1082318 #1083826 #1084117 #1084157 #1085276 #1085529 #1085661 #1087104 #1088573 #1090427 #1090953 #1093518 #1093917 #1094788 #1094814 #1094883 #1095267 #1096738 #1096937 #1097531 #1098535 #1099308 #1099569 #1102868 #1108508 #1109882 #1109998 #1110435 #1110869 #1110871 #1111493 #1111622 #1111657 #1112357 #1115769 #1118611 #1119376 #1119416 #1119792 #1121717 #1121852 #1122191 #1123064 #1123185 #1123186 #1123558 #1124885 #1125815 #1126283 #1126318 #1127173 #1128146 #1128323 #1128355 #1129071 #1129566 #1130840 #1132174 #1132323 #1132455 #1132663 #1132900 #1135009 #1136444 #1138666 #1138715 #1138746 #1139915 #1140255 #1141168 #1142899 #1143033 #1143454 #1143893 #1144506 #1149686 #1149792 #1150190 #1150895 #1153830 #1155815 #1156677 #1156694 #1156908 #1157104 #1157354 #1159235 #1159538 #1161557 #1161770 #1162224 #1162367 #1162743 #1163978 #1164310 #1165439 #1165578 #1165730 #1165823 #1165960 #1166139 #1166758 #1167008 #1167501 #1167732 #1167746 #1168480 #1168973 #1169489 #1170175 #1170863 #1171368 #1171561 #1172226 #1172908 #1172928 #1173226 #1173356 #1174009 #1174091 #1174514 #1175729 #1176116 #1176129 #1176134 #1176232 #1176256 #1176257 #1176258 #1176259 #1176262 #1176389 #1176785 #1176977 #1177120 #1177127 #1178168 #1178341 #1178670 #1179562 #1179630 #1179805 #1180125 #1180781 #1181126 #1181324 #1181944 #1182066 #1182211 #1182244 #1182264 #1182379 #1182963 #1183059 #1183374 #1183858 #1184505 #1185588 #1185706 #1185748 #1186738 #1187045 #1190781 #1193357 #428177 #431945 #589441 #613497 #637176 #657698 #658604 #673071 #715423 #743787 #747125 #750618 #751718 #754447 #754677 #761500 #784670 #787526 #799119 #809831 #811890 #825221 #828513 #831629 #834601 #835687 #839107 #84331 #855666 #858239 #867887 #871152 #885662 #885882 #889363 #892480 #898917 #907584 #912460 #913229 #915479 #917607 #917759 #917815 #922448 #929736 #930189 #931978 #935856 #937912 #939456 #940608 #942385 #942751 #944204 #945455 #946648 #947357 #947679 #948198 #954486 #954690 #961334 #962291 #963974 #964204 #964472 #964474 #965830 #967128 #968270 #968601 #975875 #981848 #988086 #992988 #992989 #992992 #993130 #993825 #993968 #994910 #996255 #997614 ECO-3105 SLE-12986 SLE-17532 SLE-17957 SLE-7686 SLE-9135 Affected Products: SUSE Manager Debian 11-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available. Description: This feature update for venv-salt-minion provides the following changes: - Introduce `venv-salt-minion` salt bundle. - Mention already fixed issues. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 11-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-BETA-2022-450=1 Package List: - SUSE Manager Debian 11-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3002.2-2.3.2 References: https://www.suse.com/security/cve/CVE-2011-3389.html https://www.suse.com/security/cve/CVE-2011-4944.html https://www.suse.com/security/cve/CVE-2012-0845.html https://www.suse.com/security/cve/CVE-2012-1150.html https://www.suse.com/security/cve/CVE-2013-1437.html https://www.suse.com/security/cve/CVE-2013-1752.html https://www.suse.com/security/cve/CVE-2013-4238.html https://www.suse.com/security/cve/CVE-2013-4314.html https://www.suse.com/security/cve/CVE-2014-0012.html https://www.suse.com/security/cve/CVE-2014-1829.html https://www.suse.com/security/cve/CVE-2014-1830.html https://www.suse.com/security/cve/CVE-2014-2667.html https://www.suse.com/security/cve/CVE-2014-4650.html https://www.suse.com/security/cve/CVE-2014-7202.html https://www.suse.com/security/cve/CVE-2014-7203.html https://www.suse.com/security/cve/CVE-2014-9721.html https://www.suse.com/security/cve/CVE-2015-2296.html https://www.suse.com/security/cve/CVE-2016-10745.html https://www.suse.com/security/cve/CVE-2016-1238.html https://www.suse.com/security/cve/CVE-2016-9015.html https://www.suse.com/security/cve/CVE-2017-18342.html https://www.suse.com/security/cve/CVE-2017-6512.html https://www.suse.com/security/cve/CVE-2018-18074.html https://www.suse.com/security/cve/CVE-2018-20060.html https://www.suse.com/security/cve/CVE-2018-7750.html https://www.suse.com/security/cve/CVE-2019-10906.html https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-11324.html https://www.suse.com/security/cve/CVE-2019-13132.html https://www.suse.com/security/cve/CVE-2019-20907.html https://www.suse.com/security/cve/CVE-2019-20916.html https://www.suse.com/security/cve/CVE-2019-5010.html https://www.suse.com/security/cve/CVE-2019-6250.html https://www.suse.com/security/cve/CVE-2019-8341.html https://www.suse.com/security/cve/CVE-2019-9740.html https://www.suse.com/security/cve/CVE-2019-9947.html https://www.suse.com/security/cve/CVE-2020-14343.html https://www.suse.com/security/cve/CVE-2020-15166.html https://www.suse.com/security/cve/CVE-2020-15523.html https://www.suse.com/security/cve/CVE-2020-15801.html https://www.suse.com/security/cve/CVE-2020-1747.html https://www.suse.com/security/cve/CVE-2020-25659.html https://www.suse.com/security/cve/CVE-2020-26137.html https://www.suse.com/security/cve/CVE-2020-27783.html https://www.suse.com/security/cve/CVE-2020-28493.html https://www.suse.com/security/cve/CVE-2020-29651.html https://www.suse.com/security/cve/CVE-2020-36242.html https://www.suse.com/security/cve/CVE-2020-8492.html https://www.suse.com/security/cve/CVE-2021-23336.html https://www.suse.com/security/cve/CVE-2021-28957.html https://www.suse.com/security/cve/CVE-2021-29921.html https://www.suse.com/security/cve/CVE-2021-3177.html https://www.suse.com/security/cve/CVE-2021-33503.html https://www.suse.com/security/cve/CVE-2021-3426.html https://bugzilla.suse.com/1000080 https://bugzilla.suse.com/1000117 https://bugzilla.suse.com/1000194 https://bugzilla.suse.com/1000742 https://bugzilla.suse.com/1002895 https://bugzilla.suse.com/1003091 https://bugzilla.suse.com/1005246 https://bugzilla.suse.com/1010874 https://bugzilla.suse.com/1010966 https://bugzilla.suse.com/1011936 https://bugzilla.suse.com/1015549 https://bugzilla.suse.com/1027610 https://bugzilla.suse.com/1027705 https://bugzilla.suse.com/1029902 https://bugzilla.suse.com/1030038 https://bugzilla.suse.com/1032118 https://bugzilla.suse.com/1032119 https://bugzilla.suse.com/1035604 https://bugzilla.suse.com/1039469 https://bugzilla.suse.com/1040164 https://bugzilla.suse.com/1040256 https://bugzilla.suse.com/1041090 https://bugzilla.suse.com/1042670 https://bugzilla.suse.com/1049186 https://bugzilla.suse.com/1049304 https://bugzilla.suse.com/1050653 https://bugzilla.suse.com/1050665 https://bugzilla.suse.com/1055478 https://bugzilla.suse.com/1055542 https://bugzilla.suse.com/1056951 https://bugzilla.suse.com/1057496 https://bugzilla.suse.com/1062237 https://bugzilla.suse.com/1066873 https://bugzilla.suse.com/1068790 https://bugzilla.suse.com/1070737 https://bugzilla.suse.com/1070738 https://bugzilla.suse.com/1070853 https://bugzilla.suse.com/1071941 https://bugzilla.suse.com/1073310 https://bugzilla.suse.com/1073845 https://bugzilla.suse.com/1073879 https://bugzilla.suse.com/1074247 https://bugzilla.suse.com/1076519 https://bugzilla.suse.com/1077096 https://bugzilla.suse.com/1077230 https://bugzilla.suse.com/1078329 https://bugzilla.suse.com/1079761 https://bugzilla.suse.com/1080301 https://bugzilla.suse.com/1081005 https://bugzilla.suse.com/1081750 https://bugzilla.suse.com/1081751 https://bugzilla.suse.com/1082155 https://bugzilla.suse.com/1082163 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1083826 https://bugzilla.suse.com/1084117 https://bugzilla.suse.com/1084157 https://bugzilla.suse.com/1085276 https://bugzilla.suse.com/1085529 https://bugzilla.suse.com/1085661 https://bugzilla.suse.com/1087104 https://bugzilla.suse.com/1088573 https://bugzilla.suse.com/1090427 https://bugzilla.suse.com/1090953 https://bugzilla.suse.com/1093518 https://bugzilla.suse.com/1093917 https://bugzilla.suse.com/1094788 https://bugzilla.suse.com/1094814 https://bugzilla.suse.com/1094883 https://bugzilla.suse.com/1095267 https://bugzilla.suse.com/1096738 https://bugzilla.suse.com/1096937 https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1098535 https://bugzilla.suse.com/1099308 https://bugzilla.suse.com/1099569 https://bugzilla.suse.com/1102868 https://bugzilla.suse.com/1108508 https://bugzilla.suse.com/1109882 https://bugzilla.suse.com/1109998 https://bugzilla.suse.com/1110435 https://bugzilla.suse.com/1110869 https://bugzilla.suse.com/1110871 https://bugzilla.suse.com/1111493 https://bugzilla.suse.com/1111622 https://bugzilla.suse.com/1111657 https://bugzilla.suse.com/1112357 https://bugzilla.suse.com/1115769 https://bugzilla.suse.com/1118611 https://bugzilla.suse.com/1119376 https://bugzilla.suse.com/1119416 https://bugzilla.suse.com/1119792 https://bugzilla.suse.com/1121717 https://bugzilla.suse.com/1121852 https://bugzilla.suse.com/1122191 https://bugzilla.suse.com/1123064 https://bugzilla.suse.com/1123185 https://bugzilla.suse.com/1123186 https://bugzilla.suse.com/1123558 https://bugzilla.suse.com/1124885 https://bugzilla.suse.com/1125815 https://bugzilla.suse.com/1126283 https://bugzilla.suse.com/1126318 https://bugzilla.suse.com/1127173 https://bugzilla.suse.com/1128146 https://bugzilla.suse.com/1128323 https://bugzilla.suse.com/1128355 https://bugzilla.suse.com/1129071 https://bugzilla.suse.com/1129566 https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1132174 https://bugzilla.suse.com/1132323 https://bugzilla.suse.com/1132455 https://bugzilla.suse.com/1132663 https://bugzilla.suse.com/1132900 https://bugzilla.suse.com/1135009 https://bugzilla.suse.com/1136444 https://bugzilla.suse.com/1138666 https://bugzilla.suse.com/1138715 https://bugzilla.suse.com/1138746 https://bugzilla.suse.com/1139915 https://bugzilla.suse.com/1140255 https://bugzilla.suse.com/1141168 https://bugzilla.suse.com/1142899 https://bugzilla.suse.com/1143033 https://bugzilla.suse.com/1143454 https://bugzilla.suse.com/1143893 https://bugzilla.suse.com/1144506 https://bugzilla.suse.com/1149686 https://bugzilla.suse.com/1149792 https://bugzilla.suse.com/1150190 https://bugzilla.suse.com/1150895 https://bugzilla.suse.com/1153830 https://bugzilla.suse.com/1155815 https://bugzilla.suse.com/1156677 https://bugzilla.suse.com/1156694 https://bugzilla.suse.com/1156908 https://bugzilla.suse.com/1157104 https://bugzilla.suse.com/1157354 https://bugzilla.suse.com/1159235 https://bugzilla.suse.com/1159538 https://bugzilla.suse.com/1161557 https://bugzilla.suse.com/1161770 https://bugzilla.suse.com/1162224 https://bugzilla.suse.com/1162367 https://bugzilla.suse.com/1162743 https://bugzilla.suse.com/1163978 https://bugzilla.suse.com/1164310 https://bugzilla.suse.com/1165439 https://bugzilla.suse.com/1165578 https://bugzilla.suse.com/1165730 https://bugzilla.suse.com/1165823 https://bugzilla.suse.com/1165960 https://bugzilla.suse.com/1166139 https://bugzilla.suse.com/1166758 https://bugzilla.suse.com/1167008 https://bugzilla.suse.com/1167501 https://bugzilla.suse.com/1167732 https://bugzilla.suse.com/1167746 https://bugzilla.suse.com/1168480 https://bugzilla.suse.com/1168973 https://bugzilla.suse.com/1169489 https://bugzilla.suse.com/1170175 https://bugzilla.suse.com/1170863 https://bugzilla.suse.com/1171368 https://bugzilla.suse.com/1171561 https://bugzilla.suse.com/1172226 https://bugzilla.suse.com/1172908 https://bugzilla.suse.com/1172928 https://bugzilla.suse.com/1173226 https://bugzilla.suse.com/1173356 https://bugzilla.suse.com/1174009 https://bugzilla.suse.com/1174091 https://bugzilla.suse.com/1174514 https://bugzilla.suse.com/1175729 https://bugzilla.suse.com/1176116 https://bugzilla.suse.com/1176129 https://bugzilla.suse.com/1176134 https://bugzilla.suse.com/1176232 https://bugzilla.suse.com/1176256 https://bugzilla.suse.com/1176257 https://bugzilla.suse.com/1176258 https://bugzilla.suse.com/1176259 https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1176389 https://bugzilla.suse.com/1176785 https://bugzilla.suse.com/1176977 https://bugzilla.suse.com/1177120 https://bugzilla.suse.com/1177127 https://bugzilla.suse.com/1178168 https://bugzilla.suse.com/1178341 https://bugzilla.suse.com/1178670 https://bugzilla.suse.com/1179562 https://bugzilla.suse.com/1179630 https://bugzilla.suse.com/1179805 https://bugzilla.suse.com/1180125 https://bugzilla.suse.com/1180781 https://bugzilla.suse.com/1181126 https://bugzilla.suse.com/1181324 https://bugzilla.suse.com/1181944 https://bugzilla.suse.com/1182066 https://bugzilla.suse.com/1182211 https://bugzilla.suse.com/1182244 https://bugzilla.suse.com/1182264 https://bugzilla.suse.com/1182379 https://bugzilla.suse.com/1182963 https://bugzilla.suse.com/1183059 https://bugzilla.suse.com/1183374 https://bugzilla.suse.com/1183858 https://bugzilla.suse.com/1184505 https://bugzilla.suse.com/1185588 https://bugzilla.suse.com/1185706 https://bugzilla.suse.com/1185748 https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1187045 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/428177 https://bugzilla.suse.com/431945 https://bugzilla.suse.com/589441 https://bugzilla.suse.com/613497 https://bugzilla.suse.com/637176 https://bugzilla.suse.com/657698 https://bugzilla.suse.com/658604 https://bugzilla.suse.com/673071 https://bugzilla.suse.com/715423 https://bugzilla.suse.com/743787 https://bugzilla.suse.com/747125 https://bugzilla.suse.com/750618 https://bugzilla.suse.com/751718 https://bugzilla.suse.com/754447 https://bugzilla.suse.com/754677 https://bugzilla.suse.com/761500 https://bugzilla.suse.com/784670 https://bugzilla.suse.com/787526 https://bugzilla.suse.com/799119 https://bugzilla.suse.com/809831 https://bugzilla.suse.com/811890 https://bugzilla.suse.com/825221 https://bugzilla.suse.com/828513 https://bugzilla.suse.com/831629 https://bugzilla.suse.com/834601 https://bugzilla.suse.com/835687 https://bugzilla.suse.com/839107 https://bugzilla.suse.com/84331 https://bugzilla.suse.com/855666 https://bugzilla.suse.com/858239 https://bugzilla.suse.com/867887 https://bugzilla.suse.com/871152 https://bugzilla.suse.com/885662 https://bugzilla.suse.com/885882 https://bugzilla.suse.com/889363 https://bugzilla.suse.com/892480 https://bugzilla.suse.com/898917 https://bugzilla.suse.com/907584 https://bugzilla.suse.com/912460 https://bugzilla.suse.com/913229 https://bugzilla.suse.com/915479 https://bugzilla.suse.com/917607 https://bugzilla.suse.com/917759 https://bugzilla.suse.com/917815 https://bugzilla.suse.com/922448 https://bugzilla.suse.com/929736 https://bugzilla.suse.com/930189 https://bugzilla.suse.com/931978 https://bugzilla.suse.com/935856 https://bugzilla.suse.com/937912 https://bugzilla.suse.com/939456 https://bugzilla.suse.com/940608 https://bugzilla.suse.com/942385 https://bugzilla.suse.com/942751 https://bugzilla.suse.com/944204 https://bugzilla.suse.com/945455 https://bugzilla.suse.com/946648 https://bugzilla.suse.com/947357 https://bugzilla.suse.com/947679 https://bugzilla.suse.com/948198 https://bugzilla.suse.com/954486 https://bugzilla.suse.com/954690 https://bugzilla.suse.com/961334 https://bugzilla.suse.com/962291 https://bugzilla.suse.com/963974 https://bugzilla.suse.com/964204 https://bugzilla.suse.com/964472 https://bugzilla.suse.com/964474 https://bugzilla.suse.com/965830 https://bugzilla.suse.com/967128 https://bugzilla.suse.com/968270 https://bugzilla.suse.com/968601 https://bugzilla.suse.com/975875 https://bugzilla.suse.com/981848 https://bugzilla.suse.com/988086 https://bugzilla.suse.com/992988 https://bugzilla.suse.com/992989 https://bugzilla.suse.com/992992 https://bugzilla.suse.com/993130 https://bugzilla.suse.com/993825 https://bugzilla.suse.com/993968 https://bugzilla.suse.com/994910 https://bugzilla.suse.com/996255 https://bugzilla.suse.com/997614 From sle-updates at lists.suse.com Wed Feb 16 22:20:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 23:20:54 +0100 (CET) Subject: SUSE-FU-2022:0444-1: moderate: Feature update for venv-salt-minion Message-ID: <20220216222054.E2A30F368@maintenance.suse.de> SUSE Feature Update: Feature update for venv-salt-minion ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0444-1 Rating: moderate References: #1000080 #1000117 #1000194 #1000742 #1002895 #1003091 #1005246 #1010874 #1010966 #1011936 #1015549 #1027610 #1027705 #1029902 #1030038 #1032118 #1032119 #1035604 #1039469 #1040164 #1040256 #1041090 #1042670 #1049186 #1049304 #1050653 #1050665 #1055478 #1055542 #1056951 #1057496 #1062237 #1066873 #1068790 #1070737 #1070738 #1070853 #1071941 #1073310 #1073845 #1073879 #1074247 #1076519 #1077096 #1077230 #1078329 #1079761 #1080301 #1081005 #1081750 #1081751 #1082155 #1082163 #1082318 #1083826 #1084117 #1084157 #1085276 #1085529 #1085661 #1087104 #1088573 #1090427 #1090953 #1093518 #1093917 #1094788 #1094814 #1094883 #1095267 #1096738 #1096937 #1097531 #1098535 #1099308 #1099569 #1102868 #1108508 #1109882 #1109998 #1110435 #1110869 #1110871 #1111493 #1111622 #1111657 #1112357 #1115769 #1118611 #1119376 #1119416 #1119792 #1121717 #1121852 #1122191 #1123064 #1123185 #1123186 #1123558 #1124885 #1125815 #1126283 #1126318 #1127173 #1128146 #1128323 #1128355 #1129071 #1129566 #1130840 #1132174 #1132323 #1132455 #1132663 #1132900 #1135009 #1136444 #1138666 #1138715 #1138746 #1139915 #1140255 #1141168 #1142899 #1143033 #1143454 #1143893 #1144506 #1149686 #1149792 #1150190 #1150895 #1153830 #1155815 #1156677 #1156694 #1156908 #1157104 #1157354 #1159235 #1159538 #1161557 #1161770 #1162224 #1162367 #1162743 #1163978 #1164310 #1165439 #1165578 #1165730 #1165823 #1165960 #1166139 #1166758 #1167008 #1167501 #1167732 #1167746 #1168480 #1168973 #1169489 #1170175 #1170863 #1171368 #1171561 #1172226 #1172908 #1172928 #1173226 #1173356 #1174009 #1174091 #1174514 #1175729 #1176116 #1176129 #1176134 #1176232 #1176256 #1176257 #1176258 #1176259 #1176262 #1176389 #1176785 #1176977 #1177120 #1177127 #1177559 #1178168 #1178341 #1178670 #1179562 #1179630 #1179805 #1180125 #1180781 #1181126 #1181324 #1181944 #1182066 #1182211 #1182244 #1182264 #1182379 #1182963 #1183059 #1183374 #1183858 #1184505 #1185588 #1185706 #1185748 #1186738 #1187045 #1190781 #1193357 #428177 #431945 #637176 #657698 #658604 #673071 #715423 #743787 #747125 #750618 #751718 #754447 #754677 #761500 #784670 #787526 #799119 #809831 #811890 #825221 #828513 #831629 #834601 #835687 #839107 #84331 #855666 #858239 #867887 #871152 #885662 #885882 #889363 #892480 #898917 #907584 #912460 #913229 #915479 #917607 #917759 #917815 #922448 #929736 #930189 #931978 #935856 #937912 #939456 #940608 #942385 #942751 #944204 #945455 #946648 #947357 #947679 #948198 #954486 #954690 #961334 #962291 #963974 #964204 #964472 #964474 #965830 #967128 #968270 #968601 #975875 #981848 #988086 #992988 #992989 #992992 #993130 #993825 #993968 #994910 #996255 #997614 ECO-3105 SLE-11435 SLE-12684 SLE-12986 SLE-13688 SLE-14253 SLE-15159 SLE-15860 SLE-15861 SLE-16754 SLE-17532 SLE-17957 SLE-18260 SLE-18354 SLE-18446 SLE-19264 SLE-3887 SLE-4480 SLE-4577 SLE-7686 SLE-9135 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that solves 51 vulnerabilities, contains 21 features and has 249 fixes is now available. Description: This feature update for venv-salt-minion provides the following changes: - Introduce `venv-salt-minion`. - Track already fixed issues. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2022-444=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): venv-salt-minion-3002.2-159000.3.3.2 References: https://www.suse.com/security/cve/CVE-2011-3389.html https://www.suse.com/security/cve/CVE-2011-4944.html https://www.suse.com/security/cve/CVE-2012-0845.html https://www.suse.com/security/cve/CVE-2012-1150.html https://www.suse.com/security/cve/CVE-2013-1752.html https://www.suse.com/security/cve/CVE-2013-4238.html https://www.suse.com/security/cve/CVE-2013-4314.html https://www.suse.com/security/cve/CVE-2014-0012.html https://www.suse.com/security/cve/CVE-2014-1829.html https://www.suse.com/security/cve/CVE-2014-1830.html https://www.suse.com/security/cve/CVE-2014-2667.html https://www.suse.com/security/cve/CVE-2014-4650.html https://www.suse.com/security/cve/CVE-2014-7202.html https://www.suse.com/security/cve/CVE-2014-7203.html https://www.suse.com/security/cve/CVE-2014-9721.html https://www.suse.com/security/cve/CVE-2015-2296.html https://www.suse.com/security/cve/CVE-2016-10745.html https://www.suse.com/security/cve/CVE-2016-9015.html https://www.suse.com/security/cve/CVE-2017-18342.html https://www.suse.com/security/cve/CVE-2018-18074.html https://www.suse.com/security/cve/CVE-2018-20060.html https://www.suse.com/security/cve/CVE-2018-7750.html https://www.suse.com/security/cve/CVE-2019-10906.html https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-11324.html https://www.suse.com/security/cve/CVE-2019-13132.html https://www.suse.com/security/cve/CVE-2019-20907.html https://www.suse.com/security/cve/CVE-2019-20916.html https://www.suse.com/security/cve/CVE-2019-5010.html https://www.suse.com/security/cve/CVE-2019-6250.html https://www.suse.com/security/cve/CVE-2019-8341.html https://www.suse.com/security/cve/CVE-2019-9740.html https://www.suse.com/security/cve/CVE-2019-9947.html https://www.suse.com/security/cve/CVE-2020-14343.html https://www.suse.com/security/cve/CVE-2020-15166.html https://www.suse.com/security/cve/CVE-2020-15523.html https://www.suse.com/security/cve/CVE-2020-15801.html https://www.suse.com/security/cve/CVE-2020-1747.html https://www.suse.com/security/cve/CVE-2020-25659.html https://www.suse.com/security/cve/CVE-2020-26137.html https://www.suse.com/security/cve/CVE-2020-27783.html https://www.suse.com/security/cve/CVE-2020-28493.html https://www.suse.com/security/cve/CVE-2020-29651.html https://www.suse.com/security/cve/CVE-2020-36242.html https://www.suse.com/security/cve/CVE-2020-8492.html https://www.suse.com/security/cve/CVE-2021-23336.html https://www.suse.com/security/cve/CVE-2021-28957.html https://www.suse.com/security/cve/CVE-2021-29921.html https://www.suse.com/security/cve/CVE-2021-3177.html https://www.suse.com/security/cve/CVE-2021-33503.html https://www.suse.com/security/cve/CVE-2021-3426.html https://bugzilla.suse.com/1000080 https://bugzilla.suse.com/1000117 https://bugzilla.suse.com/1000194 https://bugzilla.suse.com/1000742 https://bugzilla.suse.com/1002895 https://bugzilla.suse.com/1003091 https://bugzilla.suse.com/1005246 https://bugzilla.suse.com/1010874 https://bugzilla.suse.com/1010966 https://bugzilla.suse.com/1011936 https://bugzilla.suse.com/1015549 https://bugzilla.suse.com/1027610 https://bugzilla.suse.com/1027705 https://bugzilla.suse.com/1029902 https://bugzilla.suse.com/1030038 https://bugzilla.suse.com/1032118 https://bugzilla.suse.com/1032119 https://bugzilla.suse.com/1035604 https://bugzilla.suse.com/1039469 https://bugzilla.suse.com/1040164 https://bugzilla.suse.com/1040256 https://bugzilla.suse.com/1041090 https://bugzilla.suse.com/1042670 https://bugzilla.suse.com/1049186 https://bugzilla.suse.com/1049304 https://bugzilla.suse.com/1050653 https://bugzilla.suse.com/1050665 https://bugzilla.suse.com/1055478 https://bugzilla.suse.com/1055542 https://bugzilla.suse.com/1056951 https://bugzilla.suse.com/1057496 https://bugzilla.suse.com/1062237 https://bugzilla.suse.com/1066873 https://bugzilla.suse.com/1068790 https://bugzilla.suse.com/1070737 https://bugzilla.suse.com/1070738 https://bugzilla.suse.com/1070853 https://bugzilla.suse.com/1071941 https://bugzilla.suse.com/1073310 https://bugzilla.suse.com/1073845 https://bugzilla.suse.com/1073879 https://bugzilla.suse.com/1074247 https://bugzilla.suse.com/1076519 https://bugzilla.suse.com/1077096 https://bugzilla.suse.com/1077230 https://bugzilla.suse.com/1078329 https://bugzilla.suse.com/1079761 https://bugzilla.suse.com/1080301 https://bugzilla.suse.com/1081005 https://bugzilla.suse.com/1081750 https://bugzilla.suse.com/1081751 https://bugzilla.suse.com/1082155 https://bugzilla.suse.com/1082163 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1083826 https://bugzilla.suse.com/1084117 https://bugzilla.suse.com/1084157 https://bugzilla.suse.com/1085276 https://bugzilla.suse.com/1085529 https://bugzilla.suse.com/1085661 https://bugzilla.suse.com/1087104 https://bugzilla.suse.com/1088573 https://bugzilla.suse.com/1090427 https://bugzilla.suse.com/1090953 https://bugzilla.suse.com/1093518 https://bugzilla.suse.com/1093917 https://bugzilla.suse.com/1094788 https://bugzilla.suse.com/1094814 https://bugzilla.suse.com/1094883 https://bugzilla.suse.com/1095267 https://bugzilla.suse.com/1096738 https://bugzilla.suse.com/1096937 https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1098535 https://bugzilla.suse.com/1099308 https://bugzilla.suse.com/1099569 https://bugzilla.suse.com/1102868 https://bugzilla.suse.com/1108508 https://bugzilla.suse.com/1109882 https://bugzilla.suse.com/1109998 https://bugzilla.suse.com/1110435 https://bugzilla.suse.com/1110869 https://bugzilla.suse.com/1110871 https://bugzilla.suse.com/1111493 https://bugzilla.suse.com/1111622 https://bugzilla.suse.com/1111657 https://bugzilla.suse.com/1112357 https://bugzilla.suse.com/1115769 https://bugzilla.suse.com/1118611 https://bugzilla.suse.com/1119376 https://bugzilla.suse.com/1119416 https://bugzilla.suse.com/1119792 https://bugzilla.suse.com/1121717 https://bugzilla.suse.com/1121852 https://bugzilla.suse.com/1122191 https://bugzilla.suse.com/1123064 https://bugzilla.suse.com/1123185 https://bugzilla.suse.com/1123186 https://bugzilla.suse.com/1123558 https://bugzilla.suse.com/1124885 https://bugzilla.suse.com/1125815 https://bugzilla.suse.com/1126283 https://bugzilla.suse.com/1126318 https://bugzilla.suse.com/1127173 https://bugzilla.suse.com/1128146 https://bugzilla.suse.com/1128323 https://bugzilla.suse.com/1128355 https://bugzilla.suse.com/1129071 https://bugzilla.suse.com/1129566 https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1132174 https://bugzilla.suse.com/1132323 https://bugzilla.suse.com/1132455 https://bugzilla.suse.com/1132663 https://bugzilla.suse.com/1132900 https://bugzilla.suse.com/1135009 https://bugzilla.suse.com/1136444 https://bugzilla.suse.com/1138666 https://bugzilla.suse.com/1138715 https://bugzilla.suse.com/1138746 https://bugzilla.suse.com/1139915 https://bugzilla.suse.com/1140255 https://bugzilla.suse.com/1141168 https://bugzilla.suse.com/1142899 https://bugzilla.suse.com/1143033 https://bugzilla.suse.com/1143454 https://bugzilla.suse.com/1143893 https://bugzilla.suse.com/1144506 https://bugzilla.suse.com/1149686 https://bugzilla.suse.com/1149792 https://bugzilla.suse.com/1150190 https://bugzilla.suse.com/1150895 https://bugzilla.suse.com/1153830 https://bugzilla.suse.com/1155815 https://bugzilla.suse.com/1156677 https://bugzilla.suse.com/1156694 https://bugzilla.suse.com/1156908 https://bugzilla.suse.com/1157104 https://bugzilla.suse.com/1157354 https://bugzilla.suse.com/1159235 https://bugzilla.suse.com/1159538 https://bugzilla.suse.com/1161557 https://bugzilla.suse.com/1161770 https://bugzilla.suse.com/1162224 https://bugzilla.suse.com/1162367 https://bugzilla.suse.com/1162743 https://bugzilla.suse.com/1163978 https://bugzilla.suse.com/1164310 https://bugzilla.suse.com/1165439 https://bugzilla.suse.com/1165578 https://bugzilla.suse.com/1165730 https://bugzilla.suse.com/1165823 https://bugzilla.suse.com/1165960 https://bugzilla.suse.com/1166139 https://bugzilla.suse.com/1166758 https://bugzilla.suse.com/1167008 https://bugzilla.suse.com/1167501 https://bugzilla.suse.com/1167732 https://bugzilla.suse.com/1167746 https://bugzilla.suse.com/1168480 https://bugzilla.suse.com/1168973 https://bugzilla.suse.com/1169489 https://bugzilla.suse.com/1170175 https://bugzilla.suse.com/1170863 https://bugzilla.suse.com/1171368 https://bugzilla.suse.com/1171561 https://bugzilla.suse.com/1172226 https://bugzilla.suse.com/1172908 https://bugzilla.suse.com/1172928 https://bugzilla.suse.com/1173226 https://bugzilla.suse.com/1173356 https://bugzilla.suse.com/1174009 https://bugzilla.suse.com/1174091 https://bugzilla.suse.com/1174514 https://bugzilla.suse.com/1175729 https://bugzilla.suse.com/1176116 https://bugzilla.suse.com/1176129 https://bugzilla.suse.com/1176134 https://bugzilla.suse.com/1176232 https://bugzilla.suse.com/1176256 https://bugzilla.suse.com/1176257 https://bugzilla.suse.com/1176258 https://bugzilla.suse.com/1176259 https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1176389 https://bugzilla.suse.com/1176785 https://bugzilla.suse.com/1176977 https://bugzilla.suse.com/1177120 https://bugzilla.suse.com/1177127 https://bugzilla.suse.com/1177559 https://bugzilla.suse.com/1178168 https://bugzilla.suse.com/1178341 https://bugzilla.suse.com/1178670 https://bugzilla.suse.com/1179562 https://bugzilla.suse.com/1179630 https://bugzilla.suse.com/1179805 https://bugzilla.suse.com/1180125 https://bugzilla.suse.com/1180781 https://bugzilla.suse.com/1181126 https://bugzilla.suse.com/1181324 https://bugzilla.suse.com/1181944 https://bugzilla.suse.com/1182066 https://bugzilla.suse.com/1182211 https://bugzilla.suse.com/1182244 https://bugzilla.suse.com/1182264 https://bugzilla.suse.com/1182379 https://bugzilla.suse.com/1182963 https://bugzilla.suse.com/1183059 https://bugzilla.suse.com/1183374 https://bugzilla.suse.com/1183858 https://bugzilla.suse.com/1184505 https://bugzilla.suse.com/1185588 https://bugzilla.suse.com/1185706 https://bugzilla.suse.com/1185748 https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1187045 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/428177 https://bugzilla.suse.com/431945 https://bugzilla.suse.com/637176 https://bugzilla.suse.com/657698 https://bugzilla.suse.com/658604 https://bugzilla.suse.com/673071 https://bugzilla.suse.com/715423 https://bugzilla.suse.com/743787 https://bugzilla.suse.com/747125 https://bugzilla.suse.com/750618 https://bugzilla.suse.com/751718 https://bugzilla.suse.com/754447 https://bugzilla.suse.com/754677 https://bugzilla.suse.com/761500 https://bugzilla.suse.com/784670 https://bugzilla.suse.com/787526 https://bugzilla.suse.com/799119 https://bugzilla.suse.com/809831 https://bugzilla.suse.com/811890 https://bugzilla.suse.com/825221 https://bugzilla.suse.com/828513 https://bugzilla.suse.com/831629 https://bugzilla.suse.com/834601 https://bugzilla.suse.com/835687 https://bugzilla.suse.com/839107 https://bugzilla.suse.com/84331 https://bugzilla.suse.com/855666 https://bugzilla.suse.com/858239 https://bugzilla.suse.com/867887 https://bugzilla.suse.com/871152 https://bugzilla.suse.com/885662 https://bugzilla.suse.com/885882 https://bugzilla.suse.com/889363 https://bugzilla.suse.com/892480 https://bugzilla.suse.com/898917 https://bugzilla.suse.com/907584 https://bugzilla.suse.com/912460 https://bugzilla.suse.com/913229 https://bugzilla.suse.com/915479 https://bugzilla.suse.com/917607 https://bugzilla.suse.com/917759 https://bugzilla.suse.com/917815 https://bugzilla.suse.com/922448 https://bugzilla.suse.com/929736 https://bugzilla.suse.com/930189 https://bugzilla.suse.com/931978 https://bugzilla.suse.com/935856 https://bugzilla.suse.com/937912 https://bugzilla.suse.com/939456 https://bugzilla.suse.com/940608 https://bugzilla.suse.com/942385 https://bugzilla.suse.com/942751 https://bugzilla.suse.com/944204 https://bugzilla.suse.com/945455 https://bugzilla.suse.com/946648 https://bugzilla.suse.com/947357 https://bugzilla.suse.com/947679 https://bugzilla.suse.com/948198 https://bugzilla.suse.com/954486 https://bugzilla.suse.com/954690 https://bugzilla.suse.com/961334 https://bugzilla.suse.com/962291 https://bugzilla.suse.com/963974 https://bugzilla.suse.com/964204 https://bugzilla.suse.com/964472 https://bugzilla.suse.com/964474 https://bugzilla.suse.com/965830 https://bugzilla.suse.com/967128 https://bugzilla.suse.com/968270 https://bugzilla.suse.com/968601 https://bugzilla.suse.com/975875 https://bugzilla.suse.com/981848 https://bugzilla.suse.com/988086 https://bugzilla.suse.com/992988 https://bugzilla.suse.com/992989 https://bugzilla.suse.com/992992 https://bugzilla.suse.com/993130 https://bugzilla.suse.com/993825 https://bugzilla.suse.com/993968 https://bugzilla.suse.com/994910 https://bugzilla.suse.com/996255 https://bugzilla.suse.com/997614 From sle-updates at lists.suse.com Wed Feb 16 22:47:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Feb 2022 23:47:32 +0100 (CET) Subject: SUSE-FU-2022:0452-1: moderate: Feature update for venv-salt-minion Message-ID: <20220216224732.01E4CF368@maintenance.suse.de> SUSE Feature Update: Feature update for venv-salt-minion ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0452-1 Rating: moderate References: #1000080 #1000117 #1000194 #1000742 #1002895 #1003091 #1005246 #1010874 #1010966 #1011936 #1015549 #1027610 #1027705 #1029902 #1030038 #1032118 #1032119 #1035604 #1039469 #1040164 #1040256 #1041090 #1042670 #1049186 #1049304 #1050653 #1050665 #1055478 #1055542 #1056951 #1057496 #1062237 #1066873 #1068790 #1070737 #1070738 #1070853 #1071941 #1073310 #1073845 #1073879 #1074247 #1076519 #1077096 #1077230 #1078329 #1079761 #1080301 #1081005 #1081750 #1081751 #1082155 #1082163 #1082318 #1083826 #1084117 #1084157 #1085276 #1085529 #1085661 #1087104 #1088573 #1090427 #1090953 #1093518 #1093917 #1094788 #1094814 #1094883 #1095267 #1096738 #1096937 #1097531 #1098535 #1099308 #1099569 #1102868 #1108508 #1109882 #1109998 #1110435 #1110869 #1110871 #1111493 #1111622 #1111657 #1112357 #1115769 #1118611 #1119376 #1119416 #1119792 #1121717 #1121852 #1122191 #1123064 #1123185 #1123186 #1123558 #1124885 #1125815 #1126283 #1126318 #1127173 #1128146 #1128323 #1128355 #1129071 #1129566 #1130840 #1132174 #1132323 #1132455 #1132663 #1132900 #1135009 #1136444 #1138666 #1138715 #1138746 #1139915 #1140255 #1141168 #1142899 #1143033 #1143454 #1143893 #1144506 #1149686 #1149792 #1150190 #1150895 #1153830 #1155815 #1156677 #1156694 #1156908 #1157104 #1157354 #1159235 #1159538 #1161557 #1161770 #1162224 #1162367 #1162743 #1163978 #1164310 #1165439 #1165578 #1165730 #1165823 #1165960 #1166139 #1166758 #1167008 #1167501 #1167732 #1167746 #1168480 #1168973 #1169489 #1170175 #1170863 #1171368 #1171561 #1172226 #1172908 #1172928 #1173226 #1173356 #1174009 #1174091 #1174514 #1175729 #1176116 #1176129 #1176134 #1176232 #1176256 #1176257 #1176258 #1176259 #1176262 #1176389 #1176785 #1176977 #1177120 #1177127 #1178168 #1178341 #1178670 #1179562 #1179630 #1179805 #1180125 #1180781 #1181126 #1181324 #1181944 #1182066 #1182211 #1182244 #1182264 #1182379 #1182963 #1183059 #1183374 #1183858 #1184505 #1185588 #1185706 #1185748 #1186738 #1187045 #1190781 #1193357 #428177 #431945 #589441 #613497 #637176 #657698 #658604 #673071 #715423 #743787 #747125 #750618 #751718 #754447 #754677 #761500 #784670 #787526 #799119 #809831 #811890 #825221 #828513 #831629 #834601 #835687 #839107 #84331 #855666 #858239 #867887 #871152 #885662 #885882 #889363 #892480 #898917 #907584 #912460 #913229 #915479 #917607 #917759 #917815 #922448 #929736 #930189 #931978 #935856 #937912 #939456 #940608 #942385 #942751 #944204 #945455 #946648 #947357 #947679 #948198 #954486 #954690 #961334 #962291 #963974 #964204 #964472 #964474 #965830 #967128 #968270 #968601 #975875 #981848 #988086 #992988 #992989 #992992 #993130 #993825 #993968 #994910 #996255 #997614 ECO-3105 SLE-12986 SLE-17532 SLE-17957 SLE-7686 SLE-9135 Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available. Description: This feature update for venv-salt-minion provides the following changes: - Introduce `venv-salt-minion` salt bundle. - Mention already fixed issues provided with the bundle. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-BETA-2022-452=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3002.2-2.3.3 References: https://www.suse.com/security/cve/CVE-2011-3389.html https://www.suse.com/security/cve/CVE-2011-4944.html https://www.suse.com/security/cve/CVE-2012-0845.html https://www.suse.com/security/cve/CVE-2012-1150.html https://www.suse.com/security/cve/CVE-2013-1437.html https://www.suse.com/security/cve/CVE-2013-1752.html https://www.suse.com/security/cve/CVE-2013-4238.html https://www.suse.com/security/cve/CVE-2013-4314.html https://www.suse.com/security/cve/CVE-2014-0012.html https://www.suse.com/security/cve/CVE-2014-1829.html https://www.suse.com/security/cve/CVE-2014-1830.html https://www.suse.com/security/cve/CVE-2014-2667.html https://www.suse.com/security/cve/CVE-2014-4650.html https://www.suse.com/security/cve/CVE-2014-7202.html https://www.suse.com/security/cve/CVE-2014-7203.html https://www.suse.com/security/cve/CVE-2014-9721.html https://www.suse.com/security/cve/CVE-2015-2296.html https://www.suse.com/security/cve/CVE-2016-10745.html https://www.suse.com/security/cve/CVE-2016-1238.html https://www.suse.com/security/cve/CVE-2016-9015.html https://www.suse.com/security/cve/CVE-2017-18342.html https://www.suse.com/security/cve/CVE-2017-6512.html https://www.suse.com/security/cve/CVE-2018-18074.html https://www.suse.com/security/cve/CVE-2018-20060.html https://www.suse.com/security/cve/CVE-2018-7750.html https://www.suse.com/security/cve/CVE-2019-10906.html https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-11324.html https://www.suse.com/security/cve/CVE-2019-13132.html https://www.suse.com/security/cve/CVE-2019-20907.html https://www.suse.com/security/cve/CVE-2019-20916.html https://www.suse.com/security/cve/CVE-2019-5010.html https://www.suse.com/security/cve/CVE-2019-6250.html https://www.suse.com/security/cve/CVE-2019-8341.html https://www.suse.com/security/cve/CVE-2019-9740.html https://www.suse.com/security/cve/CVE-2019-9947.html https://www.suse.com/security/cve/CVE-2020-14343.html https://www.suse.com/security/cve/CVE-2020-15166.html https://www.suse.com/security/cve/CVE-2020-15523.html https://www.suse.com/security/cve/CVE-2020-15801.html https://www.suse.com/security/cve/CVE-2020-1747.html https://www.suse.com/security/cve/CVE-2020-25659.html https://www.suse.com/security/cve/CVE-2020-26137.html https://www.suse.com/security/cve/CVE-2020-27783.html https://www.suse.com/security/cve/CVE-2020-28493.html https://www.suse.com/security/cve/CVE-2020-29651.html https://www.suse.com/security/cve/CVE-2020-36242.html https://www.suse.com/security/cve/CVE-2020-8492.html https://www.suse.com/security/cve/CVE-2021-23336.html https://www.suse.com/security/cve/CVE-2021-28957.html https://www.suse.com/security/cve/CVE-2021-29921.html https://www.suse.com/security/cve/CVE-2021-3177.html https://www.suse.com/security/cve/CVE-2021-33503.html https://www.suse.com/security/cve/CVE-2021-3426.html https://bugzilla.suse.com/1000080 https://bugzilla.suse.com/1000117 https://bugzilla.suse.com/1000194 https://bugzilla.suse.com/1000742 https://bugzilla.suse.com/1002895 https://bugzilla.suse.com/1003091 https://bugzilla.suse.com/1005246 https://bugzilla.suse.com/1010874 https://bugzilla.suse.com/1010966 https://bugzilla.suse.com/1011936 https://bugzilla.suse.com/1015549 https://bugzilla.suse.com/1027610 https://bugzilla.suse.com/1027705 https://bugzilla.suse.com/1029902 https://bugzilla.suse.com/1030038 https://bugzilla.suse.com/1032118 https://bugzilla.suse.com/1032119 https://bugzilla.suse.com/1035604 https://bugzilla.suse.com/1039469 https://bugzilla.suse.com/1040164 https://bugzilla.suse.com/1040256 https://bugzilla.suse.com/1041090 https://bugzilla.suse.com/1042670 https://bugzilla.suse.com/1049186 https://bugzilla.suse.com/1049304 https://bugzilla.suse.com/1050653 https://bugzilla.suse.com/1050665 https://bugzilla.suse.com/1055478 https://bugzilla.suse.com/1055542 https://bugzilla.suse.com/1056951 https://bugzilla.suse.com/1057496 https://bugzilla.suse.com/1062237 https://bugzilla.suse.com/1066873 https://bugzilla.suse.com/1068790 https://bugzilla.suse.com/1070737 https://bugzilla.suse.com/1070738 https://bugzilla.suse.com/1070853 https://bugzilla.suse.com/1071941 https://bugzilla.suse.com/1073310 https://bugzilla.suse.com/1073845 https://bugzilla.suse.com/1073879 https://bugzilla.suse.com/1074247 https://bugzilla.suse.com/1076519 https://bugzilla.suse.com/1077096 https://bugzilla.suse.com/1077230 https://bugzilla.suse.com/1078329 https://bugzilla.suse.com/1079761 https://bugzilla.suse.com/1080301 https://bugzilla.suse.com/1081005 https://bugzilla.suse.com/1081750 https://bugzilla.suse.com/1081751 https://bugzilla.suse.com/1082155 https://bugzilla.suse.com/1082163 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1083826 https://bugzilla.suse.com/1084117 https://bugzilla.suse.com/1084157 https://bugzilla.suse.com/1085276 https://bugzilla.suse.com/1085529 https://bugzilla.suse.com/1085661 https://bugzilla.suse.com/1087104 https://bugzilla.suse.com/1088573 https://bugzilla.suse.com/1090427 https://bugzilla.suse.com/1090953 https://bugzilla.suse.com/1093518 https://bugzilla.suse.com/1093917 https://bugzilla.suse.com/1094788 https://bugzilla.suse.com/1094814 https://bugzilla.suse.com/1094883 https://bugzilla.suse.com/1095267 https://bugzilla.suse.com/1096738 https://bugzilla.suse.com/1096937 https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1098535 https://bugzilla.suse.com/1099308 https://bugzilla.suse.com/1099569 https://bugzilla.suse.com/1102868 https://bugzilla.suse.com/1108508 https://bugzilla.suse.com/1109882 https://bugzilla.suse.com/1109998 https://bugzilla.suse.com/1110435 https://bugzilla.suse.com/1110869 https://bugzilla.suse.com/1110871 https://bugzilla.suse.com/1111493 https://bugzilla.suse.com/1111622 https://bugzilla.suse.com/1111657 https://bugzilla.suse.com/1112357 https://bugzilla.suse.com/1115769 https://bugzilla.suse.com/1118611 https://bugzilla.suse.com/1119376 https://bugzilla.suse.com/1119416 https://bugzilla.suse.com/1119792 https://bugzilla.suse.com/1121717 https://bugzilla.suse.com/1121852 https://bugzilla.suse.com/1122191 https://bugzilla.suse.com/1123064 https://bugzilla.suse.com/1123185 https://bugzilla.suse.com/1123186 https://bugzilla.suse.com/1123558 https://bugzilla.suse.com/1124885 https://bugzilla.suse.com/1125815 https://bugzilla.suse.com/1126283 https://bugzilla.suse.com/1126318 https://bugzilla.suse.com/1127173 https://bugzilla.suse.com/1128146 https://bugzilla.suse.com/1128323 https://bugzilla.suse.com/1128355 https://bugzilla.suse.com/1129071 https://bugzilla.suse.com/1129566 https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1132174 https://bugzilla.suse.com/1132323 https://bugzilla.suse.com/1132455 https://bugzilla.suse.com/1132663 https://bugzilla.suse.com/1132900 https://bugzilla.suse.com/1135009 https://bugzilla.suse.com/1136444 https://bugzilla.suse.com/1138666 https://bugzilla.suse.com/1138715 https://bugzilla.suse.com/1138746 https://bugzilla.suse.com/1139915 https://bugzilla.suse.com/1140255 https://bugzilla.suse.com/1141168 https://bugzilla.suse.com/1142899 https://bugzilla.suse.com/1143033 https://bugzilla.suse.com/1143454 https://bugzilla.suse.com/1143893 https://bugzilla.suse.com/1144506 https://bugzilla.suse.com/1149686 https://bugzilla.suse.com/1149792 https://bugzilla.suse.com/1150190 https://bugzilla.suse.com/1150895 https://bugzilla.suse.com/1153830 https://bugzilla.suse.com/1155815 https://bugzilla.suse.com/1156677 https://bugzilla.suse.com/1156694 https://bugzilla.suse.com/1156908 https://bugzilla.suse.com/1157104 https://bugzilla.suse.com/1157354 https://bugzilla.suse.com/1159235 https://bugzilla.suse.com/1159538 https://bugzilla.suse.com/1161557 https://bugzilla.suse.com/1161770 https://bugzilla.suse.com/1162224 https://bugzilla.suse.com/1162367 https://bugzilla.suse.com/1162743 https://bugzilla.suse.com/1163978 https://bugzilla.suse.com/1164310 https://bugzilla.suse.com/1165439 https://bugzilla.suse.com/1165578 https://bugzilla.suse.com/1165730 https://bugzilla.suse.com/1165823 https://bugzilla.suse.com/1165960 https://bugzilla.suse.com/1166139 https://bugzilla.suse.com/1166758 https://bugzilla.suse.com/1167008 https://bugzilla.suse.com/1167501 https://bugzilla.suse.com/1167732 https://bugzilla.suse.com/1167746 https://bugzilla.suse.com/1168480 https://bugzilla.suse.com/1168973 https://bugzilla.suse.com/1169489 https://bugzilla.suse.com/1170175 https://bugzilla.suse.com/1170863 https://bugzilla.suse.com/1171368 https://bugzilla.suse.com/1171561 https://bugzilla.suse.com/1172226 https://bugzilla.suse.com/1172908 https://bugzilla.suse.com/1172928 https://bugzilla.suse.com/1173226 https://bugzilla.suse.com/1173356 https://bugzilla.suse.com/1174009 https://bugzilla.suse.com/1174091 https://bugzilla.suse.com/1174514 https://bugzilla.suse.com/1175729 https://bugzilla.suse.com/1176116 https://bugzilla.suse.com/1176129 https://bugzilla.suse.com/1176134 https://bugzilla.suse.com/1176232 https://bugzilla.suse.com/1176256 https://bugzilla.suse.com/1176257 https://bugzilla.suse.com/1176258 https://bugzilla.suse.com/1176259 https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1176389 https://bugzilla.suse.com/1176785 https://bugzilla.suse.com/1176977 https://bugzilla.suse.com/1177120 https://bugzilla.suse.com/1177127 https://bugzilla.suse.com/1178168 https://bugzilla.suse.com/1178341 https://bugzilla.suse.com/1178670 https://bugzilla.suse.com/1179562 https://bugzilla.suse.com/1179630 https://bugzilla.suse.com/1179805 https://bugzilla.suse.com/1180125 https://bugzilla.suse.com/1180781 https://bugzilla.suse.com/1181126 https://bugzilla.suse.com/1181324 https://bugzilla.suse.com/1181944 https://bugzilla.suse.com/1182066 https://bugzilla.suse.com/1182211 https://bugzilla.suse.com/1182244 https://bugzilla.suse.com/1182264 https://bugzilla.suse.com/1182379 https://bugzilla.suse.com/1182963 https://bugzilla.suse.com/1183059 https://bugzilla.suse.com/1183374 https://bugzilla.suse.com/1183858 https://bugzilla.suse.com/1184505 https://bugzilla.suse.com/1185588 https://bugzilla.suse.com/1185706 https://bugzilla.suse.com/1185748 https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1187045 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/428177 https://bugzilla.suse.com/431945 https://bugzilla.suse.com/589441 https://bugzilla.suse.com/613497 https://bugzilla.suse.com/637176 https://bugzilla.suse.com/657698 https://bugzilla.suse.com/658604 https://bugzilla.suse.com/673071 https://bugzilla.suse.com/715423 https://bugzilla.suse.com/743787 https://bugzilla.suse.com/747125 https://bugzilla.suse.com/750618 https://bugzilla.suse.com/751718 https://bugzilla.suse.com/754447 https://bugzilla.suse.com/754677 https://bugzilla.suse.com/761500 https://bugzilla.suse.com/784670 https://bugzilla.suse.com/787526 https://bugzilla.suse.com/799119 https://bugzilla.suse.com/809831 https://bugzilla.suse.com/811890 https://bugzilla.suse.com/825221 https://bugzilla.suse.com/828513 https://bugzilla.suse.com/831629 https://bugzilla.suse.com/834601 https://bugzilla.suse.com/835687 https://bugzilla.suse.com/839107 https://bugzilla.suse.com/84331 https://bugzilla.suse.com/855666 https://bugzilla.suse.com/858239 https://bugzilla.suse.com/867887 https://bugzilla.suse.com/871152 https://bugzilla.suse.com/885662 https://bugzilla.suse.com/885882 https://bugzilla.suse.com/889363 https://bugzilla.suse.com/892480 https://bugzilla.suse.com/898917 https://bugzilla.suse.com/907584 https://bugzilla.suse.com/912460 https://bugzilla.suse.com/913229 https://bugzilla.suse.com/915479 https://bugzilla.suse.com/917607 https://bugzilla.suse.com/917759 https://bugzilla.suse.com/917815 https://bugzilla.suse.com/922448 https://bugzilla.suse.com/929736 https://bugzilla.suse.com/930189 https://bugzilla.suse.com/931978 https://bugzilla.suse.com/935856 https://bugzilla.suse.com/937912 https://bugzilla.suse.com/939456 https://bugzilla.suse.com/940608 https://bugzilla.suse.com/942385 https://bugzilla.suse.com/942751 https://bugzilla.suse.com/944204 https://bugzilla.suse.com/945455 https://bugzilla.suse.com/946648 https://bugzilla.suse.com/947357 https://bugzilla.suse.com/947679 https://bugzilla.suse.com/948198 https://bugzilla.suse.com/954486 https://bugzilla.suse.com/954690 https://bugzilla.suse.com/961334 https://bugzilla.suse.com/962291 https://bugzilla.suse.com/963974 https://bugzilla.suse.com/964204 https://bugzilla.suse.com/964472 https://bugzilla.suse.com/964474 https://bugzilla.suse.com/965830 https://bugzilla.suse.com/967128 https://bugzilla.suse.com/968270 https://bugzilla.suse.com/968601 https://bugzilla.suse.com/975875 https://bugzilla.suse.com/981848 https://bugzilla.suse.com/988086 https://bugzilla.suse.com/992988 https://bugzilla.suse.com/992989 https://bugzilla.suse.com/992992 https://bugzilla.suse.com/993130 https://bugzilla.suse.com/993825 https://bugzilla.suse.com/993968 https://bugzilla.suse.com/994910 https://bugzilla.suse.com/996255 https://bugzilla.suse.com/997614 From sle-updates at lists.suse.com Wed Feb 16 23:14:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 00:14:42 +0100 (CET) Subject: SUSE-FU-2022:0447-1: moderate: Feature update for venv-salt-minion Message-ID: <20220216231442.13869F368@maintenance.suse.de> SUSE Feature Update: Feature update for venv-salt-minion ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0447-1 Rating: moderate References: #1000080 #1000117 #1000194 #1000742 #1002895 #1003091 #1005246 #1010874 #1010966 #1011936 #1015549 #1027610 #1027705 #1029902 #1030038 #1032118 #1032119 #1035604 #1039469 #1040164 #1040256 #1041090 #1042670 #1049186 #1049304 #1050653 #1050665 #1055478 #1055542 #1056951 #1057496 #1062237 #1066873 #1068790 #1070737 #1070738 #1070853 #1071941 #1073310 #1073845 #1073879 #1074247 #1076519 #1077096 #1077230 #1078329 #1079761 #1080301 #1081005 #1081750 #1081751 #1082155 #1082163 #1082318 #1083826 #1084117 #1084157 #1085276 #1085529 #1085661 #1087104 #1088573 #1090427 #1090953 #1093518 #1093917 #1094788 #1094814 #1094883 #1095267 #1096738 #1096937 #1097531 #1098535 #1099308 #1099569 #1102868 #1108508 #1109882 #1109998 #1110435 #1110869 #1110871 #1111493 #1111622 #1111657 #1112357 #1115769 #1118611 #1119376 #1119416 #1119792 #1121717 #1121852 #1122191 #1123064 #1123185 #1123186 #1123558 #1124885 #1125815 #1126283 #1126318 #1127173 #1128146 #1128323 #1128355 #1129071 #1129566 #1130840 #1132174 #1132323 #1132455 #1132663 #1132900 #1135009 #1136444 #1138666 #1138715 #1138746 #1139915 #1140255 #1141168 #1142899 #1143033 #1143454 #1143893 #1144506 #1149686 #1149792 #1150190 #1150895 #1153830 #1155815 #1156677 #1156694 #1156908 #1157104 #1157354 #1159235 #1159538 #1161557 #1161770 #1162224 #1162367 #1162743 #1163978 #1164310 #1165439 #1165578 #1165730 #1165823 #1165960 #1166139 #1166758 #1167008 #1167501 #1167732 #1167746 #1168480 #1168973 #1169489 #1170175 #1170863 #1171368 #1171561 #1172226 #1172908 #1172928 #1173226 #1173356 #1174009 #1174091 #1174514 #1175729 #1176116 #1176129 #1176134 #1176232 #1176256 #1176257 #1176258 #1176259 #1176262 #1176389 #1176785 #1176977 #1177120 #1177127 #1178168 #1178341 #1178670 #1179562 #1179630 #1179805 #1180125 #1180781 #1181126 #1181324 #1181944 #1182066 #1182211 #1182244 #1182264 #1182379 #1182963 #1183059 #1183374 #1183858 #1184505 #1185588 #1185706 #1185748 #1186738 #1187045 #1190781 #1193357 #428177 #431945 #589441 #613497 #637176 #657698 #658604 #673071 #715423 #743787 #747125 #750618 #751718 #754447 #754677 #761500 #784670 #787526 #799119 #809831 #811890 #825221 #828513 #831629 #834601 #835687 #839107 #84331 #855666 #858239 #867887 #871152 #885662 #885882 #889363 #892480 #898917 #907584 #912460 #913229 #915479 #917607 #917759 #917815 #922448 #929736 #930189 #931978 #935856 #937912 #939456 #940608 #942385 #942751 #944204 #945455 #946648 #947357 #947679 #948198 #954486 #954690 #961334 #962291 #963974 #964204 #964472 #964474 #965830 #967128 #968270 #968601 #975875 #981848 #988086 #992988 #992989 #992992 #993130 #993825 #993968 #994910 #996255 #997614 ECO-3105 SLE-12986 SLE-17532 SLE-17957 SLE-7686 SLE-9135 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available. Description: This feature update for venv-salt-minion provides the following changes: - Introduce `venv-salt-minion` salt bundle. - Mention already fixed issues. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-BETA-2022-447=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3002.2-2.3.3 References: https://www.suse.com/security/cve/CVE-2011-3389.html https://www.suse.com/security/cve/CVE-2011-4944.html https://www.suse.com/security/cve/CVE-2012-0845.html https://www.suse.com/security/cve/CVE-2012-1150.html https://www.suse.com/security/cve/CVE-2013-1437.html https://www.suse.com/security/cve/CVE-2013-1752.html https://www.suse.com/security/cve/CVE-2013-4238.html https://www.suse.com/security/cve/CVE-2013-4314.html https://www.suse.com/security/cve/CVE-2014-0012.html https://www.suse.com/security/cve/CVE-2014-1829.html https://www.suse.com/security/cve/CVE-2014-1830.html https://www.suse.com/security/cve/CVE-2014-2667.html https://www.suse.com/security/cve/CVE-2014-4650.html https://www.suse.com/security/cve/CVE-2014-7202.html https://www.suse.com/security/cve/CVE-2014-7203.html https://www.suse.com/security/cve/CVE-2014-9721.html https://www.suse.com/security/cve/CVE-2015-2296.html https://www.suse.com/security/cve/CVE-2016-10745.html https://www.suse.com/security/cve/CVE-2016-1238.html https://www.suse.com/security/cve/CVE-2016-9015.html https://www.suse.com/security/cve/CVE-2017-18342.html https://www.suse.com/security/cve/CVE-2017-6512.html https://www.suse.com/security/cve/CVE-2018-18074.html https://www.suse.com/security/cve/CVE-2018-20060.html https://www.suse.com/security/cve/CVE-2018-7750.html https://www.suse.com/security/cve/CVE-2019-10906.html https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-11324.html https://www.suse.com/security/cve/CVE-2019-13132.html https://www.suse.com/security/cve/CVE-2019-20907.html https://www.suse.com/security/cve/CVE-2019-20916.html https://www.suse.com/security/cve/CVE-2019-5010.html https://www.suse.com/security/cve/CVE-2019-6250.html https://www.suse.com/security/cve/CVE-2019-8341.html https://www.suse.com/security/cve/CVE-2019-9740.html https://www.suse.com/security/cve/CVE-2019-9947.html https://www.suse.com/security/cve/CVE-2020-14343.html https://www.suse.com/security/cve/CVE-2020-15166.html https://www.suse.com/security/cve/CVE-2020-15523.html https://www.suse.com/security/cve/CVE-2020-15801.html https://www.suse.com/security/cve/CVE-2020-1747.html https://www.suse.com/security/cve/CVE-2020-25659.html https://www.suse.com/security/cve/CVE-2020-26137.html https://www.suse.com/security/cve/CVE-2020-27783.html https://www.suse.com/security/cve/CVE-2020-28493.html https://www.suse.com/security/cve/CVE-2020-29651.html https://www.suse.com/security/cve/CVE-2020-36242.html https://www.suse.com/security/cve/CVE-2020-8492.html https://www.suse.com/security/cve/CVE-2021-23336.html https://www.suse.com/security/cve/CVE-2021-28957.html https://www.suse.com/security/cve/CVE-2021-29921.html https://www.suse.com/security/cve/CVE-2021-3177.html https://www.suse.com/security/cve/CVE-2021-33503.html https://www.suse.com/security/cve/CVE-2021-3426.html https://bugzilla.suse.com/1000080 https://bugzilla.suse.com/1000117 https://bugzilla.suse.com/1000194 https://bugzilla.suse.com/1000742 https://bugzilla.suse.com/1002895 https://bugzilla.suse.com/1003091 https://bugzilla.suse.com/1005246 https://bugzilla.suse.com/1010874 https://bugzilla.suse.com/1010966 https://bugzilla.suse.com/1011936 https://bugzilla.suse.com/1015549 https://bugzilla.suse.com/1027610 https://bugzilla.suse.com/1027705 https://bugzilla.suse.com/1029902 https://bugzilla.suse.com/1030038 https://bugzilla.suse.com/1032118 https://bugzilla.suse.com/1032119 https://bugzilla.suse.com/1035604 https://bugzilla.suse.com/1039469 https://bugzilla.suse.com/1040164 https://bugzilla.suse.com/1040256 https://bugzilla.suse.com/1041090 https://bugzilla.suse.com/1042670 https://bugzilla.suse.com/1049186 https://bugzilla.suse.com/1049304 https://bugzilla.suse.com/1050653 https://bugzilla.suse.com/1050665 https://bugzilla.suse.com/1055478 https://bugzilla.suse.com/1055542 https://bugzilla.suse.com/1056951 https://bugzilla.suse.com/1057496 https://bugzilla.suse.com/1062237 https://bugzilla.suse.com/1066873 https://bugzilla.suse.com/1068790 https://bugzilla.suse.com/1070737 https://bugzilla.suse.com/1070738 https://bugzilla.suse.com/1070853 https://bugzilla.suse.com/1071941 https://bugzilla.suse.com/1073310 https://bugzilla.suse.com/1073845 https://bugzilla.suse.com/1073879 https://bugzilla.suse.com/1074247 https://bugzilla.suse.com/1076519 https://bugzilla.suse.com/1077096 https://bugzilla.suse.com/1077230 https://bugzilla.suse.com/1078329 https://bugzilla.suse.com/1079761 https://bugzilla.suse.com/1080301 https://bugzilla.suse.com/1081005 https://bugzilla.suse.com/1081750 https://bugzilla.suse.com/1081751 https://bugzilla.suse.com/1082155 https://bugzilla.suse.com/1082163 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1083826 https://bugzilla.suse.com/1084117 https://bugzilla.suse.com/1084157 https://bugzilla.suse.com/1085276 https://bugzilla.suse.com/1085529 https://bugzilla.suse.com/1085661 https://bugzilla.suse.com/1087104 https://bugzilla.suse.com/1088573 https://bugzilla.suse.com/1090427 https://bugzilla.suse.com/1090953 https://bugzilla.suse.com/1093518 https://bugzilla.suse.com/1093917 https://bugzilla.suse.com/1094788 https://bugzilla.suse.com/1094814 https://bugzilla.suse.com/1094883 https://bugzilla.suse.com/1095267 https://bugzilla.suse.com/1096738 https://bugzilla.suse.com/1096937 https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1098535 https://bugzilla.suse.com/1099308 https://bugzilla.suse.com/1099569 https://bugzilla.suse.com/1102868 https://bugzilla.suse.com/1108508 https://bugzilla.suse.com/1109882 https://bugzilla.suse.com/1109998 https://bugzilla.suse.com/1110435 https://bugzilla.suse.com/1110869 https://bugzilla.suse.com/1110871 https://bugzilla.suse.com/1111493 https://bugzilla.suse.com/1111622 https://bugzilla.suse.com/1111657 https://bugzilla.suse.com/1112357 https://bugzilla.suse.com/1115769 https://bugzilla.suse.com/1118611 https://bugzilla.suse.com/1119376 https://bugzilla.suse.com/1119416 https://bugzilla.suse.com/1119792 https://bugzilla.suse.com/1121717 https://bugzilla.suse.com/1121852 https://bugzilla.suse.com/1122191 https://bugzilla.suse.com/1123064 https://bugzilla.suse.com/1123185 https://bugzilla.suse.com/1123186 https://bugzilla.suse.com/1123558 https://bugzilla.suse.com/1124885 https://bugzilla.suse.com/1125815 https://bugzilla.suse.com/1126283 https://bugzilla.suse.com/1126318 https://bugzilla.suse.com/1127173 https://bugzilla.suse.com/1128146 https://bugzilla.suse.com/1128323 https://bugzilla.suse.com/1128355 https://bugzilla.suse.com/1129071 https://bugzilla.suse.com/1129566 https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1132174 https://bugzilla.suse.com/1132323 https://bugzilla.suse.com/1132455 https://bugzilla.suse.com/1132663 https://bugzilla.suse.com/1132900 https://bugzilla.suse.com/1135009 https://bugzilla.suse.com/1136444 https://bugzilla.suse.com/1138666 https://bugzilla.suse.com/1138715 https://bugzilla.suse.com/1138746 https://bugzilla.suse.com/1139915 https://bugzilla.suse.com/1140255 https://bugzilla.suse.com/1141168 https://bugzilla.suse.com/1142899 https://bugzilla.suse.com/1143033 https://bugzilla.suse.com/1143454 https://bugzilla.suse.com/1143893 https://bugzilla.suse.com/1144506 https://bugzilla.suse.com/1149686 https://bugzilla.suse.com/1149792 https://bugzilla.suse.com/1150190 https://bugzilla.suse.com/1150895 https://bugzilla.suse.com/1153830 https://bugzilla.suse.com/1155815 https://bugzilla.suse.com/1156677 https://bugzilla.suse.com/1156694 https://bugzilla.suse.com/1156908 https://bugzilla.suse.com/1157104 https://bugzilla.suse.com/1157354 https://bugzilla.suse.com/1159235 https://bugzilla.suse.com/1159538 https://bugzilla.suse.com/1161557 https://bugzilla.suse.com/1161770 https://bugzilla.suse.com/1162224 https://bugzilla.suse.com/1162367 https://bugzilla.suse.com/1162743 https://bugzilla.suse.com/1163978 https://bugzilla.suse.com/1164310 https://bugzilla.suse.com/1165439 https://bugzilla.suse.com/1165578 https://bugzilla.suse.com/1165730 https://bugzilla.suse.com/1165823 https://bugzilla.suse.com/1165960 https://bugzilla.suse.com/1166139 https://bugzilla.suse.com/1166758 https://bugzilla.suse.com/1167008 https://bugzilla.suse.com/1167501 https://bugzilla.suse.com/1167732 https://bugzilla.suse.com/1167746 https://bugzilla.suse.com/1168480 https://bugzilla.suse.com/1168973 https://bugzilla.suse.com/1169489 https://bugzilla.suse.com/1170175 https://bugzilla.suse.com/1170863 https://bugzilla.suse.com/1171368 https://bugzilla.suse.com/1171561 https://bugzilla.suse.com/1172226 https://bugzilla.suse.com/1172908 https://bugzilla.suse.com/1172928 https://bugzilla.suse.com/1173226 https://bugzilla.suse.com/1173356 https://bugzilla.suse.com/1174009 https://bugzilla.suse.com/1174091 https://bugzilla.suse.com/1174514 https://bugzilla.suse.com/1175729 https://bugzilla.suse.com/1176116 https://bugzilla.suse.com/1176129 https://bugzilla.suse.com/1176134 https://bugzilla.suse.com/1176232 https://bugzilla.suse.com/1176256 https://bugzilla.suse.com/1176257 https://bugzilla.suse.com/1176258 https://bugzilla.suse.com/1176259 https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1176389 https://bugzilla.suse.com/1176785 https://bugzilla.suse.com/1176977 https://bugzilla.suse.com/1177120 https://bugzilla.suse.com/1177127 https://bugzilla.suse.com/1178168 https://bugzilla.suse.com/1178341 https://bugzilla.suse.com/1178670 https://bugzilla.suse.com/1179562 https://bugzilla.suse.com/1179630 https://bugzilla.suse.com/1179805 https://bugzilla.suse.com/1180125 https://bugzilla.suse.com/1180781 https://bugzilla.suse.com/1181126 https://bugzilla.suse.com/1181324 https://bugzilla.suse.com/1181944 https://bugzilla.suse.com/1182066 https://bugzilla.suse.com/1182211 https://bugzilla.suse.com/1182244 https://bugzilla.suse.com/1182264 https://bugzilla.suse.com/1182379 https://bugzilla.suse.com/1182963 https://bugzilla.suse.com/1183059 https://bugzilla.suse.com/1183374 https://bugzilla.suse.com/1183858 https://bugzilla.suse.com/1184505 https://bugzilla.suse.com/1185588 https://bugzilla.suse.com/1185706 https://bugzilla.suse.com/1185748 https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1187045 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/428177 https://bugzilla.suse.com/431945 https://bugzilla.suse.com/589441 https://bugzilla.suse.com/613497 https://bugzilla.suse.com/637176 https://bugzilla.suse.com/657698 https://bugzilla.suse.com/658604 https://bugzilla.suse.com/673071 https://bugzilla.suse.com/715423 https://bugzilla.suse.com/743787 https://bugzilla.suse.com/747125 https://bugzilla.suse.com/750618 https://bugzilla.suse.com/751718 https://bugzilla.suse.com/754447 https://bugzilla.suse.com/754677 https://bugzilla.suse.com/761500 https://bugzilla.suse.com/784670 https://bugzilla.suse.com/787526 https://bugzilla.suse.com/799119 https://bugzilla.suse.com/809831 https://bugzilla.suse.com/811890 https://bugzilla.suse.com/825221 https://bugzilla.suse.com/828513 https://bugzilla.suse.com/831629 https://bugzilla.suse.com/834601 https://bugzilla.suse.com/835687 https://bugzilla.suse.com/839107 https://bugzilla.suse.com/84331 https://bugzilla.suse.com/855666 https://bugzilla.suse.com/858239 https://bugzilla.suse.com/867887 https://bugzilla.suse.com/871152 https://bugzilla.suse.com/885662 https://bugzilla.suse.com/885882 https://bugzilla.suse.com/889363 https://bugzilla.suse.com/892480 https://bugzilla.suse.com/898917 https://bugzilla.suse.com/907584 https://bugzilla.suse.com/912460 https://bugzilla.suse.com/913229 https://bugzilla.suse.com/915479 https://bugzilla.suse.com/917607 https://bugzilla.suse.com/917759 https://bugzilla.suse.com/917815 https://bugzilla.suse.com/922448 https://bugzilla.suse.com/929736 https://bugzilla.suse.com/930189 https://bugzilla.suse.com/931978 https://bugzilla.suse.com/935856 https://bugzilla.suse.com/937912 https://bugzilla.suse.com/939456 https://bugzilla.suse.com/940608 https://bugzilla.suse.com/942385 https://bugzilla.suse.com/942751 https://bugzilla.suse.com/944204 https://bugzilla.suse.com/945455 https://bugzilla.suse.com/946648 https://bugzilla.suse.com/947357 https://bugzilla.suse.com/947679 https://bugzilla.suse.com/948198 https://bugzilla.suse.com/954486 https://bugzilla.suse.com/954690 https://bugzilla.suse.com/961334 https://bugzilla.suse.com/962291 https://bugzilla.suse.com/963974 https://bugzilla.suse.com/964204 https://bugzilla.suse.com/964472 https://bugzilla.suse.com/964474 https://bugzilla.suse.com/965830 https://bugzilla.suse.com/967128 https://bugzilla.suse.com/968270 https://bugzilla.suse.com/968601 https://bugzilla.suse.com/975875 https://bugzilla.suse.com/981848 https://bugzilla.suse.com/988086 https://bugzilla.suse.com/992988 https://bugzilla.suse.com/992989 https://bugzilla.suse.com/992992 https://bugzilla.suse.com/993130 https://bugzilla.suse.com/993825 https://bugzilla.suse.com/993968 https://bugzilla.suse.com/994910 https://bugzilla.suse.com/996255 https://bugzilla.suse.com/997614 From sle-updates at lists.suse.com Thu Feb 17 08:09:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 09:09:58 +0100 (CET) Subject: SUSE-CU-2022:176-1: Security update of suse/sles12sp4 Message-ID: <20220217080958.406CDF355@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:176-1 Container Tags : suse/sles12sp4:26.411 , suse/sles12sp4:latest Container Release : 26.411 Severity : important Type : security References : 1191835 1192620 1193478 1194640 1194768 1194770 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:441-1 Released: Wed Feb 16 14:21:59 2022 Summary: Security update for glibc Type: security Severity: important References: 1191835,1192620,1193478,1194640,1194768,1194770,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Bugs fixed: - Make endian-conversion macros always return correct types (bsc#1193478, BZ #16458) - Allow dlopen of filter object to work (bsc#1192620, BZ #16272) - x86: fix stack alignment in cancelable syscall stub (bsc#1191835) The following package changes have been done: - base-container-licenses-3.0-1.266 updated - container-suseconnect-2.0.0-1.159 updated - glibc-2.22-114.19.1 updated From sle-updates at lists.suse.com Thu Feb 17 08:25:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 09:25:43 +0100 (CET) Subject: SUSE-CU-2022:177-1: Security update of suse/sles12sp5 Message-ID: <20220217082543.8EF98F355@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:177-1 Container Tags : suse/sles12sp5:6.5.291 , suse/sles12sp5:latest Container Release : 6.5.291 Severity : important Type : security References : 1191835 1192620 1193478 1194640 1194768 1194770 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:441-1 Released: Wed Feb 16 14:21:59 2022 Summary: Security update for glibc Type: security Severity: important References: 1191835,1192620,1193478,1194640,1194768,1194770,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Bugs fixed: - Make endian-conversion macros always return correct types (bsc#1193478, BZ #16458) - Allow dlopen of filter object to work (bsc#1192620, BZ #16272) - x86: fix stack alignment in cancelable syscall stub (bsc#1191835) The following package changes have been done: - glibc-2.22-114.19.1 updated From sle-updates at lists.suse.com Thu Feb 17 11:17:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 12:17:52 +0100 (CET) Subject: SUSE-RU-2022:0035-2: Recommended update for telnet Message-ID: <20220217111752.47307F369@maintenance.suse.de> SUSE Recommended Update: Recommended update for telnet ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0035-2 Rating: low References: #1129925 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for telnet fixes the following issues: - Update Source location to use Gentoo mirror, fixes bsc#1129925 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-35=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): telnet-1.2-3.3.1 telnet-debuginfo-1.2-3.3.1 telnet-debugsource-1.2-3.3.1 References: https://bugzilla.suse.com/1129925 From sle-updates at lists.suse.com Thu Feb 17 11:18:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 12:18:26 +0100 (CET) Subject: SUSE-SU-2022:0182-2: important: Security update for webkit2gtk3 Message-ID: <20220217111826.66436F369@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0182-2 Rating: important References: #1194019 Cross-References: CVE-2019-8766 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2020-13753 CVE-2020-27918 CVE-2020-29623 CVE-2020-3902 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9952 CVE-2021-1765 CVE-2021-1788 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-1844 CVE-2021-1871 CVE-2021-30661 CVE-2021-30666 CVE-2021-30682 CVE-2021-30761 CVE-2021-30762 CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30858 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVSS scores: CVE-2019-8766 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8766 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8782 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8782 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8808 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8808 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8815 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8815 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-13753 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2020-13753 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2020-27918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-27918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-29623 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2020-29623 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2020-3902 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-3902 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-9802 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9802 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2020-9803 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9803 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2020-9805 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2020-9805 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2020-9947 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9947 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9948 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9951 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9951 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9952 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2020-9952 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-1765 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-1765 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-1788 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1788 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1844 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1844 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1871 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-1871 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30809 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30809 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30818 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30818 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30823 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-30823 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-30836 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-30836 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-30846 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30846 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30848 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30848 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30849 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30849 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30851 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30851 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30858 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30858 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30884 (NVD) : 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N CVE-2021-30884 (SUSE): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N CVE-2021-30887 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-30887 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-30888 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-30888 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-30889 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30889 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30890 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-30890 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-30897 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-30897 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes 43 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.34.3 (bsc#1194019). - CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content. - CVE-2021-30890: Fixed logic issue allowing universal cross site scripting when processing maliciously crafted web content. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-182=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libjavascriptcoregtk-4_0-18-2.34.3-23.3 libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-23.3 libwebkit2gtk-4_0-37-2.34.3-23.3 libwebkit2gtk-4_0-37-debuginfo-2.34.3-23.3 typelib-1_0-JavaScriptCore-4_0-2.34.3-23.3 typelib-1_0-WebKit2-4_0-2.34.3-23.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.3-23.3 webkit2gtk-4_0-injected-bundles-2.34.3-23.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-23.3 webkit2gtk3-debugsource-2.34.3-23.3 webkit2gtk3-devel-2.34.3-23.3 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): libwebkit2gtk3-lang-2.34.3-23.3 References: https://www.suse.com/security/cve/CVE-2019-8766.html https://www.suse.com/security/cve/CVE-2019-8782.html https://www.suse.com/security/cve/CVE-2019-8808.html https://www.suse.com/security/cve/CVE-2019-8815.html https://www.suse.com/security/cve/CVE-2020-13753.html https://www.suse.com/security/cve/CVE-2020-27918.html https://www.suse.com/security/cve/CVE-2020-29623.html https://www.suse.com/security/cve/CVE-2020-3902.html https://www.suse.com/security/cve/CVE-2020-9802.html https://www.suse.com/security/cve/CVE-2020-9803.html https://www.suse.com/security/cve/CVE-2020-9805.html https://www.suse.com/security/cve/CVE-2020-9947.html https://www.suse.com/security/cve/CVE-2020-9948.html https://www.suse.com/security/cve/CVE-2020-9951.html https://www.suse.com/security/cve/CVE-2020-9952.html https://www.suse.com/security/cve/CVE-2021-1765.html https://www.suse.com/security/cve/CVE-2021-1788.html https://www.suse.com/security/cve/CVE-2021-1817.html https://www.suse.com/security/cve/CVE-2021-1820.html https://www.suse.com/security/cve/CVE-2021-1825.html https://www.suse.com/security/cve/CVE-2021-1826.html https://www.suse.com/security/cve/CVE-2021-1844.html https://www.suse.com/security/cve/CVE-2021-1871.html https://www.suse.com/security/cve/CVE-2021-30661.html https://www.suse.com/security/cve/CVE-2021-30666.html https://www.suse.com/security/cve/CVE-2021-30682.html https://www.suse.com/security/cve/CVE-2021-30761.html https://www.suse.com/security/cve/CVE-2021-30762.html https://www.suse.com/security/cve/CVE-2021-30809.html https://www.suse.com/security/cve/CVE-2021-30818.html https://www.suse.com/security/cve/CVE-2021-30823.html https://www.suse.com/security/cve/CVE-2021-30836.html https://www.suse.com/security/cve/CVE-2021-30846.html https://www.suse.com/security/cve/CVE-2021-30848.html https://www.suse.com/security/cve/CVE-2021-30849.html https://www.suse.com/security/cve/CVE-2021-30851.html https://www.suse.com/security/cve/CVE-2021-30858.html https://www.suse.com/security/cve/CVE-2021-30884.html https://www.suse.com/security/cve/CVE-2021-30887.html https://www.suse.com/security/cve/CVE-2021-30888.html https://www.suse.com/security/cve/CVE-2021-30889.html https://www.suse.com/security/cve/CVE-2021-30890.html https://www.suse.com/security/cve/CVE-2021-30897.html https://bugzilla.suse.com/1194019 From sle-updates at lists.suse.com Thu Feb 17 11:20:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 12:20:36 +0100 (CET) Subject: SUSE-SU-2022:0184-2: important: Security update for json-c Message-ID: <20220217112036.8D4B8F369@maintenance.suse.de> SUSE Security Update: Security update for json-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0184-2 Rating: important References: #1171479 Cross-References: CVE-2020-12762 CVSS scores: CVE-2020-12762 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-12762 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-184=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): json-c-debugsource-0.13-3.3.1 libjson-c-devel-0.13-3.3.1 libjson-c3-0.13-3.3.1 libjson-c3-32bit-0.13-3.3.1 libjson-c3-32bit-debuginfo-0.13-3.3.1 libjson-c3-debuginfo-0.13-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-12762.html https://bugzilla.suse.com/1171479 From sle-updates at lists.suse.com Thu Feb 17 11:21:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 12:21:06 +0100 (CET) Subject: SUSE-RU-2022:0004-2: moderate: Recommended update for libgcrypt Message-ID: <20220217112106.457B9F369@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0004-2 Rating: moderate References: #1193480 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-4=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libgcrypt-debugsource-1.8.2-8.42.1 libgcrypt-devel-1.8.2-8.42.1 libgcrypt-devel-debuginfo-1.8.2-8.42.1 libgcrypt20-1.8.2-8.42.1 libgcrypt20-32bit-1.8.2-8.42.1 libgcrypt20-32bit-debuginfo-1.8.2-8.42.1 libgcrypt20-debuginfo-1.8.2-8.42.1 libgcrypt20-hmac-1.8.2-8.42.1 libgcrypt20-hmac-32bit-1.8.2-8.42.1 References: https://bugzilla.suse.com/1193480 From sle-updates at lists.suse.com Thu Feb 17 11:22:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 12:22:02 +0100 (CET) Subject: SUSE-RU-2021:4019-2: moderate: Recommended update for python-dockerpty, python-expects Message-ID: <20220217112202.098F5F369@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-dockerpty, python-expects ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4019-2 Rating: moderate References: #1062084 SLE-22450 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for python-dockerpty, python-expects fixes the following issues: python-expects was added in 0.9.0 as dependency of python-dockerpty: python-dockerpty was updated to 0.4.2 to meet docker-compose dependency. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-466=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2022-466=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-docker-py-1.10.6-29.6.1 - SUSE Linux Enterprise Module for Containers 12 (noarch): python-dockerpty-0.4.1-8.3.1 python-expects-0.9.0-2.3.1 python3-dockerpty-0.4.1-8.3.1 python3-expects-0.9.0-2.3.1 References: https://bugzilla.suse.com/1062084 From sle-updates at lists.suse.com Thu Feb 17 11:22:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 12:22:27 +0100 (CET) Subject: SUSE-SU-2022:0045-2: important: Security update for libvirt Message-ID: <20220217112227.1811AF369@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0045-2 Rating: important References: #1183411 #1191668 #1192017 #1192876 #1193981 #1194041 Cross-References: CVE-2021-3975 CVE-2021-4147 CVSS scores: CVE-2021-3975 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-4147 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-45=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libvirt-6.0.0-13.24.1 libvirt-admin-6.0.0-13.24.1 libvirt-admin-debuginfo-6.0.0-13.24.1 libvirt-client-6.0.0-13.24.1 libvirt-client-debuginfo-6.0.0-13.24.1 libvirt-daemon-6.0.0-13.24.1 libvirt-daemon-config-network-6.0.0-13.24.1 libvirt-daemon-config-nwfilter-6.0.0-13.24.1 libvirt-daemon-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-interface-6.0.0-13.24.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-libxl-6.0.0-13.24.1 libvirt-daemon-driver-libxl-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-lxc-6.0.0-13.24.1 libvirt-daemon-driver-lxc-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-network-6.0.0-13.24.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-qemu-6.0.0-13.24.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-secret-6.0.0-13.24.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-hooks-6.0.0-13.24.1 libvirt-daemon-lxc-6.0.0-13.24.1 libvirt-daemon-qemu-6.0.0-13.24.1 libvirt-daemon-xen-6.0.0-13.24.1 libvirt-debugsource-6.0.0-13.24.1 libvirt-devel-6.0.0-13.24.1 libvirt-libs-6.0.0-13.24.1 libvirt-libs-debuginfo-6.0.0-13.24.1 libvirt-lock-sanlock-6.0.0-13.24.1 libvirt-lock-sanlock-debuginfo-6.0.0-13.24.1 libvirt-nss-6.0.0-13.24.1 libvirt-nss-debuginfo-6.0.0-13.24.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): libvirt-bash-completion-6.0.0-13.24.1 libvirt-doc-6.0.0-13.24.1 References: https://www.suse.com/security/cve/CVE-2021-3975.html https://www.suse.com/security/cve/CVE-2021-4147.html https://bugzilla.suse.com/1183411 https://bugzilla.suse.com/1191668 https://bugzilla.suse.com/1192017 https://bugzilla.suse.com/1192876 https://bugzilla.suse.com/1193981 https://bugzilla.suse.com/1194041 From sle-updates at lists.suse.com Thu Feb 17 11:23:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 12:23:24 +0100 (CET) Subject: SUSE-RU-2022:0346-2: moderate: Recommended update for wicked Message-ID: <20220217112324.46407F369@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0346-2 Rating: moderate References: #1029961 #1057592 #1156920 #1160654 #1177215 #1178357 #1181163 #1181186 #1181812 #1182227 #1183407 #1183495 #1188019 #1189560 #1192164 #1192311 #1192353 #1194392 #954329 SLE-9750 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has 19 recommended fixes and contains one feature can now be installed. Description: This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 (bsc#1183407,jsc#SLE-9750) - Prepare RPM packaging for merging of /bin and /usr/bin directories, however this merge does not affect SUSE Linux Enterprise 15 (bsc#1029961) - Parse sysctl files in the correct order (bsc#1181186) - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as "up" when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Cleanup and improve ifconfig and ifpolicy access utilities - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Using wicked without nanny is no longer supported and use-nanny=false configuration option was removed - Add `ethtool --get-permanent-address` option in the client - Fix `ifup` to refresh link state of network interface after being unenslaved from an unconfigured master (bsc#954329) - Prevent re-trigger Duplicate Address Detection on address updates when is not needed (bsc#1177215) - Fix Network Information Service configuration (bsc#1181812) - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-346=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): wicked-0.6.68-3.8.1 wicked-debuginfo-0.6.68-3.8.1 wicked-debugsource-0.6.68-3.8.1 wicked-service-0.6.68-3.8.1 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1057592 https://bugzilla.suse.com/1156920 https://bugzilla.suse.com/1160654 https://bugzilla.suse.com/1177215 https://bugzilla.suse.com/1178357 https://bugzilla.suse.com/1181163 https://bugzilla.suse.com/1181186 https://bugzilla.suse.com/1181812 https://bugzilla.suse.com/1182227 https://bugzilla.suse.com/1183407 https://bugzilla.suse.com/1183495 https://bugzilla.suse.com/1188019 https://bugzilla.suse.com/1189560 https://bugzilla.suse.com/1192164 https://bugzilla.suse.com/1192311 https://bugzilla.suse.com/1192353 https://bugzilla.suse.com/1194392 https://bugzilla.suse.com/954329 From sle-updates at lists.suse.com Thu Feb 17 11:25:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 12:25:06 +0100 (CET) Subject: SUSE-SU-2021:4136-2: important: Security update for xorg-x11-server Message-ID: <20220217112506.9299BF369@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4136-2 Rating: important References: #1190487 #1190488 #1190489 Cross-References: CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 CVSS scores: CVE-2021-4009 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4010 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4011 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4010: The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190488) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-465=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): xorg-x11-server-1.20.3-22.5.42.1 xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-extra-1.20.3-22.5.42.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-sdk-1.20.3-22.5.42.1 References: https://www.suse.com/security/cve/CVE-2021-4009.html https://www.suse.com/security/cve/CVE-2021-4010.html https://www.suse.com/security/cve/CVE-2021-4011.html https://bugzilla.suse.com/1190487 https://bugzilla.suse.com/1190488 https://bugzilla.suse.com/1190489 From sle-updates at lists.suse.com Thu Feb 17 11:26:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 12:26:15 +0100 (CET) Subject: SUSE-RU-2022:0093-2: important: Recommended update for openssl-1_1 Message-ID: <20220217112615.A45FAF369@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0093-2 Rating: important References: #1192489 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-93=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libopenssl-1_1-devel-1.1.1d-11.38.1 libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-32bit-1.1.1d-11.38.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-1.1.1d-11.38.1 libopenssl1_1-hmac-32bit-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 References: https://bugzilla.suse.com/1192489 From sle-updates at lists.suse.com Thu Feb 17 11:26:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 12:26:44 +0100 (CET) Subject: SUSE-RU-2022:0002-2: moderate: Recommended update for lvm2 Message-ID: <20220217112644.70CACF369@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0002-2 Rating: moderate References: #1183905 #1193181 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-2=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): device-mapper-1.02.163-8.39.1 device-mapper-debuginfo-1.02.163-8.39.1 device-mapper-devel-1.02.163-8.39.1 libdevmapper-event1_03-1.02.163-8.39.1 libdevmapper-event1_03-debuginfo-1.02.163-8.39.1 libdevmapper1_03-1.02.163-8.39.1 libdevmapper1_03-32bit-1.02.163-8.39.1 libdevmapper1_03-32bit-debuginfo-1.02.163-8.39.1 libdevmapper1_03-debuginfo-1.02.163-8.39.1 liblvm2cmd2_03-2.03.05-8.39.1 liblvm2cmd2_03-debuginfo-2.03.05-8.39.1 lvm2-2.03.05-8.39.1 lvm2-debuginfo-2.03.05-8.39.1 lvm2-debugsource-2.03.05-8.39.1 lvm2-devel-2.03.05-8.39.1 References: https://bugzilla.suse.com/1183905 https://bugzilla.suse.com/1193181 From sle-updates at lists.suse.com Thu Feb 17 11:27:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 12:27:19 +0100 (CET) Subject: SUSE-RU-2022:0222-2: moderate: Recommended update for xrdp Message-ID: <20220217112719.042A5F369@maintenance.suse.de> SUSE Recommended Update: Recommended update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0222-2 Rating: moderate References: #1187258 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xrdp fixes the following issues: - Fix crash in xrdp-fate318398-change-expired-password.patch (bsc#1187258) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-222=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libpainter0-0.9.13.1-4.12.1 libpainter0-debuginfo-0.9.13.1-4.12.1 librfxencode0-0.9.13.1-4.12.1 librfxencode0-debuginfo-0.9.13.1-4.12.1 xrdp-0.9.13.1-4.12.1 xrdp-debuginfo-0.9.13.1-4.12.1 xrdp-debugsource-0.9.13.1-4.12.1 xrdp-devel-0.9.13.1-4.12.1 References: https://bugzilla.suse.com/1187258 From sle-updates at lists.suse.com Thu Feb 17 11:28:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 12:28:49 +0100 (CET) Subject: SUSE-SU-2022:0463-1: critical: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP3) Message-ID: <20220217112849.6E0CAF369@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0463-1 Rating: critical References: #1194460 #1194533 #1195308 Cross-References: CVE-2021-4083 CVE-2021-4202 CVE-2022-0435 CVSS scores: CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-59_24 fixes several issues. The following security issues were fixed: - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533). - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-461=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-462=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-463=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-464=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-460=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_10-default-9-150300.2.2 kernel-livepatch-5_3_18-59_10-default-debuginfo-9-150300.2.2 kernel-livepatch-5_3_18-59_24-default-5-150300.2.2 kernel-livepatch-5_3_18-59_24-default-debuginfo-5-150300.2.2 kernel-livepatch-5_3_18-59_27-default-5-150300.2.2 kernel-livepatch-5_3_18-59_27-default-debuginfo-5-150300.2.2 kernel-livepatch-5_3_18-59_5-default-9-150300.2.2 kernel-livepatch-5_3_18-59_5-default-debuginfo-9-150300.2.2 kernel-livepatch-SLE15-SP3_Update_1-debugsource-9-150300.2.2 kernel-livepatch-SLE15-SP3_Update_2-debugsource-9-150300.2.2 kernel-livepatch-SLE15-SP3_Update_6-debugsource-5-150300.2.2 kernel-livepatch-SLE15-SP3_Update_7-debugsource-5-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_52-default-14-2.2 kernel-livepatch-5_3_18-24_52-default-debuginfo-14-2.2 kernel-livepatch-SLE15-SP2_Update_11-debugsource-14-2.2 References: https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2022-0435.html https://bugzilla.suse.com/1194460 https://bugzilla.suse.com/1194533 https://bugzilla.suse.com/1195308 From sle-updates at lists.suse.com Thu Feb 17 14:19:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 15:19:27 +0100 (CET) Subject: SUSE-SU-2022:0467-1: important: Security update for xen Message-ID: <20220217141927.34606F355@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0467-1 Rating: important References: #1194576 #1194581 #1194588 Cross-References: CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVSS scores: CVE-2022-23033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23034 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23034 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23035 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23035 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-467=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-467=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-467=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-467=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-467=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-467=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-467=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-467=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-467=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-467=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-467=1 Package List: - SUSE Manager Server 4.1 (x86_64): xen-4.13.4_04-3.43.2 xen-debugsource-4.13.4_04-3.43.2 xen-devel-4.13.4_04-3.43.2 xen-libs-4.13.4_04-3.43.2 xen-libs-debuginfo-4.13.4_04-3.43.2 xen-tools-4.13.4_04-3.43.2 xen-tools-debuginfo-4.13.4_04-3.43.2 xen-tools-domU-4.13.4_04-3.43.2 xen-tools-domU-debuginfo-4.13.4_04-3.43.2 - SUSE Manager Server 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_04-3.43.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): xen-4.13.4_04-3.43.2 xen-debugsource-4.13.4_04-3.43.2 xen-devel-4.13.4_04-3.43.2 xen-libs-4.13.4_04-3.43.2 xen-libs-debuginfo-4.13.4_04-3.43.2 xen-tools-4.13.4_04-3.43.2 xen-tools-debuginfo-4.13.4_04-3.43.2 xen-tools-domU-4.13.4_04-3.43.2 xen-tools-domU-debuginfo-4.13.4_04-3.43.2 - SUSE Manager Retail Branch Server 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_04-3.43.2 - SUSE Manager Proxy 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_04-3.43.2 - SUSE Manager Proxy 4.1 (x86_64): xen-4.13.4_04-3.43.2 xen-debugsource-4.13.4_04-3.43.2 xen-devel-4.13.4_04-3.43.2 xen-libs-4.13.4_04-3.43.2 xen-libs-debuginfo-4.13.4_04-3.43.2 xen-tools-4.13.4_04-3.43.2 xen-tools-debuginfo-4.13.4_04-3.43.2 xen-tools-domU-4.13.4_04-3.43.2 xen-tools-domU-debuginfo-4.13.4_04-3.43.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.4_04-3.43.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): xen-4.13.4_04-3.43.2 xen-debugsource-4.13.4_04-3.43.2 xen-devel-4.13.4_04-3.43.2 xen-libs-4.13.4_04-3.43.2 xen-libs-debuginfo-4.13.4_04-3.43.2 xen-tools-4.13.4_04-3.43.2 xen-tools-debuginfo-4.13.4_04-3.43.2 xen-tools-domU-4.13.4_04-3.43.2 xen-tools-domU-debuginfo-4.13.4_04-3.43.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): xen-4.13.4_04-3.43.2 xen-debugsource-4.13.4_04-3.43.2 xen-devel-4.13.4_04-3.43.2 xen-libs-4.13.4_04-3.43.2 xen-libs-debuginfo-4.13.4_04-3.43.2 xen-tools-4.13.4_04-3.43.2 xen-tools-debuginfo-4.13.4_04-3.43.2 xen-tools-domU-4.13.4_04-3.43.2 xen-tools-domU-debuginfo-4.13.4_04-3.43.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): xen-tools-xendomains-wait-disk-4.13.4_04-3.43.2 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): xen-tools-xendomains-wait-disk-4.13.4_04-3.43.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): xen-4.13.4_04-3.43.2 xen-debugsource-4.13.4_04-3.43.2 xen-devel-4.13.4_04-3.43.2 xen-libs-4.13.4_04-3.43.2 xen-libs-debuginfo-4.13.4_04-3.43.2 xen-tools-4.13.4_04-3.43.2 xen-tools-debuginfo-4.13.4_04-3.43.2 xen-tools-domU-4.13.4_04-3.43.2 xen-tools-domU-debuginfo-4.13.4_04-3.43.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.4_04-3.43.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): xen-4.13.4_04-3.43.2 xen-debugsource-4.13.4_04-3.43.2 xen-devel-4.13.4_04-3.43.2 xen-libs-4.13.4_04-3.43.2 xen-libs-debuginfo-4.13.4_04-3.43.2 xen-tools-4.13.4_04-3.43.2 xen-tools-debuginfo-4.13.4_04-3.43.2 xen-tools-domU-4.13.4_04-3.43.2 xen-tools-domU-debuginfo-4.13.4_04-3.43.2 - SUSE Linux Enterprise Micro 5.0 (x86_64): xen-debugsource-4.13.4_04-3.43.2 xen-libs-4.13.4_04-3.43.2 xen-libs-debuginfo-4.13.4_04-3.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): xen-4.13.4_04-3.43.2 xen-debugsource-4.13.4_04-3.43.2 xen-devel-4.13.4_04-3.43.2 xen-libs-4.13.4_04-3.43.2 xen-libs-debuginfo-4.13.4_04-3.43.2 xen-tools-4.13.4_04-3.43.2 xen-tools-debuginfo-4.13.4_04-3.43.2 xen-tools-domU-4.13.4_04-3.43.2 xen-tools-domU-debuginfo-4.13.4_04-3.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): xen-tools-xendomains-wait-disk-4.13.4_04-3.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): xen-4.13.4_04-3.43.2 xen-debugsource-4.13.4_04-3.43.2 xen-devel-4.13.4_04-3.43.2 xen-libs-4.13.4_04-3.43.2 xen-libs-debuginfo-4.13.4_04-3.43.2 xen-tools-4.13.4_04-3.43.2 xen-tools-debuginfo-4.13.4_04-3.43.2 xen-tools-domU-4.13.4_04-3.43.2 xen-tools-domU-debuginfo-4.13.4_04-3.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): xen-tools-xendomains-wait-disk-4.13.4_04-3.43.2 - SUSE Enterprise Storage 7 (x86_64): xen-4.13.4_04-3.43.2 xen-debugsource-4.13.4_04-3.43.2 xen-devel-4.13.4_04-3.43.2 xen-libs-4.13.4_04-3.43.2 xen-libs-debuginfo-4.13.4_04-3.43.2 xen-tools-4.13.4_04-3.43.2 xen-tools-debuginfo-4.13.4_04-3.43.2 xen-tools-domU-4.13.4_04-3.43.2 xen-tools-domU-debuginfo-4.13.4_04-3.43.2 - SUSE Enterprise Storage 7 (noarch): xen-tools-xendomains-wait-disk-4.13.4_04-3.43.2 References: https://www.suse.com/security/cve/CVE-2022-23033.html https://www.suse.com/security/cve/CVE-2022-23034.html https://www.suse.com/security/cve/CVE-2022-23035.html https://bugzilla.suse.com/1194576 https://bugzilla.suse.com/1194581 https://bugzilla.suse.com/1194588 From sle-updates at lists.suse.com Thu Feb 17 14:20:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 15:20:12 +0100 (CET) Subject: SUSE-RU-2022:0474-1: moderate: Recommended update for libzypp, zypper Message-ID: <20220217142012.B5739F368@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0474-1 Rating: moderate References: #1195326 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Installer 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-474=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-474=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2022-474=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-474=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-474=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libzypp-17.29.4-3.90.1 libzypp-debuginfo-17.29.4-3.90.1 libzypp-debugsource-17.29.4-3.90.1 libzypp-devel-17.29.4-3.90.1 zypper-1.14.51-3.66.1 zypper-debuginfo-1.14.51-3.66.1 zypper-debugsource-1.14.51-3.66.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): zypper-log-1.14.51-3.66.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libzypp-17.29.4-3.90.1 libzypp-debuginfo-17.29.4-3.90.1 libzypp-debugsource-17.29.4-3.90.1 libzypp-devel-17.29.4-3.90.1 zypper-1.14.51-3.66.1 zypper-debuginfo-1.14.51-3.66.1 zypper-debugsource-1.14.51-3.66.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): zypper-log-1.14.51-3.66.1 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libzypp-17.29.4-3.90.1 zypper-1.14.51-3.66.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libzypp-17.29.4-3.90.1 libzypp-debuginfo-17.29.4-3.90.1 libzypp-debugsource-17.29.4-3.90.1 libzypp-devel-17.29.4-3.90.1 zypper-1.14.51-3.66.1 zypper-debuginfo-1.14.51-3.66.1 zypper-debugsource-1.14.51-3.66.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): zypper-log-1.14.51-3.66.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libzypp-17.29.4-3.90.1 libzypp-debuginfo-17.29.4-3.90.1 libzypp-debugsource-17.29.4-3.90.1 libzypp-devel-17.29.4-3.90.1 zypper-1.14.51-3.66.1 zypper-debuginfo-1.14.51-3.66.1 zypper-debugsource-1.14.51-3.66.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): zypper-log-1.14.51-3.66.1 References: https://bugzilla.suse.com/1195326 From sle-updates at lists.suse.com Thu Feb 17 14:20:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 15:20:50 +0100 (CET) Subject: SUSE-RU-2022:0473-1: moderate: Recommended update for libzypp, zypper Message-ID: <20220217142050.14AD2F368@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0473-1 Rating: moderate References: #1195326 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-473=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-473=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-473=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2022-473=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-473=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-473=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-473=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libzypp-17.29.4-3.73.1 libzypp-debuginfo-17.29.4-3.73.1 libzypp-debugsource-17.29.4-3.73.1 libzypp-devel-17.29.4-3.73.1 zypper-1.14.51-3.52.1 zypper-debuginfo-1.14.51-3.52.1 zypper-debugsource-1.14.51-3.52.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): zypper-log-1.14.51-3.52.1 zypper-needs-restarting-1.14.51-3.52.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libzypp-17.29.4-3.73.1 libzypp-debuginfo-17.29.4-3.73.1 libzypp-debugsource-17.29.4-3.73.1 libzypp-devel-17.29.4-3.73.1 zypper-1.14.51-3.52.1 zypper-debuginfo-1.14.51-3.52.1 zypper-debugsource-1.14.51-3.52.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): zypper-log-1.14.51-3.52.1 zypper-needs-restarting-1.14.51-3.52.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): zypper-log-1.14.51-3.52.1 zypper-needs-restarting-1.14.51-3.52.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libzypp-17.29.4-3.73.1 libzypp-debuginfo-17.29.4-3.73.1 libzypp-debugsource-17.29.4-3.73.1 libzypp-devel-17.29.4-3.73.1 zypper-1.14.51-3.52.1 zypper-debuginfo-1.14.51-3.52.1 zypper-debugsource-1.14.51-3.52.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libzypp-17.29.4-3.73.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libzypp-17.29.4-3.73.1 libzypp-debuginfo-17.29.4-3.73.1 libzypp-debugsource-17.29.4-3.73.1 libzypp-devel-17.29.4-3.73.1 zypper-1.14.51-3.52.1 zypper-debuginfo-1.14.51-3.52.1 zypper-debugsource-1.14.51-3.52.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): zypper-log-1.14.51-3.52.1 zypper-needs-restarting-1.14.51-3.52.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libzypp-17.29.4-3.73.1 libzypp-debuginfo-17.29.4-3.73.1 libzypp-debugsource-17.29.4-3.73.1 libzypp-devel-17.29.4-3.73.1 zypper-1.14.51-3.52.1 zypper-debuginfo-1.14.51-3.52.1 zypper-debugsource-1.14.51-3.52.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): zypper-log-1.14.51-3.52.1 zypper-needs-restarting-1.14.51-3.52.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libzypp-17.29.4-3.73.1 libzypp-debuginfo-17.29.4-3.73.1 libzypp-debugsource-17.29.4-3.73.1 libzypp-devel-17.29.4-3.73.1 zypper-1.14.51-3.52.1 zypper-debuginfo-1.14.51-3.52.1 zypper-debugsource-1.14.51-3.52.1 - SUSE Enterprise Storage 6 (noarch): zypper-log-1.14.51-3.52.1 zypper-needs-restarting-1.14.51-3.52.1 - SUSE CaaS Platform 4.0 (x86_64): libzypp-17.29.4-3.73.1 libzypp-debuginfo-17.29.4-3.73.1 libzypp-debugsource-17.29.4-3.73.1 libzypp-devel-17.29.4-3.73.1 zypper-1.14.51-3.52.1 zypper-debuginfo-1.14.51-3.52.1 zypper-debugsource-1.14.51-3.52.1 - SUSE CaaS Platform 4.0 (noarch): zypper-log-1.14.51-3.52.1 zypper-needs-restarting-1.14.51-3.52.1 References: https://bugzilla.suse.com/1195326 From sle-updates at lists.suse.com Thu Feb 17 14:21:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 15:21:26 +0100 (CET) Subject: SUSE-SU-2022:14886-1: important: Security update for xen Message-ID: <20220217142126.01E97F368@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14886-1 Rating: important References: #1194581 #1194588 Cross-References: CVE-2022-23034 CVE-2022-23035 CVSS scores: CVE-2022-23034 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23034 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23035 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23035 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xen-14886=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-14886=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): xen-kmp-default-4.4.4_52_3.0.101_108.132-61.70.1 xen-libs-4.4.4_52-61.70.1 xen-tools-domU-4.4.4_52-61.70.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): xen-4.4.4_52-61.70.1 xen-doc-html-4.4.4_52-61.70.1 xen-libs-32bit-4.4.4_52-61.70.1 xen-tools-4.4.4_52-61.70.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): xen-kmp-pae-4.4.4_52_3.0.101_108.132-61.70.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_52-61.70.1 xen-debugsource-4.4.4_52-61.70.1 References: https://www.suse.com/security/cve/CVE-2022-23034.html https://www.suse.com/security/cve/CVE-2022-23035.html https://bugzilla.suse.com/1194581 https://bugzilla.suse.com/1194588 From sle-updates at lists.suse.com Thu Feb 17 14:22:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 15:22:17 +0100 (CET) Subject: SUSE-RU-2022:0476-1: moderate: Recommended update for nfs-utils Message-ID: <20220217142217.61C35F368@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0476-1 Rating: moderate References: #1194661 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-476=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-476=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-476=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-476=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-476=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-476=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-476=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-476=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-476=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-476=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-476=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-476=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-476=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-476=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-476=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-476=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-476=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-476=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-476=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-476=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Manager Proxy 4.1 (x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 - SUSE CaaS Platform 4.0 (x86_64): nfs-client-2.1.1-10.21.1 nfs-client-debuginfo-2.1.1-10.21.1 nfs-doc-2.1.1-10.21.1 nfs-kernel-server-2.1.1-10.21.1 nfs-kernel-server-debuginfo-2.1.1-10.21.1 nfs-utils-debuginfo-2.1.1-10.21.1 nfs-utils-debugsource-2.1.1-10.21.1 References: https://bugzilla.suse.com/1194661 From sle-updates at lists.suse.com Thu Feb 17 14:23:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 15:23:03 +0100 (CET) Subject: SUSE-SU-2022:0469-1: important: Security update for xen Message-ID: <20220217142303.97927F368@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0469-1 Rating: important References: #1194576 #1194581 #1194588 Cross-References: CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVSS scores: CVE-2022-23033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23034 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23034 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23035 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23035 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-469=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-469=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_18-3.58.2 xen-devel-4.12.4_18-3.58.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_18-3.58.2 xen-debugsource-4.12.4_18-3.58.2 xen-doc-html-4.12.4_18-3.58.2 xen-libs-32bit-4.12.4_18-3.58.2 xen-libs-4.12.4_18-3.58.2 xen-libs-debuginfo-32bit-4.12.4_18-3.58.2 xen-libs-debuginfo-4.12.4_18-3.58.2 xen-tools-4.12.4_18-3.58.2 xen-tools-debuginfo-4.12.4_18-3.58.2 xen-tools-domU-4.12.4_18-3.58.2 xen-tools-domU-debuginfo-4.12.4_18-3.58.2 References: https://www.suse.com/security/cve/CVE-2022-23033.html https://www.suse.com/security/cve/CVE-2022-23034.html https://www.suse.com/security/cve/CVE-2022-23035.html https://bugzilla.suse.com/1194576 https://bugzilla.suse.com/1194581 https://bugzilla.suse.com/1194588 From sle-updates at lists.suse.com Thu Feb 17 14:23:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 15:23:45 +0100 (CET) Subject: SUSE-RU-2022:0472-1: moderate: Recommended update for gdb Message-ID: <20220217142345.5FE45F368@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0472-1 Rating: moderate References: #1146167 #1146475 #1156284 #1158539 #1168394 #1169368 #1169495 #1180786 #1184214 #1185638 #1186040 #1187044 #1192285 SLE-13656 SLE-21561 SLE-21581 SLE-7903 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has 13 recommended fixes and contains four features can now be installed. Description: This update for gdb fixes the following issues: - Don't 'BuildRequire' binutils-gold for SLE-12/s390. - Implements jsc#SLE-21561. - Fix gdb chrashes while debugging 'clang-cpp'. (bsc#1192285) - Disable big endian powerpc. - Maintenance scripts: * Fix patch filtering in clean.sh. * Add KFAIL in qa.sh. - Added maintenance script: * qa.sh - Drop 32bit packages for s390x. - Fix SLE-15 s390x: unresolvable, nothing provides glibc-devel-static-32bit. - Disable test-case gdb.base/break-interp.exp for SLE-11. It causes a "glibc detected *** expect: double free or corruption (out)" in expect and a subsequent runtest abort. This might be the cause of the package build failure due to "Job seems to be stuck here, killed. (after 8hrs of inactivity)" - Rebase to 11.1 release (as in fedora 35 @ 9cd9368): * GDB now supports general memory tagging functionality if the underlying architecture supports the proper primitives and hooks. Currently this is enabled only for AArch64 MTE. * GDB will now look for the .gdbinit file in a config directory before looking for ~/.gdbinit. The file is searched for in the following locations: $XDG_CONFIG_HOME/gdb/gdbinit, $HOME/.config/gdb/gdbinit, $HOME/.gdbinit. * GDB will now load and process commands from ~/.config/gdb/gdbearlyinit or ~/.gdbearlyinit if these files are present. These files are processed earlier than any of the other initialization files and can affect parts of GDB's startup that previously had already been completed before the initialization files were read, for example styling of the initial GDB greeting. * GDB now has two new options "--early-init-command" and "--early-init-eval-command" with corresponding short options "-eix" and "-eiex" that allow options (that would normally appear in a gdbearlyinit file) to be passed on the command line. * set startup-quietly on|off show startup-quietly When 'on', this causes GDB to act as if "-silent" were passed on the command line. This command needs to be added to an early initialization file (e.g. ~/.config/gdb/gdbearlyinit) in order to affect GDB. * For RISC-V targets, the target feature "org.gnu.gdb.riscv.vector" is now understood by GDB, and can be used to describe the vector registers of a target. * TUI windows now support mouse actions. The mouse wheel scrolls the appropriate window. * Key combinations that do not have a specific action on the focused window are passed to GDB. For example, you now can use Ctrl-Left/Ctrl-Right to move between words in the command window regardless of which window is in focus. Previously you would need to focus on the command window for such key combinations to work. * set python ignore-environment on|off show python ignore-environment When 'on', this causes GDB's builtin Python to ignore any environment variables that would otherwise affect how Python behaves. This command needs to be added to an early initialization file (e.g. ~/.config/gdb/gdbearlyinit) in order to affect GDB. * set python dont-write-bytecode auto|on|off show python dont-write-bytecode When 'on', this causes GDB's builtin Python to not write any byte-code (.pyc files) to disk. This command needs to be added to an early initialization file (e.g. ~/.config/gdb/gdbearlyinit) in order to affect GDB. When 'off' byte-code will always be written. When set to 'auto' (the default) Python will check the PYTHONDONTWRITEBYTECODE environment variable. * break [PROBE_MODIFIER] [LOCATION] [thread THREADNUM] [-force-condition] [if CONDITION] This command would previously refuse setting a breakpoint if the CONDITION expression is invalid at a location. It now accepts and defines the breakpoint if there is at least one location at which the CONDITION is valid. The locations for which the CONDITION is invalid, are automatically disabled. If CONDITION is invalid at all of the locations, setting the breakpoint is still rejected. However, the '-force-condition' flag can be used in this case for forcing GDB to define the breakpoint, making all the current locations automatically disabled. This may be useful if the user knows the condition will become meaningful at a future location, e.g. due to a shared library load. - Added maintenance scripts: * import-patches.sh * clean.sh - Adjust include order to avoid gnulib error - Support DW_LLE_start_end (bsc#1187044) - Fix Leap 15.3 s390x gdb:testsuite build, by not requiring 32-bit packages for openSUSE s390x. - Fix Leap 15.3 s390x gdb:testsuite build, by not requiring glibc-devel-static-32bit. - Fix Leap 15.3 i586 gdb:testsuite build, by not requiring fpc. - Backport updated fix from upstream (bsc#1185638) - Backport fix for assert (bsc#1186040) - Remove fix due to regressions (bsc#1185638) - Backport fix from upstream (bsc#1185638) - Fix various testsuite fails on Factory using backports - Fix libthread_db problem on Factory (bsc#1184214) - Workaround libncurses pulling in libpcre2_posix: - Replace tentative fix with upstreamed fix. - Fix license (bsc#1180786) - Backport from master (jsc#SLE-13656) - Require 8GB diskspace for x86_64. - Add xz to BuildRequires for testsuite flavour. - Add note on mpfr-devel for SLE-11. - BuildRequire curl for debuginfod test-case. - Disable xz-devel and binutils-gold for SLE-10. - More enabling of gdbserver for riscv64. - Enable gdbserver for riscv64. - Restrict BuildRequires libdebuginfod to Factory and supporting archs. - Rebase to 10.1 release (as in fedora 33 @ 6c8ccd6). * Debuginfod support. * Multi-target debugging support. * Multithreaded symbol loading enabled by default. * New command set exec-file-mismatch. * New command tui new-layout. * Alias command can now specify default args for an alias. - Update libipt to v2.0.2. - Enable CTF support also for riscv64 - Restore License/Group. - Don't BuildRequire systemtap-sdt-devel for SLE-11. - Add testsuite BuildRequire systemtap-sdt-devel. - Add BuildRequire babeltrace-devel. On Factory this adds bdeps babeltrace-devel, libuuid-devel, babeltrace, libglib-2_0-0, and libgmodule-2_0-0. - Fix internal error on aarch64 [swo#26316]. - Change into multibuild package and add flavour gdb-testsuite. - Fix s390 -> s390x typo. - Don't BuildRequire binutils-gold for SLE-12/s390. - BuildRequire binutils-gold for testsuite - Rebase to 9.2 release. - Fix SLE-11 build. Gdb 9.1 requires make 3.82, but SLE-11 has make 3.81: - Fix build error due to missing DIAGNOSTIC_IGNORE_UNUSED_FUNCTION. - Fix Werror=unused-function with gcc 4.8 (for Leap 42.3). - Require %{suse_version} >= 1500 for --with-system-readline. - Rebase to 9.1 release (as in fedora 32 @ 1735910). * Breakpoints on nested functions and subroutines in Fortran. * Multithreaded symbol loading, disabled by default. Enable using 'maint set worker-threads unlimited'. * Multi-target debugging support. * New command pipe. * New command set logging debugredirect [on|off]. * New fortran commands info modules, info module functions, info module variables. - Fix .debug_types problems [swo#24480, swo#25889, bsc#1168394]. - Fix python 3.8 warning [bsc#1169495]. - Fix build with gcc 10 [bsc#1169368, swo#25717]. - Fix hang after SIGKILL [swo#25478]. - Add support for official name of s390 arch13: z15. Add descriptions for arch13 instructions. (jsc#SLE-7903) - Fix build with gcc 10 (bsc#1158539, swo#24653) - make fpc optional (bsc#1156284) as fpc requires itself for bootstrapping. - Fix for bsc#1146475 [bsc#1146475, swo#24971 ] - Fix for bsc#1146167 [bsc#1146167, swo#24956] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-472=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-472=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gdb-debuginfo-11.1-2.17.1 gdb-debugsource-11.1-2.17.1 gdbserver-11.1-2.17.1 gdbserver-debuginfo-11.1-2.17.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x): gdb-debuginfo-32bit-11.1-2.17.1 gdbserver-32bit-11.1-2.17.1 gdbserver-debuginfo-32bit-11.1-2.17.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gdb-11.1-2.17.1 gdb-debuginfo-11.1-2.17.1 gdb-debugsource-11.1-2.17.1 References: https://bugzilla.suse.com/1146167 https://bugzilla.suse.com/1146475 https://bugzilla.suse.com/1156284 https://bugzilla.suse.com/1158539 https://bugzilla.suse.com/1168394 https://bugzilla.suse.com/1169368 https://bugzilla.suse.com/1169495 https://bugzilla.suse.com/1180786 https://bugzilla.suse.com/1184214 https://bugzilla.suse.com/1185638 https://bugzilla.suse.com/1186040 https://bugzilla.suse.com/1187044 https://bugzilla.suse.com/1192285 From sle-updates at lists.suse.com Thu Feb 17 14:25:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 15:25:02 +0100 (CET) Subject: SUSE-RU-2022:0475-1: moderate: Recommended update for nfs-utils Message-ID: <20220217142502.38EC8F368@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0475-1 Rating: moderate References: #1187922 #1194661 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) - Don't bind() a non-priv socket immediately before connecting, as this wastes port numbers. (bsc#1187922) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-475=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-475=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-475=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-475=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-475=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-475=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-475=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-475=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-475=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-475=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-475=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-475=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): nfs-client-1.3.0-34.34.2 nfs-client-debuginfo-1.3.0-34.34.2 nfs-doc-1.3.0-34.34.2 nfs-kernel-server-1.3.0-34.34.2 nfs-kernel-server-debuginfo-1.3.0-34.34.2 nfs-utils-debugsource-1.3.0-34.34.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): nfs-client-1.3.0-34.34.2 nfs-client-debuginfo-1.3.0-34.34.2 nfs-doc-1.3.0-34.34.2 nfs-kernel-server-1.3.0-34.34.2 nfs-kernel-server-debuginfo-1.3.0-34.34.2 nfs-utils-debugsource-1.3.0-34.34.2 - SUSE OpenStack Cloud 9 (x86_64): nfs-client-1.3.0-34.34.2 nfs-client-debuginfo-1.3.0-34.34.2 nfs-doc-1.3.0-34.34.2 nfs-kernel-server-1.3.0-34.34.2 nfs-kernel-server-debuginfo-1.3.0-34.34.2 nfs-utils-debugsource-1.3.0-34.34.2 - SUSE OpenStack Cloud 8 (x86_64): nfs-client-1.3.0-34.34.2 nfs-client-debuginfo-1.3.0-34.34.2 nfs-doc-1.3.0-34.34.2 nfs-kernel-server-1.3.0-34.34.2 nfs-kernel-server-debuginfo-1.3.0-34.34.2 nfs-utils-debugsource-1.3.0-34.34.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): nfs-client-1.3.0-34.34.2 nfs-client-debuginfo-1.3.0-34.34.2 nfs-doc-1.3.0-34.34.2 nfs-kernel-server-1.3.0-34.34.2 nfs-kernel-server-debuginfo-1.3.0-34.34.2 nfs-utils-debugsource-1.3.0-34.34.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): nfs-client-1.3.0-34.34.2 nfs-client-debuginfo-1.3.0-34.34.2 nfs-doc-1.3.0-34.34.2 nfs-kernel-server-1.3.0-34.34.2 nfs-kernel-server-debuginfo-1.3.0-34.34.2 nfs-utils-debugsource-1.3.0-34.34.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): nfs-client-1.3.0-34.34.2 nfs-client-debuginfo-1.3.0-34.34.2 nfs-doc-1.3.0-34.34.2 nfs-kernel-server-1.3.0-34.34.2 nfs-kernel-server-debuginfo-1.3.0-34.34.2 nfs-utils-debugsource-1.3.0-34.34.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): nfs-client-1.3.0-34.34.2 nfs-client-debuginfo-1.3.0-34.34.2 nfs-doc-1.3.0-34.34.2 nfs-kernel-server-1.3.0-34.34.2 nfs-kernel-server-debuginfo-1.3.0-34.34.2 nfs-utils-debugsource-1.3.0-34.34.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): nfs-client-1.3.0-34.34.2 nfs-client-debuginfo-1.3.0-34.34.2 nfs-doc-1.3.0-34.34.2 nfs-kernel-server-1.3.0-34.34.2 nfs-kernel-server-debuginfo-1.3.0-34.34.2 nfs-utils-debugsource-1.3.0-34.34.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): nfs-client-1.3.0-34.34.2 nfs-client-debuginfo-1.3.0-34.34.2 nfs-doc-1.3.0-34.34.2 nfs-kernel-server-1.3.0-34.34.2 nfs-kernel-server-debuginfo-1.3.0-34.34.2 nfs-utils-debugsource-1.3.0-34.34.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): nfs-client-1.3.0-34.34.2 nfs-client-debuginfo-1.3.0-34.34.2 nfs-doc-1.3.0-34.34.2 nfs-kernel-server-1.3.0-34.34.2 nfs-kernel-server-debuginfo-1.3.0-34.34.2 nfs-utils-debugsource-1.3.0-34.34.2 - HPE Helion Openstack 8 (x86_64): nfs-client-1.3.0-34.34.2 nfs-client-debuginfo-1.3.0-34.34.2 nfs-doc-1.3.0-34.34.2 nfs-kernel-server-1.3.0-34.34.2 nfs-kernel-server-debuginfo-1.3.0-34.34.2 nfs-utils-debugsource-1.3.0-34.34.2 References: https://bugzilla.suse.com/1187922 https://bugzilla.suse.com/1194661 From sle-updates at lists.suse.com Thu Feb 17 14:25:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 15:25:45 +0100 (CET) Subject: SUSE-RU-2022:0471-1: important: Recommended update for trento-premium Message-ID: <20220217142545.35EE6F368@maintenance.suse.de> SUSE Recommended Update: Recommended update for trento-premium ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0471-1 Rating: important References: MSC-302 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for trento-premium fixes the following issues: - Releasing new sub-package 'trento-premium-installer'. (jsc#MSC-302) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-471=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-471=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-471=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): trento-premium-0.8.1+git.dev69.1643724601.92fd00b-150300.3.7.1 trento-premium-server-installer-0.8.1+git.dev69.1643724601.92fd00b-150300.3.7.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): trento-premium-0.8.1+git.dev69.1643724601.92fd00b-150300.3.7.1 trento-premium-server-installer-0.8.1+git.dev69.1643724601.92fd00b-150300.3.7.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): trento-premium-0.8.1+git.dev69.1643724601.92fd00b-150300.3.7.1 trento-premium-server-installer-0.8.1+git.dev69.1643724601.92fd00b-150300.3.7.1 References: From sle-updates at lists.suse.com Thu Feb 17 14:26:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 15:26:13 +0100 (CET) Subject: SUSE-SU-2022:0468-1: important: Security update for xen Message-ID: <20220217142613.599ABF368@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0468-1 Rating: important References: #1194576 #1194581 #1194588 Cross-References: CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVSS scores: CVE-2022-23033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23034 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23034 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23035 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23035 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-468=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-468=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-468=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-468=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-468=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-468=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): xen-4.12.4_18-3.60.2 xen-debugsource-4.12.4_18-3.60.2 xen-devel-4.12.4_18-3.60.2 xen-libs-4.12.4_18-3.60.2 xen-libs-debuginfo-4.12.4_18-3.60.2 xen-tools-4.12.4_18-3.60.2 xen-tools-debuginfo-4.12.4_18-3.60.2 xen-tools-domU-4.12.4_18-3.60.2 xen-tools-domU-debuginfo-4.12.4_18-3.60.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): xen-4.12.4_18-3.60.2 xen-debugsource-4.12.4_18-3.60.2 xen-devel-4.12.4_18-3.60.2 xen-libs-4.12.4_18-3.60.2 xen-libs-debuginfo-4.12.4_18-3.60.2 xen-tools-4.12.4_18-3.60.2 xen-tools-debuginfo-4.12.4_18-3.60.2 xen-tools-domU-4.12.4_18-3.60.2 xen-tools-domU-debuginfo-4.12.4_18-3.60.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xen-4.12.4_18-3.60.2 xen-debugsource-4.12.4_18-3.60.2 xen-devel-4.12.4_18-3.60.2 xen-libs-4.12.4_18-3.60.2 xen-libs-debuginfo-4.12.4_18-3.60.2 xen-tools-4.12.4_18-3.60.2 xen-tools-debuginfo-4.12.4_18-3.60.2 xen-tools-domU-4.12.4_18-3.60.2 xen-tools-domU-debuginfo-4.12.4_18-3.60.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): xen-4.12.4_18-3.60.2 xen-debugsource-4.12.4_18-3.60.2 xen-devel-4.12.4_18-3.60.2 xen-libs-4.12.4_18-3.60.2 xen-libs-debuginfo-4.12.4_18-3.60.2 xen-tools-4.12.4_18-3.60.2 xen-tools-debuginfo-4.12.4_18-3.60.2 xen-tools-domU-4.12.4_18-3.60.2 xen-tools-domU-debuginfo-4.12.4_18-3.60.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): xen-4.12.4_18-3.60.2 xen-debugsource-4.12.4_18-3.60.2 xen-devel-4.12.4_18-3.60.2 xen-libs-4.12.4_18-3.60.2 xen-libs-debuginfo-4.12.4_18-3.60.2 xen-tools-4.12.4_18-3.60.2 xen-tools-debuginfo-4.12.4_18-3.60.2 xen-tools-domU-4.12.4_18-3.60.2 xen-tools-domU-debuginfo-4.12.4_18-3.60.2 - SUSE Enterprise Storage 6 (x86_64): xen-4.12.4_18-3.60.2 xen-debugsource-4.12.4_18-3.60.2 xen-devel-4.12.4_18-3.60.2 xen-libs-4.12.4_18-3.60.2 xen-libs-debuginfo-4.12.4_18-3.60.2 xen-tools-4.12.4_18-3.60.2 xen-tools-debuginfo-4.12.4_18-3.60.2 xen-tools-domU-4.12.4_18-3.60.2 xen-tools-domU-debuginfo-4.12.4_18-3.60.2 - SUSE CaaS Platform 4.0 (x86_64): xen-4.12.4_18-3.60.2 xen-debugsource-4.12.4_18-3.60.2 xen-devel-4.12.4_18-3.60.2 xen-libs-4.12.4_18-3.60.2 xen-libs-debuginfo-4.12.4_18-3.60.2 xen-tools-4.12.4_18-3.60.2 xen-tools-debuginfo-4.12.4_18-3.60.2 xen-tools-domU-4.12.4_18-3.60.2 xen-tools-domU-debuginfo-4.12.4_18-3.60.2 References: https://www.suse.com/security/cve/CVE-2022-23033.html https://www.suse.com/security/cve/CVE-2022-23034.html https://www.suse.com/security/cve/CVE-2022-23035.html https://bugzilla.suse.com/1194576 https://bugzilla.suse.com/1194581 https://bugzilla.suse.com/1194588 From sle-updates at lists.suse.com Thu Feb 17 17:19:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 18:19:59 +0100 (CET) Subject: SUSE-SU-2022:0479-1: important: Security update for virglrenderer Message-ID: <20220217171959.83FE7F355@maintenance.suse.de> SUSE Security Update: Security update for virglrenderer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0479-1 Rating: important References: #1195389 Cross-References: CVE-2022-0135 CVSS scores: CVE-2022-0135 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-479=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-479=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-479=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-479=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-479=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-479=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-479=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-479=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-479=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-479=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-479=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-479=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-479=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-479=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-479=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-479=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-479=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-479=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-479=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-479=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-479=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-479=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-479=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Manager Proxy 4.1 (x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 - SUSE CaaS Platform 4.0 (x86_64): libvirglrenderer0-0.6.0-4.9.1 libvirglrenderer0-debuginfo-0.6.0-4.9.1 virglrenderer-debuginfo-0.6.0-4.9.1 virglrenderer-debugsource-0.6.0-4.9.1 virglrenderer-devel-0.6.0-4.9.1 References: https://www.suse.com/security/cve/CVE-2022-0135.html https://bugzilla.suse.com/1195389 From sle-updates at lists.suse.com Thu Feb 17 17:20:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 18:20:43 +0100 (CET) Subject: SUSE-RU-2022:0481-1: important: Recommended update for release-notes-sles Message-ID: <20220217172043.D01EEF355@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0481-1 Rating: important References: #1195107 #933411 SLE-20553 SLE-22661 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server Installer 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes and contains two features can now be installed. Description: This update for release-notes-sles fixes the following issues: - 12.5.20220202 (tracked in bsc#933411) - Added kernel parameter change (bsc#1195107) - Added note about deprecating XFS V4 (jsc#SLE-22661) - Updated note about unixODBC drivers in production (jsc#SLE-20553) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP5: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP5-2022-481=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-481=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP5 (noarch): release-notes-sles-12.5.20220202-3.28.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): release-notes-sles-12.5.20220202-3.28.2 References: https://bugzilla.suse.com/1195107 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Thu Feb 17 17:21:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 18:21:22 +0100 (CET) Subject: SUSE-SU-2022:0478-1: important: Security update for virglrenderer Message-ID: <20220217172122.54816F355@maintenance.suse.de> SUSE Security Update: Security update for virglrenderer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0478-1 Rating: important References: #1195389 Cross-References: CVE-2022-0135 CVSS scores: CVE-2022-0135 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-478=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-478=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-478=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-478=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-478=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-478=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-478=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-478=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-478=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-478=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-478=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-478=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-478=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libvirglrenderer0-0.5.0-12.9.1 libvirglrenderer0-debuginfo-0.5.0-12.9.1 virglrenderer-debugsource-0.5.0-12.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libvirglrenderer0-0.5.0-12.9.1 libvirglrenderer0-debuginfo-0.5.0-12.9.1 virglrenderer-debugsource-0.5.0-12.9.1 - SUSE OpenStack Cloud 9 (x86_64): libvirglrenderer0-0.5.0-12.9.1 libvirglrenderer0-debuginfo-0.5.0-12.9.1 virglrenderer-debugsource-0.5.0-12.9.1 - SUSE OpenStack Cloud 8 (x86_64): libvirglrenderer0-0.5.0-12.9.1 libvirglrenderer0-debuginfo-0.5.0-12.9.1 virglrenderer-debugsource-0.5.0-12.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): virglrenderer-debugsource-0.5.0-12.9.1 virglrenderer-devel-0.5.0-12.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libvirglrenderer0-0.5.0-12.9.1 libvirglrenderer0-debuginfo-0.5.0-12.9.1 virglrenderer-debugsource-0.5.0-12.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libvirglrenderer0-0.5.0-12.9.1 libvirglrenderer0-debuginfo-0.5.0-12.9.1 virglrenderer-debugsource-0.5.0-12.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libvirglrenderer0-0.5.0-12.9.1 libvirglrenderer0-debuginfo-0.5.0-12.9.1 virglrenderer-debugsource-0.5.0-12.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libvirglrenderer0-0.5.0-12.9.1 libvirglrenderer0-debuginfo-0.5.0-12.9.1 virglrenderer-debugsource-0.5.0-12.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libvirglrenderer0-0.5.0-12.9.1 libvirglrenderer0-debuginfo-0.5.0-12.9.1 virglrenderer-debugsource-0.5.0-12.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libvirglrenderer0-0.5.0-12.9.1 libvirglrenderer0-debuginfo-0.5.0-12.9.1 virglrenderer-debugsource-0.5.0-12.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libvirglrenderer0-0.5.0-12.9.1 libvirglrenderer0-debuginfo-0.5.0-12.9.1 virglrenderer-debugsource-0.5.0-12.9.1 - HPE Helion Openstack 8 (x86_64): libvirglrenderer0-0.5.0-12.9.1 libvirglrenderer0-debuginfo-0.5.0-12.9.1 virglrenderer-debugsource-0.5.0-12.9.1 References: https://www.suse.com/security/cve/CVE-2022-0135.html https://bugzilla.suse.com/1195389 From sle-updates at lists.suse.com Thu Feb 17 17:22:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 18:22:15 +0100 (CET) Subject: SUSE-SU-2022:0480-1: important: Security update for tiff Message-ID: <20220217172215.E0A58F368@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0480-1 Rating: important References: #1071031 #1154365 #1182808 #1182809 #1182811 #1182812 #1190312 #1194539 Cross-References: CVE-2017-17095 CVE-2019-17546 CVE-2020-19131 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 CVE-2022-22844 CVSS scores: CVE-2017-17095 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-17095 (SUSE): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-17546 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-17546 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-19131 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-19131 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35521 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35521 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2020-35522 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35522 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2020-35523 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-35523 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2020-35524 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-35524 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-22844 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031). - CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365). - CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). - CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-480=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-480=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-480=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-480=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-480=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-480=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-480=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-480=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-480=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-480=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-480=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-480=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-480=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-480=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-480=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-480=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-480=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-480=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-480=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-480=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-480=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-480=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-480=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-480=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-480=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-480=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Manager Server 4.1 (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Manager Proxy 4.1 (x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Enterprise Storage 7 (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 - SUSE Enterprise Storage 6 (x86_64): libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 - SUSE CaaS Platform 4.0 (x86_64): libtiff-devel-4.0.9-45.5.1 libtiff5-32bit-4.0.9-45.5.1 libtiff5-32bit-debuginfo-4.0.9-45.5.1 libtiff5-4.0.9-45.5.1 libtiff5-debuginfo-4.0.9-45.5.1 tiff-debuginfo-4.0.9-45.5.1 tiff-debugsource-4.0.9-45.5.1 References: https://www.suse.com/security/cve/CVE-2017-17095.html https://www.suse.com/security/cve/CVE-2019-17546.html https://www.suse.com/security/cve/CVE-2020-19131.html https://www.suse.com/security/cve/CVE-2020-35521.html https://www.suse.com/security/cve/CVE-2020-35522.html https://www.suse.com/security/cve/CVE-2020-35523.html https://www.suse.com/security/cve/CVE-2020-35524.html https://www.suse.com/security/cve/CVE-2022-22844.html https://bugzilla.suse.com/1071031 https://bugzilla.suse.com/1154365 https://bugzilla.suse.com/1182808 https://bugzilla.suse.com/1182809 https://bugzilla.suse.com/1182811 https://bugzilla.suse.com/1182812 https://bugzilla.suse.com/1190312 https://bugzilla.suse.com/1194539 From sle-updates at lists.suse.com Thu Feb 17 17:23:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 18:23:39 +0100 (CET) Subject: SUSE-SU-2022:0477-1: important: Security update for the Linux Kernel Message-ID: <20220217172339.87F34F368@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0477-1 Rating: important References: #1012382 #1179960 #1183696 #1186207 #1192032 #1192847 #1192877 #1192946 #1193157 #1193440 #1193442 #1193575 #1193669 #1193727 #1193861 #1193864 #1193867 #1194001 #1194087 #1194094 #1194272 #1194302 #1194516 #1194529 #1194880 Cross-References: CVE-2018-25020 CVE-2019-0136 CVE-2020-35519 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28715 CVE-2021-33098 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4002 CVE-2021-4083 CVE-2021-4149 CVE-2021-4155 CVE-2021-4197 CVE-2021-4202 CVE-2021-43976 CVE-2021-45095 CVE-2021-45485 CVE-2021-45486 CVE-2022-0330 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-0136 (NVD) : 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2019-0136 (SUSE): 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2020-35519 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28711 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28712 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28713 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28715 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4149 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4155 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-45485 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 23 vulnerabilities and has two fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). - CVE-2019-0136: Fixed insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver that may have allowed an unauthenticated user to potentially enable denial of service via adjacent access (bnc#1193157). - CVE-2020-35519: Fixed out-of-bounds memory access in x25_bind in net/x25/af_x25.c. A bounds check failure allowed a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information (bnc#1183696). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-33098: Fixed improper input validation in the Intel(R) Ethernet ixgbe driver that may have allowed an authenticated user to potentially cause denial of service via local access (bnc#1192877). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-4002: Fixed incorrect TLBs flush in hugetlbfs after huge_pmd_unshare (bsc#1192946). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4155: Fixed XFS map issue when unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (bsc#1194272). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-43976: Fixed insufficient access control in drivers/net/wireless/marvell/mwifiex/usb.c that allowed an attacker who connect a crafted USB device to cause denial of service (bnc#1192847). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-45485: Fixed information leak in the IPv6 implementation in net/ipv6/output_core.c (bnc#1194094). - CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - memstick: rtsx_usb_ms: fix UAF - moxart: fix potential use-after-free on remove path (bsc1194516). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - xen-netfront: do not assume sk_buff_head list is empty in error handling (git-fixes). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not bug in case of too many frags (bnc#1012382). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-477=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.164.1 kernel-macros-4.4.121-92.164.1 kernel-source-4.4.121-92.164.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.164.1 kernel-default-base-4.4.121-92.164.1 kernel-default-base-debuginfo-4.4.121-92.164.1 kernel-default-debuginfo-4.4.121-92.164.1 kernel-default-debugsource-4.4.121-92.164.1 kernel-default-devel-4.4.121-92.164.1 kernel-syms-4.4.121-92.164.1 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2019-0136.html https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2021-0935.html https://www.suse.com/security/cve/CVE-2021-28711.html https://www.suse.com/security/cve/CVE-2021-28712.html https://www.suse.com/security/cve/CVE-2021-28713.html https://www.suse.com/security/cve/CVE-2021-28715.html https://www.suse.com/security/cve/CVE-2021-33098.html https://www.suse.com/security/cve/CVE-2021-3564.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-4002.html https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4149.html https://www.suse.com/security/cve/CVE-2021-4155.html https://www.suse.com/security/cve/CVE-2021-4197.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2021-43976.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2021-45485.html https://www.suse.com/security/cve/CVE-2021-45486.html https://www.suse.com/security/cve/CVE-2022-0330.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1186207 https://bugzilla.suse.com/1192032 https://bugzilla.suse.com/1192847 https://bugzilla.suse.com/1192877 https://bugzilla.suse.com/1192946 https://bugzilla.suse.com/1193157 https://bugzilla.suse.com/1193440 https://bugzilla.suse.com/1193442 https://bugzilla.suse.com/1193575 https://bugzilla.suse.com/1193669 https://bugzilla.suse.com/1193727 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194001 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194094 https://bugzilla.suse.com/1194272 https://bugzilla.suse.com/1194302 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194529 https://bugzilla.suse.com/1194880 From sle-updates at lists.suse.com Thu Feb 17 17:26:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 18:26:31 +0100 (CET) Subject: SUSE-RU-2022:0187-2: moderate: Recommended update for vsftpd Message-ID: <20220217172631.29D9BF368@maintenance.suse.de> SUSE Recommended Update: Recommended update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0187-2 Rating: moderate References: #1021387 #1052900 #1180314 #971784 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for vsftpd fixes the following issues: - Fix several issues related to SSL/TLS support (bsc#1021387) - Fix a seccomp failure that used to occur in FIPS mode when SSL is enabled (bsc#1052900) - Fix seccomp bug where the process would hang trying access syslog (bsc#971784) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-187=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): vsftpd-3.0.3-12.6.1 vsftpd-debuginfo-3.0.3-12.6.1 vsftpd-debugsource-3.0.3-12.6.1 References: https://bugzilla.suse.com/1021387 https://bugzilla.suse.com/1052900 https://bugzilla.suse.com/1180314 https://bugzilla.suse.com/971784 From sle-updates at lists.suse.com Thu Feb 17 20:16:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 21:16:49 +0100 (CET) Subject: SUSE-RU-2022:0483-1: moderate: Recommended update for resource-agents Message-ID: <20220217201649.D8152F355@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0483-1 Rating: moderate References: #1194502 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed an issue when resource agent prints warning regarding unproper error handling in cloud network issues. (bsc#1194502) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-483=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-483=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.89.1 resource-agents-4.3.018.a7fb5035-3.89.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.89.1 resource-agents-debugsource-4.3.018.a7fb5035-3.89.1 - SUSE Linux Enterprise High Availability 12-SP5 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.89.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.89.1 resource-agents-4.3.018.a7fb5035-3.89.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.89.1 resource-agents-debugsource-4.3.018.a7fb5035-3.89.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.89.1 References: https://bugzilla.suse.com/1194502 From sle-updates at lists.suse.com Thu Feb 17 20:17:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Feb 2022 21:17:21 +0100 (CET) Subject: SUSE-FU-2022:0482-1: moderate: Feature update for libreoffice Message-ID: <20220217201721.75879F368@maintenance.suse.de> SUSE Feature Update: Feature update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0482-1 Rating: moderate References: #1180479 #1183308 #1183655 #1187982 #1189813 SLE-18214 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 ______________________________________________________________________________ An update that has 5 feature fixes and contains one feature can now be installed. Description: This update for libreoffice fixes the following issues: Update LibreOffice from version 7.1.4.2 to 7.2.3.2 (jsc#SLE-18214) - Improve the rendering and loading rendering of shapes. (bsc#1183308) - Removed unrecognized option `--disable-vlc` This option has been removed from upstream in commit https://gerrit.libreoffice.org/c/core/+/108283 There's no real change in our build given that the VLC avmedia backend was explicitly disabled. - Fix gtk popover usage on gtk 3.20 - Revert upstream commit https://gerrit.libreoffice.org/c/core/+/116884 - Fix generated list of files for python scripts - Updating some LibreOffice buildrequires - Fix UI scaling on HIDPI Wayland/KDE screens - Fix inteaction between multi-column shape text and automatic height. (bsc#1187982) - Fix interaction of transparent cell fill and transparent shadow. (bsc#1189813) - Use vendored boost for all codestreams except Tumbleweed. Update boost vendored version. - Add vendored poppler to use for all codestreams except Tumbleweed. - Keep upstream desktop file names (bsc#1183655) and display math icon (bsc#1180479) - Source profile.d/alljava.sh from either /etc (if found) or /usr/etc). Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-482=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-482=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libreoffice-7.2.3.2-150300.14.22.15.3 libreoffice-base-7.2.3.2-150300.14.22.15.3 libreoffice-base-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-base-drivers-postgresql-7.2.3.2-150300.14.22.15.3 libreoffice-base-drivers-postgresql-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-calc-7.2.3.2-150300.14.22.15.3 libreoffice-calc-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-calc-extensions-7.2.3.2-150300.14.22.15.3 libreoffice-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-debugsource-7.2.3.2-150300.14.22.15.3 libreoffice-draw-7.2.3.2-150300.14.22.15.3 libreoffice-draw-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-filters-optional-7.2.3.2-150300.14.22.15.3 libreoffice-gnome-7.2.3.2-150300.14.22.15.3 libreoffice-gnome-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-gtk3-7.2.3.2-150300.14.22.15.3 libreoffice-gtk3-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-impress-7.2.3.2-150300.14.22.15.3 libreoffice-impress-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-mailmerge-7.2.3.2-150300.14.22.15.3 libreoffice-math-7.2.3.2-150300.14.22.15.3 libreoffice-math-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-officebean-7.2.3.2-150300.14.22.15.3 libreoffice-officebean-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-pyuno-7.2.3.2-150300.14.22.15.3 libreoffice-pyuno-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-writer-7.2.3.2-150300.14.22.15.3 libreoffice-writer-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-writer-extensions-7.2.3.2-150300.14.22.15.3 libreofficekit-7.2.3.2-150300.14.22.15.3 - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): libreoffice-branding-upstream-7.2.3.2-150300.14.22.15.3 libreoffice-icon-themes-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-af-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ar-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-as-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-bg-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-bn-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-br-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ca-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ckb-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-cs-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-cy-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-da-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-de-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-dz-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-el-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-en-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-eo-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-es-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-et-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-eu-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-fa-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-fi-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-fr-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-fur-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ga-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-gl-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-gu-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-he-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-hi-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-hr-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-hu-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-it-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ja-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-kk-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-kn-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ko-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-lt-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-lv-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-mai-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ml-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-mr-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-nb-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-nl-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-nn-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-nr-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-nso-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-or-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-pa-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-pl-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-pt_BR-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-pt_PT-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ro-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ru-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-si-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sk-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sl-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sr-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ss-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-st-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sv-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ta-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-te-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-th-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-tn-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-tr-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ts-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-uk-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ve-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-xh-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-zh_CN-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-zh_TW-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-zu-7.2.3.2-150300.14.22.15.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le): libreoffice-7.2.3.2-150300.14.22.15.3 libreoffice-base-7.2.3.2-150300.14.22.15.3 libreoffice-base-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-base-drivers-postgresql-7.2.3.2-150300.14.22.15.3 libreoffice-base-drivers-postgresql-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-calc-7.2.3.2-150300.14.22.15.3 libreoffice-calc-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-calc-extensions-7.2.3.2-150300.14.22.15.3 libreoffice-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-debugsource-7.2.3.2-150300.14.22.15.3 libreoffice-draw-7.2.3.2-150300.14.22.15.3 libreoffice-draw-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-filters-optional-7.2.3.2-150300.14.22.15.3 libreoffice-gnome-7.2.3.2-150300.14.22.15.3 libreoffice-gnome-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-gtk3-7.2.3.2-150300.14.22.15.3 libreoffice-gtk3-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-impress-7.2.3.2-150300.14.22.15.3 libreoffice-impress-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-librelogo-7.2.3.2-150300.14.22.15.3 libreoffice-mailmerge-7.2.3.2-150300.14.22.15.3 libreoffice-math-7.2.3.2-150300.14.22.15.3 libreoffice-math-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-officebean-7.2.3.2-150300.14.22.15.3 libreoffice-officebean-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-pyuno-7.2.3.2-150300.14.22.15.3 libreoffice-pyuno-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-qt5-7.2.3.2-150300.14.22.15.3 libreoffice-qt5-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-sdk-7.2.3.2-150300.14.22.15.3 libreoffice-sdk-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-sdk-doc-7.2.3.2-150300.14.22.15.3 libreoffice-writer-7.2.3.2-150300.14.22.15.3 libreoffice-writer-debuginfo-7.2.3.2-150300.14.22.15.3 libreoffice-writer-extensions-7.2.3.2-150300.14.22.15.3 libreofficekit-7.2.3.2-150300.14.22.15.3 libreofficekit-devel-7.2.3.2-150300.14.22.15.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): libreoffice-branding-upstream-7.2.3.2-150300.14.22.15.3 libreoffice-gdb-pretty-printers-7.2.3.2-150300.14.22.15.3 libreoffice-glade-7.2.3.2-150300.14.22.15.3 libreoffice-icon-themes-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-af-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-am-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ar-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-as-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ast-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-be-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-bg-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-bn-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-bn_IN-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-bo-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-br-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-brx-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-bs-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ca-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ca_valencia-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ckb-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-cs-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-cy-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-da-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-de-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-dgo-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-dsb-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-dz-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-el-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-en-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-en_GB-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-en_ZA-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-eo-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-es-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-et-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-eu-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-fa-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-fi-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-fr-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-fur-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-fy-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ga-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-gd-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-gl-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-gu-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-gug-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-he-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-hi-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-hr-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-hsb-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-hu-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-id-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-is-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-it-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ja-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ka-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-kab-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-kk-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-km-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-kmr_Latn-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-kn-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ko-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-kok-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ks-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-lb-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-lo-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-lt-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-lv-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-mai-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-mk-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ml-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-mn-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-mni-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-mr-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-my-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-nb-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ne-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-nl-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-nn-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-nr-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-nso-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-oc-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-om-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-or-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-pa-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-pl-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-pt_BR-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-pt_PT-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ro-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ru-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-rw-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sa_IN-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sat-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sd-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-si-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sid-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sk-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sl-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sq-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sr-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ss-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-st-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sv-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-sw_TZ-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-szl-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ta-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-te-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-tg-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-th-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-tn-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-tr-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ts-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-tt-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ug-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-uk-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-uz-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-ve-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-vec-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-vi-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-xh-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-zh_CN-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-zh_TW-7.2.3.2-150300.14.22.15.3 libreoffice-l10n-zu-7.2.3.2-150300.14.22.15.3 References: https://bugzilla.suse.com/1180479 https://bugzilla.suse.com/1183308 https://bugzilla.suse.com/1183655 https://bugzilla.suse.com/1187982 https://bugzilla.suse.com/1189813 From sle-updates at lists.suse.com Thu Feb 17 23:16:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 00:16:46 +0100 (CET) Subject: SUSE-SU-2022:0150-2: important: Security update for aide Message-ID: <20220217231646.7516EF369@maintenance.suse.de> SUSE Security Update: Security update for aide ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0150-2 Rating: important References: #1194735 Cross-References: CVE-2021-45417 CVSS scores: CVE-2021-45417 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-150=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 References: https://www.suse.com/security/cve/CVE-2021-45417.html https://bugzilla.suse.com/1194735 From sle-updates at lists.suse.com Thu Feb 17 23:18:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 00:18:21 +0100 (CET) Subject: SUSE-SU-2022:0052-2: important: Security update for libsndfile Message-ID: <20220217231821.0980CF369@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0052-2 Rating: important References: #1194006 Cross-References: CVE-2021-4156 CVSS scores: CVE-2021-4156 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-52=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 References: https://www.suse.com/security/cve/CVE-2021-4156.html https://bugzilla.suse.com/1194006 From sle-updates at lists.suse.com Thu Feb 17 23:19:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 00:19:17 +0100 (CET) Subject: SUSE-RU-2022:0186-2: moderate: Recommended update for gdm Message-ID: <20220217231917.EBC6AF369@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0186-2 Rating: moderate References: #1190230 #1192177 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gdm fixes the following issues: -Fixed an issue when X server does not restart after using "ctrl-alt-backspace". (bsc#1190230) -Fixed an issue when Xorg does not log to 'var/log/Xorg.*.log'. (bsc#1192177) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-186=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): gdm-lang-3.34.1-8.21.3 gdm-systemd-3.34.1-8.21.3 gdmflexiserver-3.34.1-8.21.3 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): gdm-3.34.1-8.21.3 gdm-debuginfo-3.34.1-8.21.3 gdm-debugsource-3.34.1-8.21.3 gdm-devel-3.34.1-8.21.3 libgdm1-3.34.1-8.21.3 libgdm1-debuginfo-3.34.1-8.21.3 typelib-1_0-Gdm-1_0-3.34.1-8.21.3 References: https://bugzilla.suse.com/1190230 https://bugzilla.suse.com/1192177 From sle-updates at lists.suse.com Fri Feb 18 08:06:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 09:06:53 +0100 (CET) Subject: SUSE-CU-2022:178-1: Recommended update of suse/sle15 Message-ID: <20220218080653.1688BF369@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:178-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.512 Container Release : 4.22.512 Severity : moderate Type : recommended References : 1195326 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:474-1 Released: Thu Feb 17 10:30:14 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. The following package changes have been done: - libzypp-17.29.4-3.90.1 updated - zypper-1.14.51-3.66.1 updated From sle-updates at lists.suse.com Fri Feb 18 08:17:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 09:17:15 +0100 (CET) Subject: SUSE-FU-2022:0484-1: important: Feature update for tcl and tk Message-ID: <20220218081715.D25F2F369@maintenance.suse.de> SUSE Feature Update: Feature update for tcl and tk ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0484-1 Rating: important References: #1072657 #1085480 #1138797 #1179615 #1181840 #1185662 #1195257 SLE-21015 SLE-23283 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability, contains two features and has 6 fixes is now available. Description: This feature update for tcl and tk fix the following issues: Update tcl and tk to version 8.6.12 (jsc#SLE-21015, jsc#SLE-23283): - Move tcl.macros to /usr/lib/rpm/macros.d (bsc#1185662) - Use FAT LTO objects in order to provide proper static library (bsc#1138797) - Fix tcl build issues on s390 architecture (bnc#1085480) - Fix tcl build issues caused by deprecated libieee in tcl configs (bsc#1179615, bsc#1181840) - Whitelist PowerPC tests that are not needed (bsc#1072657) - Add [combobox current] support "end" index - Add fixes in [text] bindings - Add missing "deferred clear code" support to GIF photo images - Add new virtual event <> - Add new keycodes: CodeInput, SingleCandidate, MultipleCandidate, PreviousCandidate - Add new support for POSIX error: EILSEQ - Add new command [tcl::unsupported::corotype] - Add new command [tcl::unsupported::timerate] for performance testing - Add new option -state to [ttk::scale] - Add portable keycodes: OE, oe, Ydiaeresis - Add support for backrefs in [array names -regexp] - Add support for Unicode 14 - Disfavor Master/Slave terminology - Enhance [oo::object] to acquire or lose a class identity dynamically - Fix canvas rotated text overlap detection - Fix canvas closed polylines yo fully honor -joinstyle - Fix display of Long non-wrapped lines in text - Fix display treeview focus ring when -selectmode none - Fix focus events not to break entry validation - Fix [package prefer stable] failing case - Fix auto_path initialization by Safe Base interps - Fix bad interaction between grab and mouse pointer warp - Fix borderwidth calculations on menu items - Fix cascade tearoff menu redraw artifacts - Fix coords rounding when drawing canvas items - Fix corrupt result from [$c postscript] with -file or -channel - Fix errno management in socket full close - Fix failure when a [proc] argument name is computed, not literal - Fix focus on unmapped windows - Fix handling of duplicates in spinbox -values list - Fix incomplete read of multi-image GIF - Fix initialization order of static package in wish - Fix issue when trying to display angled text without Xft - Fix issue with font initialization when no font is installed - Fix problems with Noto Color Emoji font - Fix race conditions in [file delete] and [file mkdir] - Fix Std channel initialization for multi-thread operations - Fix tearoff menu redraw artifacts - Fix up arrow key in [text] to correctly move cursor to index 1.0 - Fix various cursor issues - Fix various encoding issues - Fix various fontchooser issues - Fix various issues causing crashes and hang in - Fix various memory issues - Fix various scrolling bugs and add improvements - Fix 32/64-bit confusion of FS DIR operations reported for AIX - Improve appearance of text selection in [*entry] widgets - Improve checkbutton handling of -selectcolor - Improve handling of resolution changes - Improve multi-thread safety when Xft is in use - Improve ttk high-contrast-mode support - Improve emoji support - Improve legacy support for [tk_setPalette] - Make combobox -postoffset option work with default style - Make spinbox use proper names in query of option database - Menu flaws when empty menubar clicked - New index argument in [$menubutton post x y index] - Preserve canvas tag list order during add/delete - Prevent cross-manager loops of geom management - Rewrite of zlib inflation for multi-stream and completeness - Run fileevents in proper thread after [thread::attach $channel] - Stop [unload] corruption of list of loaded packages - Stop app switching exposing withdrawn windows as zombies - Tk now denied access to PRIMARY selection from safe interps - TkpDrawAngledCharsInContext leaked a CGColor - Try to restore Tcl's [update] command when Tk is unloaded - Changed [info * methods] to include mixins - [package require] is now NR-enabled The following fixes might show some potential incompatibilities with existing software: - Revised [binary (en|de)code base64] for RFC compliance and roundtrip - Fix precision of Tcl_DStringAppendElement quoting of # - Extended [clock scan] ISO format and time zone support - Allow for select/copy from disabled text widget on all platforms - Revised case of [info loaded] module names - [info hostname] reports DNS name, not NetBIOS name - Force -eofchar \032 when evaluating library scripts - Revised error messages: "too few" => "not enough" - Performed rewrite of Tk event loop to prevent ring overflow - Refactored all MouseWheel bindings - Revised precision of ::scale widget tick mark values - Prevent transient window cycles (crashed on Aqua) - Builds no longer use -lieee - Quoting of command line arguments by [exec] on Windows revised. Prior quoting rules left holes where some values would not pass through, but could trigger substitutions or program execution. See https://core.tcl-lang.org/tcl/info/21b0629c81 - [lreplace] accepts all out-of-range index values Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-484=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-484=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): tcl-debuginfo-8.6.12-11.3.1 tcl-debugsource-8.6.12-11.3.1 tcl-devel-8.6.12-11.3.1 tk-debuginfo-8.6.12-11.3.1 tk-debugsource-8.6.12-11.3.1 tk-devel-8.6.12-11.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): tcl-8.6.12-11.3.1 tcl-debuginfo-8.6.12-11.3.1 tcl-debugsource-8.6.12-11.3.1 tk-8.6.12-11.3.1 tk-debuginfo-8.6.12-11.3.1 tk-debugsource-8.6.12-11.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): tcl-32bit-8.6.12-11.3.1 tcl-debuginfo-32bit-8.6.12-11.3.1 tk-32bit-8.6.12-11.3.1 tk-debuginfo-32bit-8.6.12-11.3.1 References: https://www.suse.com/security/cve/CVE-2021-35331.html https://bugzilla.suse.com/1072657 https://bugzilla.suse.com/1085480 https://bugzilla.suse.com/1138797 https://bugzilla.suse.com/1179615 https://bugzilla.suse.com/1181840 https://bugzilla.suse.com/1185662 https://bugzilla.suse.com/1195257 From sle-updates at lists.suse.com Fri Feb 18 08:18:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 09:18:06 +0100 (CET) Subject: SUSE-RU-2022:0485-1: moderate: Recommended update for tomcat Message-ID: <20220218081806.34553F369@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0485-1 Rating: moderate References: #1193569 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tomcat fixes the following issues: - Fix Null Pointer Exception in JNDIRealm, when userRoleAttribute is not set (bsc#1193569) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-485=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-485=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-485=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-485=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-485=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-485=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-485=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-485=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-485=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-485=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-485=1 Package List: - SUSE Manager Server 4.1 (noarch): tomcat-9.0.36-16.1 tomcat-admin-webapps-9.0.36-16.1 tomcat-el-3_0-api-9.0.36-16.1 tomcat-jsp-2_3-api-9.0.36-16.1 tomcat-lib-9.0.36-16.1 tomcat-servlet-4_0-api-9.0.36-16.1 tomcat-webapps-9.0.36-16.1 - SUSE Manager Retail Branch Server 4.1 (noarch): tomcat-9.0.36-16.1 tomcat-admin-webapps-9.0.36-16.1 tomcat-el-3_0-api-9.0.36-16.1 tomcat-jsp-2_3-api-9.0.36-16.1 tomcat-lib-9.0.36-16.1 tomcat-servlet-4_0-api-9.0.36-16.1 tomcat-webapps-9.0.36-16.1 - SUSE Manager Proxy 4.1 (noarch): tomcat-9.0.36-16.1 tomcat-admin-webapps-9.0.36-16.1 tomcat-el-3_0-api-9.0.36-16.1 tomcat-jsp-2_3-api-9.0.36-16.1 tomcat-lib-9.0.36-16.1 tomcat-servlet-4_0-api-9.0.36-16.1 tomcat-webapps-9.0.36-16.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): tomcat-9.0.36-16.1 tomcat-admin-webapps-9.0.36-16.1 tomcat-el-3_0-api-9.0.36-16.1 tomcat-jsp-2_3-api-9.0.36-16.1 tomcat-lib-9.0.36-16.1 tomcat-servlet-4_0-api-9.0.36-16.1 tomcat-webapps-9.0.36-16.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): tomcat-9.0.36-16.1 tomcat-admin-webapps-9.0.36-16.1 tomcat-el-3_0-api-9.0.36-16.1 tomcat-jsp-2_3-api-9.0.36-16.1 tomcat-lib-9.0.36-16.1 tomcat-servlet-4_0-api-9.0.36-16.1 tomcat-webapps-9.0.36-16.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): tomcat-9.0.36-16.1 tomcat-admin-webapps-9.0.36-16.1 tomcat-el-3_0-api-9.0.36-16.1 tomcat-jsp-2_3-api-9.0.36-16.1 tomcat-lib-9.0.36-16.1 tomcat-servlet-4_0-api-9.0.36-16.1 tomcat-webapps-9.0.36-16.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch): tomcat-9.0.36-16.1 tomcat-admin-webapps-9.0.36-16.1 tomcat-el-3_0-api-9.0.36-16.1 tomcat-jsp-2_3-api-9.0.36-16.1 tomcat-lib-9.0.36-16.1 tomcat-servlet-4_0-api-9.0.36-16.1 tomcat-webapps-9.0.36-16.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): tomcat-9.0.36-16.1 tomcat-admin-webapps-9.0.36-16.1 tomcat-el-3_0-api-9.0.36-16.1 tomcat-jsp-2_3-api-9.0.36-16.1 tomcat-lib-9.0.36-16.1 tomcat-servlet-4_0-api-9.0.36-16.1 tomcat-webapps-9.0.36-16.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): tomcat-9.0.36-16.1 tomcat-admin-webapps-9.0.36-16.1 tomcat-el-3_0-api-9.0.36-16.1 tomcat-jsp-2_3-api-9.0.36-16.1 tomcat-lib-9.0.36-16.1 tomcat-servlet-4_0-api-9.0.36-16.1 tomcat-webapps-9.0.36-16.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): tomcat-9.0.36-16.1 tomcat-admin-webapps-9.0.36-16.1 tomcat-el-3_0-api-9.0.36-16.1 tomcat-jsp-2_3-api-9.0.36-16.1 tomcat-lib-9.0.36-16.1 tomcat-servlet-4_0-api-9.0.36-16.1 tomcat-webapps-9.0.36-16.1 - SUSE Enterprise Storage 7 (noarch): tomcat-9.0.36-16.1 tomcat-admin-webapps-9.0.36-16.1 tomcat-el-3_0-api-9.0.36-16.1 tomcat-jsp-2_3-api-9.0.36-16.1 tomcat-lib-9.0.36-16.1 tomcat-servlet-4_0-api-9.0.36-16.1 tomcat-webapps-9.0.36-16.1 References: https://bugzilla.suse.com/1193569 From sle-updates at lists.suse.com Fri Feb 18 11:18:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 12:18:14 +0100 (CET) Subject: SUSE-RU-2022:0487-1: moderate: Recommended update for transactional-update Message-ID: <20220218111814.4824CF371@maintenance.suse.de> SUSE Recommended Update: Recommended update for transactional-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0487-1 Rating: moderate References: #1133891 #1149131 #1177149 #1183521 #1183539 #1183856 #1184529 #1185224 #1185226 #1185625 #1185766 #1186213 #1186775 #1186842 #1188110 #1188322 #1188648 #1189728 #1189807 #1190383 #1190574 #1190788 #1191475 #1191945 #1192078 #1192242 #1192302 Affected Products: SUSE Linux Enterprise Module for Transactional Server 15-SP3 ______________________________________________________________________________ An update that has 27 recommended fixes can now be installed. Description: This update for transactional-update fixes the following issues: - Version 3.6.2 - Bind mount root file system snapshot on itself, this makes the temporary directory in '/tmp' unnecessary; also fixes to return the correct snapshot's working directory via API call. (bsc#1188110) - Use separate mount namespace for transactional-update; this should fix several applications that fail to run if a mount point has the 'unbindable' mount flag set - Version 3.6.1 - Fix rsyncing '/etc' into the running system with '--drop-if-no-change'. (bsc#1192242) - Version 3.6.0 - Simplify mount hierarchy by just using a single slave bind mount as the root of the update environment; this may avoid the error messages of failed unmounts. (bsc#1191945) - Version 3.5.7 Various fixes affecting Salt support: - t-u: Don't squash stderr messages into stdout - t-u: Correctly handle case when the snapshot has been deleted due to using --drop-if-no-change: Don't show reboot messages and avoid an awk error message. (bsc#1191475) - tukit: Make inotify handler less sensitive / ignore more directories (bsc#1191475) - Version 3.5.6 - tukit: Add S/390 bootloader support (bsc#1189807) - t-u: support purge-kernels with t-u patch (bsc#1190788) - Version 3.5.5 - t-u: Use tukit for SUSEConnect call (bsc#1190574) Correctly registers repositories - Version 3.5.4 - tukit: Fix resolved support (bsc#1190383) - Version 3.5.3 - t-u: Purge kernels as part of package operations Required for live patching support (bsc#1189728) - Version 3.5.2 - tukit: Fix overlay syncing errors with SELinux (bsc#1188648) - Don't print message for `shell` with --quiet - Version 3.5.1 - t-u: Disable status file generation by default The new experimental `status` command requires the availability of /etc/YaST2/control.xml, which is not present on all systems. Hide the creation of the corresponding status file behind a new EXPERIMENTAL_STATUS option to try out this functionality. - Increase library version - Version 3.5.0 - Add alias setDiscardIfUnchanged for setDiscard. The old method name wasn't really clear and will be removed if we should have an API break in the future - Replace 'mkinitrd' with direct dracut call. (bsc#1186213) - tukit: Add configuration file support (/etc/tukit.conf) - Allow users to configure additional bind mounts (see /usr/etc/tukit.conf for an example and limitations). (bsc#1188322) - Add 'transactional-update status' call. This is a POC for obtaining a hash of a system to verify its integrity. - Internal bugfixes / optimizations - Version 3.4.0 - Apply 'SElinux' context on '/etc' in transaction. (bsc#1185625, bsc#1185766, bsc#1186842, bsc#1186775) - Implement inotify handling in C instead of Bash; this makes the --drop-if-no-change option work on SLE Micro. (bsc#1184529) - Use `tukit call` for up, dup and patch to allow resuming an update after zypper updated itself in the snapshot. (bsc#1185226) - Fix obsolete output type messages in 'initrd'. (bsc#1177149) - Make different base snapshot warning more visible. (bsc#1185224) - Version 3.3.0 - Add support for more package managers by bind mounting their directories - Support snapshots without dedicated overlay [bsc#1183539], (bsc#1183539) - Link RPM database correctly with older zypper versions (bsc#1183521) - Don't discard manual changes in fstab (bsc#1183856, bsc#1192302) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Transactional Server 15-SP3: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2022-487=1 Package List: - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64): libtukit0-3.6.2-150300.3.3.1 libtukit0-debuginfo-3.6.2-150300.3.3.1 transactional-update-3.6.2-150300.3.3.1 transactional-update-debuginfo-3.6.2-150300.3.3.1 transactional-update-debugsource-3.6.2-150300.3.3.1 tukit-3.6.2-150300.3.3.1 tukit-debuginfo-3.6.2-150300.3.3.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (noarch): dracut-transactional-update-3.6.2-150300.3.3.1 transactional-update-zypp-config-3.6.2-150300.3.3.1 References: https://bugzilla.suse.com/1133891 https://bugzilla.suse.com/1149131 https://bugzilla.suse.com/1177149 https://bugzilla.suse.com/1183521 https://bugzilla.suse.com/1183539 https://bugzilla.suse.com/1183856 https://bugzilla.suse.com/1184529 https://bugzilla.suse.com/1185224 https://bugzilla.suse.com/1185226 https://bugzilla.suse.com/1185625 https://bugzilla.suse.com/1185766 https://bugzilla.suse.com/1186213 https://bugzilla.suse.com/1186775 https://bugzilla.suse.com/1186842 https://bugzilla.suse.com/1188110 https://bugzilla.suse.com/1188322 https://bugzilla.suse.com/1188648 https://bugzilla.suse.com/1189728 https://bugzilla.suse.com/1189807 https://bugzilla.suse.com/1190383 https://bugzilla.suse.com/1190574 https://bugzilla.suse.com/1190788 https://bugzilla.suse.com/1191475 https://bugzilla.suse.com/1191945 https://bugzilla.suse.com/1192078 https://bugzilla.suse.com/1192242 https://bugzilla.suse.com/1192302 From sle-updates at lists.suse.com Fri Feb 18 11:20:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 12:20:38 +0100 (CET) Subject: SUSE-RU-2022:0486-1: important: Recommended update for release-notes-sles Message-ID: <20220218112038.14CE0F371@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0486-1 Rating: important References: #1186415 #1195107 #933411 SLE-13242 SLE-20554 SLE-22662 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has three recommended fixes and contains three features can now be installed. Description: This update for release-notes-sles fixes the following issues: - 15.2.20220202 (tracked in bsc#933411) - Added kernel parameter change (bsc#1195107) - Added note about deprecating XFS V4 (jsc#SLE-22662) - Added note about ODBC driver location (jsc#SLE-13242) - Added note about unixODBC drivers in production (jsc#SLE-20554) - Added note about GNOME and vncserver (bsc#1186415) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-486=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-486=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-486=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-486=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-486=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-486=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-486=1 Package List: - SUSE Manager Server 4.1 (noarch): release-notes-sles-15.2.20220202-3.34.1 - SUSE Manager Retail Branch Server 4.1 (noarch): release-notes-sles-15.2.20220202-3.34.1 - SUSE Manager Proxy 4.1 (noarch): release-notes-sles-15.2.20220202-3.34.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): release-notes-sles-15.2.20220202-3.34.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): release-notes-sles-15.2.20220202-3.34.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): release-notes-sles-15.2.20220202-3.34.1 - SUSE Enterprise Storage 7 (noarch): release-notes-sles-15.2.20220202-3.34.1 References: https://bugzilla.suse.com/1186415 https://bugzilla.suse.com/1195107 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Fri Feb 18 11:21:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 12:21:21 +0100 (CET) Subject: SUSE-RU-2022:0488-1: moderate: Recommended update for libpwquality Message-ID: <20220218112121.E6788F371@maintenance.suse.de> SUSE Recommended Update: Recommended update for libpwquality ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0488-1 Rating: moderate References: SLE-22182 SLE-22490 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for libpwquality fixes the following issues: - Replace %make_build with "make -O %{?_smp_mflags}" for pre-SLE15 builds. (jsc#SLE-22490) - update to 1.4.4 * Fix regression with enabling cracklib check * Use make macros in rpm spec file * Translated using Weblate (Polish, Turkish, Ukrainian) - update to 1.4.3 * Update translation files * Add '--disable-cracklib-check' configure parameter * fixup static compilation * python: Add missing getters/setters for newly added settings * Add usersubstr check * pam_pwquality: Add debug message for the local_users_only option * Fix some gcc warnings * pwmake: Properly validate the bits parameter. * we use Fedora Weblate now * Translated using Weblate (Azerbaijani, Bulgarian, Chinese (Simplified), Czech, French, Friulian, Hungarian, Italian, Japanese, Norwegian Bokm??l, Persian, Russian, Spanish, Turkish) - update to 1.4.2: * Fix regression in handling retry, enforce_for_root, and local_users_only options introduced with the previous release. - Register with pam-config in %post(un) - Add baselibs.conf - Update to version 1.4.1: - Use modern macros. - Do not recommend lang package. The lang package already has supplements. - Modernize spec-file by calling spec-cleaner - Update RPM groups and summaries. - Switch url to https://github.com/libpwquality/libpwquality/ - Update to release 1.4.0: * Fix possible buffer overflow with data from /dev/urandom in pwquality_generate(). * Do not try to check presence of too short username in password. (thanks to Nikos Mavrogiannopoulos) * Make the user name check optional (via usercheck option). * Add an 'enforcing' option to make the checks to be warning-only in PAM. * The difok = 0 setting will disable all old password similarity checks except new and old passwords being identical. * Updated translations from Zanata. - Make python3 default and enable py2 only when needed - Build python3 version of bindings as well Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-488=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-488=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-488=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-488=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-488=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-488=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-488=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-488=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-488=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-488=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-488=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-488=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-488=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpwquality-debugsource-1.4.4-8.4.1 libpwquality1-1.4.4-8.4.1 libpwquality1-debuginfo-1.4.4-8.4.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): libpwquality-lang-1.4.4-8.4.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libpwquality-lang-1.4.4-8.4.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpwquality-debugsource-1.4.4-8.4.1 libpwquality1-1.4.4-8.4.1 libpwquality1-debuginfo-1.4.4-8.4.1 - SUSE OpenStack Cloud 9 (noarch): libpwquality-lang-1.4.4-8.4.1 - SUSE OpenStack Cloud 9 (x86_64): libpwquality-debugsource-1.4.4-8.4.1 libpwquality1-1.4.4-8.4.1 libpwquality1-debuginfo-1.4.4-8.4.1 - SUSE OpenStack Cloud 8 (x86_64): libpwquality-debugsource-1.4.4-8.4.1 libpwquality1-1.4.4-8.4.1 libpwquality1-debuginfo-1.4.4-8.4.1 - SUSE OpenStack Cloud 8 (noarch): libpwquality-lang-1.4.4-8.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libpwquality-debugsource-1.4.4-8.4.1 libpwquality-devel-1.4.4-8.4.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpwquality-debugsource-1.4.4-8.4.1 libpwquality1-1.4.4-8.4.1 libpwquality1-debuginfo-1.4.4-8.4.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libpwquality-lang-1.4.4-8.4.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpwquality-debugsource-1.4.4-8.4.1 libpwquality1-1.4.4-8.4.1 libpwquality1-debuginfo-1.4.4-8.4.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libpwquality-lang-1.4.4-8.4.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpwquality-debugsource-1.4.4-8.4.1 libpwquality1-1.4.4-8.4.1 libpwquality1-debuginfo-1.4.4-8.4.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libpwquality-lang-1.4.4-8.4.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpwquality-debugsource-1.4.4-8.4.1 libpwquality1-1.4.4-8.4.1 libpwquality1-debuginfo-1.4.4-8.4.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libpwquality-lang-1.4.4-8.4.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpwquality-debugsource-1.4.4-8.4.1 libpwquality1-1.4.4-8.4.1 libpwquality1-debuginfo-1.4.4-8.4.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libpwquality-lang-1.4.4-8.4.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): libpwquality-lang-1.4.4-8.4.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpwquality-debugsource-1.4.4-8.4.1 libpwquality1-1.4.4-8.4.1 libpwquality1-debuginfo-1.4.4-8.4.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpwquality-debugsource-1.4.4-8.4.1 libpwquality1-1.4.4-8.4.1 libpwquality1-debuginfo-1.4.4-8.4.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libpwquality-lang-1.4.4-8.4.1 - HPE Helion Openstack 8 (x86_64): libpwquality-debugsource-1.4.4-8.4.1 libpwquality1-1.4.4-8.4.1 libpwquality1-debuginfo-1.4.4-8.4.1 - HPE Helion Openstack 8 (noarch): libpwquality-lang-1.4.4-8.4.1 References: From sle-updates at lists.suse.com Fri Feb 18 14:20:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:20:55 +0100 (CET) Subject: SUSE-SU-2022:14890-1: moderate: Security update for tcpdump Message-ID: <20220218142055.F1F5DF372@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14890-1 Rating: moderate References: #1195825 Cross-References: CVE-2018-16301 CVSS scores: CVE-2018-16301 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-tcpdump-14890=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-tcpdump-14890=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tcpdump-14890=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-tcpdump-14890=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): tcpdump-3.9.8-1.30.19.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): tcpdump-3.9.8-1.30.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): tcpdump-debuginfo-3.9.8-1.30.19.1 tcpdump-debugsource-3.9.8-1.30.19.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): tcpdump-debuginfo-3.9.8-1.30.19.1 tcpdump-debugsource-3.9.8-1.30.19.1 References: https://www.suse.com/security/cve/CVE-2018-16301.html https://bugzilla.suse.com/1195825 From sle-updates at lists.suse.com Fri Feb 18 14:21:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:21:30 +0100 (CET) Subject: SUSE-SU-2022:14888-1: important: Security update for tiff Message-ID: <20220218142130.72DD9F371@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14888-1 Rating: important References: #1156749 #1156754 #1182808 #1182809 #1182811 #1182812 Cross-References: CVE-2015-8665 CVE-2015-8683 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 CVSS scores: CVE-2015-8665 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2015-8683 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-35521 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35521 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2020-35522 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35522 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2020-35523 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-35523 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2020-35524 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-35524 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2015-8683: Fixed out-of-bounds when reading CIE Lab image format files (bsc#1156754). - CVE-2015-8665: Fixed out-of-bounds read in tif_getimage.c (bsc#1156749). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-tiff-14888=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-tiff-14888=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tiff-14888=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-tiff-14888=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libtiff3-3.8.2-141.169.34.1 tiff-3.8.2-141.169.34.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.169.34.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libtiff3-3.8.2-141.169.34.1 tiff-3.8.2-141.169.34.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.169.34.1 tiff-debugsource-3.8.2-141.169.34.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): tiff-debuginfo-3.8.2-141.169.34.1 tiff-debugsource-3.8.2-141.169.34.1 References: https://www.suse.com/security/cve/CVE-2015-8665.html https://www.suse.com/security/cve/CVE-2015-8683.html https://www.suse.com/security/cve/CVE-2020-35521.html https://www.suse.com/security/cve/CVE-2020-35522.html https://www.suse.com/security/cve/CVE-2020-35523.html https://www.suse.com/security/cve/CVE-2020-35524.html https://bugzilla.suse.com/1156749 https://bugzilla.suse.com/1156754 https://bugzilla.suse.com/1182808 https://bugzilla.suse.com/1182809 https://bugzilla.suse.com/1182811 https://bugzilla.suse.com/1182812 From sle-updates at lists.suse.com Fri Feb 18 14:22:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:22:30 +0100 (CET) Subject: SUSE-SU-2022:0210-2: Security update for qemu Message-ID: <20220218142230.CE383F371@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0210-2 Rating: low References: #1172033 #1181361 Cross-References: CVE-2020-13253 CVE-2021-20196 CVSS scores: CVE-2020-13253 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-13253 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-20196 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-20196 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for qemu fixes the following issues: - CVE-2020-13253: Fixed an OOB access that could crash the guest resulting in DoS (bsc#1172033) - CVE-2021-20196: Fixed null pointer dereference that may lead to guest crash (bsc#1181361). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-210=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): qemu-ipxe-1.0.0+-11.34.2 qemu-microvm-4.2.1-11.34.2 qemu-seabios-1.12.1+-11.34.2 qemu-sgabios-8-11.34.2 qemu-vgabios-1.12.1+-11.34.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): qemu-4.2.1-11.34.2 qemu-audio-alsa-4.2.1-11.34.2 qemu-audio-alsa-debuginfo-4.2.1-11.34.2 qemu-audio-pa-4.2.1-11.34.2 qemu-audio-pa-debuginfo-4.2.1-11.34.2 qemu-block-curl-4.2.1-11.34.2 qemu-block-curl-debuginfo-4.2.1-11.34.2 qemu-block-iscsi-4.2.1-11.34.2 qemu-block-iscsi-debuginfo-4.2.1-11.34.2 qemu-block-rbd-4.2.1-11.34.2 qemu-block-rbd-debuginfo-4.2.1-11.34.2 qemu-block-ssh-4.2.1-11.34.2 qemu-block-ssh-debuginfo-4.2.1-11.34.2 qemu-debuginfo-4.2.1-11.34.2 qemu-debugsource-4.2.1-11.34.2 qemu-guest-agent-4.2.1-11.34.2 qemu-guest-agent-debuginfo-4.2.1-11.34.2 qemu-kvm-4.2.1-11.34.2 qemu-lang-4.2.1-11.34.2 qemu-tools-4.2.1-11.34.2 qemu-tools-debuginfo-4.2.1-11.34.2 qemu-ui-curses-4.2.1-11.34.2 qemu-ui-curses-debuginfo-4.2.1-11.34.2 qemu-ui-gtk-4.2.1-11.34.2 qemu-ui-gtk-debuginfo-4.2.1-11.34.2 qemu-ui-spice-app-4.2.1-11.34.2 qemu-ui-spice-app-debuginfo-4.2.1-11.34.2 qemu-x86-4.2.1-11.34.2 qemu-x86-debuginfo-4.2.1-11.34.2 References: https://www.suse.com/security/cve/CVE-2020-13253.html https://www.suse.com/security/cve/CVE-2021-20196.html https://bugzilla.suse.com/1172033 https://bugzilla.suse.com/1181361 From sle-updates at lists.suse.com Fri Feb 18 14:23:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:23:13 +0100 (CET) Subject: SUSE-SU-2022:0491-1: moderate: Security update for rust Message-ID: <20220218142313.3B6E8F371@maintenance.suse.de> SUSE Security Update: Security update for rust ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0491-1 Rating: moderate References: #1194767 Cross-References: CVE-2022-21658 CVSS scores: CVE-2022-21658 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-21658 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rust fixes the following issues: - CVE-2022-21658: Fixed race condition in std::fs::remove_dir_all (bsc#1194767). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-491=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-491=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-491=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-491=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-491=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-491=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-491=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-491=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-491=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-491=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-491=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-491=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-491=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-491=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-491=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-491=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Manager Server 4.1 (noarch): rust-src-1.53.0-22.1 - SUSE Manager Server 4.1 (x86_64): rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-analysis-1.53.0-22.1 - SUSE Manager Retail Branch Server 4.1 (noarch): rust-src-1.53.0-22.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-analysis-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Manager Proxy 4.1 (noarch): rust-src-1.53.0-22.1 - SUSE Manager Proxy 4.1 (x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-analysis-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): rust-src-1.53.0-22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-analysis-1.53.0-22.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): rust-src-1.53.0-22.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-analysis-1.53.0-22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-analysis-1.53.0-22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): rust-src-1.53.0-22.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): rust-src-1.53.0-22.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-analysis-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 x86_64): rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-analysis-1.53.0-22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): rust-src-1.53.0-22.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): rust-src-1.53.0-22.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-analysis-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): rust-src-1.53.0-22.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-analysis-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-analysis-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): rust-src-1.53.0-22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-analysis-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): rust-src-1.53.0-22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-analysis-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): rust-src-1.53.0-22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-analysis-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): rust-src-1.53.0-22.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-analysis-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Enterprise Storage 7 (noarch): rust-src-1.53.0-22.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-analysis-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE Enterprise Storage 6 (noarch): rust-src-1.53.0-22.1 - SUSE CaaS Platform 4.0 (x86_64): cargo-1.53.0-22.1 cargo-debuginfo-1.53.0-22.1 rls-1.53.0-22.1 rls-debuginfo-1.53.0-22.1 rust-1.53.0-22.1 rust-analysis-1.53.0-22.1 rust-debuginfo-1.53.0-22.1 - SUSE CaaS Platform 4.0 (noarch): rust-src-1.53.0-22.1 References: https://www.suse.com/security/cve/CVE-2022-21658.html https://bugzilla.suse.com/1194767 From sle-updates at lists.suse.com Fri Feb 18 14:24:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:24:24 +0100 (CET) Subject: SUSE-SU-2022:0495-1: important: Security update for expat Message-ID: <20220218142424.CA180F371@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0495-1 Rating: important References: #1195054 #1195217 Cross-References: CVE-2022-23852 CVE-2022-23990 CVSS scores: CVE-2022-23852 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23852 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23990 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23990 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-495=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-495=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-495=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-495=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-495=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-495=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-495=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-495=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-495=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-495=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-495=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-495=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-495=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): expat-2.1.0-21.15.1 expat-debuginfo-2.1.0-21.15.1 expat-debuginfo-32bit-2.1.0-21.15.1 expat-debugsource-2.1.0-21.15.1 libexpat1-2.1.0-21.15.1 libexpat1-32bit-2.1.0-21.15.1 libexpat1-debuginfo-2.1.0-21.15.1 libexpat1-debuginfo-32bit-2.1.0-21.15.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): expat-2.1.0-21.15.1 expat-debuginfo-2.1.0-21.15.1 expat-debuginfo-32bit-2.1.0-21.15.1 expat-debugsource-2.1.0-21.15.1 libexpat1-2.1.0-21.15.1 libexpat1-32bit-2.1.0-21.15.1 libexpat1-debuginfo-2.1.0-21.15.1 libexpat1-debuginfo-32bit-2.1.0-21.15.1 - SUSE OpenStack Cloud 9 (x86_64): expat-2.1.0-21.15.1 expat-debuginfo-2.1.0-21.15.1 expat-debuginfo-32bit-2.1.0-21.15.1 expat-debugsource-2.1.0-21.15.1 libexpat1-2.1.0-21.15.1 libexpat1-32bit-2.1.0-21.15.1 libexpat1-debuginfo-2.1.0-21.15.1 libexpat1-debuginfo-32bit-2.1.0-21.15.1 - SUSE OpenStack Cloud 8 (x86_64): expat-2.1.0-21.15.1 expat-debuginfo-2.1.0-21.15.1 expat-debuginfo-32bit-2.1.0-21.15.1 expat-debugsource-2.1.0-21.15.1 libexpat1-2.1.0-21.15.1 libexpat1-32bit-2.1.0-21.15.1 libexpat1-debuginfo-2.1.0-21.15.1 libexpat1-debuginfo-32bit-2.1.0-21.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): expat-debuginfo-2.1.0-21.15.1 expat-debugsource-2.1.0-21.15.1 libexpat-devel-2.1.0-21.15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): expat-2.1.0-21.15.1 expat-debuginfo-2.1.0-21.15.1 expat-debugsource-2.1.0-21.15.1 libexpat1-2.1.0-21.15.1 libexpat1-debuginfo-2.1.0-21.15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): expat-debuginfo-32bit-2.1.0-21.15.1 libexpat1-32bit-2.1.0-21.15.1 libexpat1-debuginfo-32bit-2.1.0-21.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): expat-2.1.0-21.15.1 expat-debuginfo-2.1.0-21.15.1 expat-debugsource-2.1.0-21.15.1 libexpat1-2.1.0-21.15.1 libexpat1-debuginfo-2.1.0-21.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): expat-debuginfo-32bit-2.1.0-21.15.1 libexpat1-32bit-2.1.0-21.15.1 libexpat1-debuginfo-32bit-2.1.0-21.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.15.1 expat-debuginfo-2.1.0-21.15.1 expat-debugsource-2.1.0-21.15.1 libexpat1-2.1.0-21.15.1 libexpat1-debuginfo-2.1.0-21.15.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.15.1 libexpat1-32bit-2.1.0-21.15.1 libexpat1-debuginfo-32bit-2.1.0-21.15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.15.1 expat-debuginfo-2.1.0-21.15.1 expat-debugsource-2.1.0-21.15.1 libexpat1-2.1.0-21.15.1 libexpat1-debuginfo-2.1.0-21.15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.15.1 libexpat1-32bit-2.1.0-21.15.1 libexpat1-debuginfo-32bit-2.1.0-21.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.15.1 expat-debuginfo-2.1.0-21.15.1 expat-debugsource-2.1.0-21.15.1 libexpat1-2.1.0-21.15.1 libexpat1-debuginfo-2.1.0-21.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.15.1 libexpat1-32bit-2.1.0-21.15.1 libexpat1-debuginfo-32bit-2.1.0-21.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): expat-2.1.0-21.15.1 expat-debuginfo-2.1.0-21.15.1 expat-debuginfo-32bit-2.1.0-21.15.1 expat-debugsource-2.1.0-21.15.1 libexpat1-2.1.0-21.15.1 libexpat1-32bit-2.1.0-21.15.1 libexpat1-debuginfo-2.1.0-21.15.1 libexpat1-debuginfo-32bit-2.1.0-21.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): expat-2.1.0-21.15.1 expat-debuginfo-2.1.0-21.15.1 expat-debuginfo-32bit-2.1.0-21.15.1 expat-debugsource-2.1.0-21.15.1 libexpat1-2.1.0-21.15.1 libexpat1-32bit-2.1.0-21.15.1 libexpat1-debuginfo-2.1.0-21.15.1 libexpat1-debuginfo-32bit-2.1.0-21.15.1 - HPE Helion Openstack 8 (x86_64): expat-2.1.0-21.15.1 expat-debuginfo-2.1.0-21.15.1 expat-debuginfo-32bit-2.1.0-21.15.1 expat-debugsource-2.1.0-21.15.1 libexpat1-2.1.0-21.15.1 libexpat1-32bit-2.1.0-21.15.1 libexpat1-debuginfo-2.1.0-21.15.1 libexpat1-debuginfo-32bit-2.1.0-21.15.1 References: https://www.suse.com/security/cve/CVE-2022-23852.html https://www.suse.com/security/cve/CVE-2022-23990.html https://bugzilla.suse.com/1195054 https://bugzilla.suse.com/1195217 From sle-updates at lists.suse.com Fri Feb 18 14:25:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:25:39 +0100 (CET) Subject: SUSE-RU-2022:0490-1: moderate: Recommended update for libapr-util1 Message-ID: <20220218142539.983CBF371@maintenance.suse.de> SUSE Recommended Update: Recommended update for libapr-util1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0490-1 Rating: moderate References: #1187784 SLE-18105 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for libapr-util1 rebuilds the package with a symbol versioned openssl, to allow later migration to a TLS 1.3 enabled openssl 1.1.1. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-490=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-490=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-490=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-490=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-490=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-490=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libapr-util1-1.5.3-8.4.1 libapr-util1-dbd-sqlite3-1.5.3-8.4.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-8.4.1 libapr-util1-debuginfo-1.5.3-8.4.1 libapr-util1-debugsource-1.5.3-8.4.1 - SUSE OpenStack Cloud 9 (x86_64): libapr-util1-1.5.3-8.4.1 libapr-util1-dbd-sqlite3-1.5.3-8.4.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-8.4.1 libapr-util1-debuginfo-1.5.3-8.4.1 libapr-util1-debugsource-1.5.3-8.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libapr-util1-1.5.3-8.4.1 libapr-util1-debuginfo-1.5.3-8.4.1 libapr-util1-debugsource-1.5.3-8.4.1 libapr-util1-devel-1.5.3-8.4.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libapr-util1-1.5.3-8.4.1 libapr-util1-dbd-sqlite3-1.5.3-8.4.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-8.4.1 libapr-util1-debuginfo-1.5.3-8.4.1 libapr-util1-debugsource-1.5.3-8.4.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libapr-util1-1.5.3-8.4.1 libapr-util1-dbd-sqlite3-1.5.3-8.4.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-8.4.1 libapr-util1-debuginfo-1.5.3-8.4.1 libapr-util1-debugsource-1.5.3-8.4.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libapr-util1-1.5.3-8.4.1 libapr-util1-dbd-sqlite3-1.5.3-8.4.1 libapr-util1-dbd-sqlite3-debuginfo-1.5.3-8.4.1 libapr-util1-debuginfo-1.5.3-8.4.1 libapr-util1-debugsource-1.5.3-8.4.1 References: https://bugzilla.suse.com/1187784 From sle-updates at lists.suse.com Fri Feb 18 14:26:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:26:40 +0100 (CET) Subject: SUSE-SU-2022:0134-2: moderate: Security update for python-numpy Message-ID: <20220218142640.D05B9F371@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0134-2 Rating: moderate References: #1193907 #1193913 Cross-References: CVE-2021-33430 CVE-2021-41496 CVSS scores: CVE-2021-33430 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33430 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-41496 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-41496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c (bsc#1193913). - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c (bsc#1193907). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-134=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): python-numpy-debugsource-1.17.3-10.1 python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 References: https://www.suse.com/security/cve/CVE-2021-33430.html https://www.suse.com/security/cve/CVE-2021-41496.html https://bugzilla.suse.com/1193907 https://bugzilla.suse.com/1193913 From sle-updates at lists.suse.com Fri Feb 18 14:27:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:27:50 +0100 (CET) Subject: SUSE-SU-2022:14891-1: important: Security update for cobbler Message-ID: <20220218142750.0D041F371@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14891-1 Rating: important References: #1193671 #1195906 Cross-References: CVE-2021-45083 CVSS scores: CVE-2021-45083 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for cobbler fixes the following issues: - CVE-2021-45083: Fixed unsafe permissions on sensitive files (bsc#1193671). The following non-security bugs were fixed: - Move configuration files ownership to apache (bsc#1195906) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-cobbler-14891=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-cobbler-14891=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.68.15.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.68.15.1 References: https://www.suse.com/security/cve/CVE-2021-45083.html https://bugzilla.suse.com/1193671 https://bugzilla.suse.com/1195906 From sle-updates at lists.suse.com Fri Feb 18 14:28:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:28:28 +0100 (CET) Subject: SUSE-SU-2022:14889-1: important: Security update for xerces-j2 Message-ID: <20220218142828.73298F371@maintenance.suse.de> SUSE Security Update: Security update for xerces-j2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14889-1 Rating: important References: #1195108 Cross-References: CVE-2022-23437 CVSS scores: CVE-2022-23437 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-23437 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xerces-j2-14889=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xerces-j2-14889=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): xerces-j2-2.8.1-238.29.8.1 xerces-j2-xml-apis-2.8.1-238.29.8.1 xerces-j2-xml-resolver-2.8.1-238.29.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): xerces-j2-2.8.1-238.29.8.1 xerces-j2-xml-apis-2.8.1-238.29.8.1 xerces-j2-xml-resolver-2.8.1-238.29.8.1 References: https://www.suse.com/security/cve/CVE-2022-23437.html https://bugzilla.suse.com/1195108 From sle-updates at lists.suse.com Fri Feb 18 14:29:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:29:27 +0100 (CET) Subject: SUSE-SU-2022:0510-1: important: Security update for cobbler Message-ID: <20220218142927.9BA5AF371@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0510-1 Rating: important References: #1193671 #1193673 #1193675 #1193676 #1193678 #1195906 #1195918 Cross-References: CVE-2021-45082 CVE-2021-45083 CVSS scores: CVE-2021-45082 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-45083 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 5 fixes is now available. Description: This update for cobbler fixes the following issues: - CVE-2021-45083: Fixed unsafe permissions on sensitive files (bsc#1193671). - CVE-2021-45082: Fixed incomplete template sanitation (bsc#1193678). The following non-security bugs were fixed: - Fix issues with installation module logging and validation (bsc#1195918) - Move configuration files ownership to apache (bsc#1195906) - Remove hardcoded test credentials (bsc#1193673) - Prevent log pollution (bsc#1193675) - Missing sanity check on MongoDB configuration file (bsc#1193676) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-510=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): cobbler-3.0.0+git20190806.32c4bae0-8.22.9.1 References: https://www.suse.com/security/cve/CVE-2021-45082.html https://www.suse.com/security/cve/CVE-2021-45083.html https://bugzilla.suse.com/1193671 https://bugzilla.suse.com/1193673 https://bugzilla.suse.com/1193675 https://bugzilla.suse.com/1193676 https://bugzilla.suse.com/1193678 https://bugzilla.suse.com/1195906 https://bugzilla.suse.com/1195918 From sle-updates at lists.suse.com Fri Feb 18 14:30:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:30:54 +0100 (CET) Subject: SUSE-SU-2022:0069-2: Security update for libmspack Message-ID: <20220218143054.5318FF371@maintenance.suse.de> SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0069-2 Rating: low References: #1113040 Cross-References: CVE-2018-18586 CVSS scores: CVE-2018-18586 (NVD) : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti "../" and leading slash protection (bsc#1113040). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-69=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libmspack-debugsource-0.6-3.14.1 libmspack-devel-0.6-3.14.1 libmspack0-0.6-3.14.1 libmspack0-debuginfo-0.6-3.14.1 References: https://www.suse.com/security/cve/CVE-2018-18586.html https://bugzilla.suse.com/1113040 From sle-updates at lists.suse.com Fri Feb 18 14:31:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:31:26 +0100 (CET) Subject: SUSE-RU-2022:0489-1: moderate: Recommended update for apache2-mod_auth_openidc Message-ID: <20220218143126.DABE5F371@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_auth_openidc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0489-1 Rating: moderate References: #1187784 SLE-18105 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for apache2-mod_auth_openidc rebuilds the package with a symbol versioned openssl, to allow later migration to a TLS 1.3 enabled openssl 1.1.1. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-489=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-489=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-489=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-489=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-489=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): apache2-mod_auth_openidc-2.4.0-7.2.1 apache2-mod_auth_openidc-debuginfo-2.4.0-7.2.1 apache2-mod_auth_openidc-debugsource-2.4.0-7.2.1 - SUSE OpenStack Cloud 9 (x86_64): apache2-mod_auth_openidc-2.4.0-7.2.1 apache2-mod_auth_openidc-debuginfo-2.4.0-7.2.1 apache2-mod_auth_openidc-debugsource-2.4.0-7.2.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): apache2-mod_auth_openidc-2.4.0-7.2.1 apache2-mod_auth_openidc-debuginfo-2.4.0-7.2.1 apache2-mod_auth_openidc-debugsource-2.4.0-7.2.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_openidc-2.4.0-7.2.1 apache2-mod_auth_openidc-debuginfo-2.4.0-7.2.1 apache2-mod_auth_openidc-debugsource-2.4.0-7.2.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_auth_openidc-2.4.0-7.2.1 apache2-mod_auth_openidc-debuginfo-2.4.0-7.2.1 apache2-mod_auth_openidc-debugsource-2.4.0-7.2.1 References: https://bugzilla.suse.com/1187784 From sle-updates at lists.suse.com Fri Feb 18 14:31:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:31:59 +0100 (CET) Subject: SUSE-SU-2022:0509-1: important: Security update for cobbler Message-ID: <20220218143159.34E43F371@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0509-1 Rating: important References: #1193671 #1193673 #1193675 #1193676 #1193678 #1195906 #1195918 Cross-References: CVE-2021-45082 CVE-2021-45083 CVSS scores: CVE-2021-45082 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-45083 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 5 fixes is now available. Description: This update for cobbler fixes the following issues: - CVE-2021-45083: Fixed unsafe permissions on sensitive files (bsc#1193671). - CVE-2021-45082: Fixed incomplete template sanitation (bsc#1193678). The following non-security bugs were fixed: - Fix issues with installation module logging and validation (bsc#1195918) - Move configuration files ownership to apache (bsc#1195906) - Remove hardcoded test credentials (bsc#1193673) - Prevent log pollution (bsc#1193675) - Missing sanity check on MongoDB configuration file (bsc#1193676) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-509=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): cobbler-3.1.2-150300.5.14.1 References: https://www.suse.com/security/cve/CVE-2021-45082.html https://www.suse.com/security/cve/CVE-2021-45083.html https://bugzilla.suse.com/1193671 https://bugzilla.suse.com/1193673 https://bugzilla.suse.com/1193675 https://bugzilla.suse.com/1193676 https://bugzilla.suse.com/1193678 https://bugzilla.suse.com/1195906 https://bugzilla.suse.com/1195918 From sle-updates at lists.suse.com Fri Feb 18 14:33:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:33:02 +0100 (CET) Subject: SUSE-RU-2022:0188-2: moderate: Recommended update for hunspell Message-ID: <20220218143302.68746F371@maintenance.suse.de> SUSE Recommended Update: Recommended update for hunspell ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0188-2 Rating: moderate References: #1193627 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hunspell fixes the following issues: - Fix myspell english dictionary not being installed (bsc#1193627) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-188=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): hunspell-1.6.2-3.8.1 hunspell-debuginfo-1.6.2-3.8.1 hunspell-debugsource-1.6.2-3.8.1 hunspell-devel-1.6.2-3.8.1 hunspell-tools-1.6.2-3.8.1 hunspell-tools-debuginfo-1.6.2-3.8.1 libhunspell-1_6-0-1.6.2-3.8.1 libhunspell-1_6-0-debuginfo-1.6.2-3.8.1 References: https://bugzilla.suse.com/1193627 From sle-updates at lists.suse.com Fri Feb 18 14:33:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:33:33 +0100 (CET) Subject: SUSE-SU-2022:0507-1: important: Security update for cobbler Message-ID: <20220218143333.01FE0F371@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0507-1 Rating: important References: #1193671 #1195906 Cross-References: CVE-2021-45083 CVSS scores: CVE-2021-45083 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N Affected Products: HPE Helion Openstack 8 SUSE Manager Tools 12 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for cobbler fixes the following issues: - CVE-2021-45083: Fixed unsafe permissions on sensitive files (bsc#1193671). The following non-security bugs were fixed: - Move configuration files ownership to apache (bsc#1195906) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-507=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-507=1 - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-507=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-507=1 Package List: - SUSE OpenStack Cloud 9 (noarch): cobbler-2.6.6-49.35.1 - SUSE OpenStack Cloud 8 (noarch): cobbler-2.6.6-49.35.1 - SUSE Manager Tools 12 (noarch): koan-2.6.6-49.35.1 - HPE Helion Openstack 8 (noarch): cobbler-2.6.6-49.35.1 References: https://www.suse.com/security/cve/CVE-2021-45083.html https://bugzilla.suse.com/1193671 https://bugzilla.suse.com/1195906 From sle-updates at lists.suse.com Fri Feb 18 14:34:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:34:21 +0100 (CET) Subject: SUSE-SU-2022:0496-1: important: Security update for tiff Message-ID: <20220218143421.0AC77F371@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0496-1 Rating: important References: #1071031 #1154365 #1182808 #1182809 #1182811 #1182812 #1190312 #1194539 Cross-References: CVE-2017-17095 CVE-2019-17546 CVE-2020-19131 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 CVE-2022-22844 CVSS scores: CVE-2017-17095 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-17095 (SUSE): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-17546 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-17546 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-19131 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-19131 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35521 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35521 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2020-35522 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35522 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2020-35523 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-35523 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2020-35524 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-35524 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-22844 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031). - CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365). - CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). - CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-496=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-496=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-496=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-496=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-496=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-496=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-496=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-496=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-496=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-496=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-496=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-496=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-496=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libtiff5-32bit-4.0.9-44.45.1 libtiff5-4.0.9-44.45.1 libtiff5-debuginfo-32bit-4.0.9-44.45.1 libtiff5-debuginfo-4.0.9-44.45.1 tiff-4.0.9-44.45.1 tiff-debuginfo-4.0.9-44.45.1 tiff-debugsource-4.0.9-44.45.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libtiff5-32bit-4.0.9-44.45.1 libtiff5-4.0.9-44.45.1 libtiff5-debuginfo-32bit-4.0.9-44.45.1 libtiff5-debuginfo-4.0.9-44.45.1 tiff-4.0.9-44.45.1 tiff-debuginfo-4.0.9-44.45.1 tiff-debugsource-4.0.9-44.45.1 - SUSE OpenStack Cloud 9 (x86_64): libtiff5-32bit-4.0.9-44.45.1 libtiff5-4.0.9-44.45.1 libtiff5-debuginfo-32bit-4.0.9-44.45.1 libtiff5-debuginfo-4.0.9-44.45.1 tiff-4.0.9-44.45.1 tiff-debuginfo-4.0.9-44.45.1 tiff-debugsource-4.0.9-44.45.1 - SUSE OpenStack Cloud 8 (x86_64): libtiff5-32bit-4.0.9-44.45.1 libtiff5-4.0.9-44.45.1 libtiff5-debuginfo-32bit-4.0.9-44.45.1 libtiff5-debuginfo-4.0.9-44.45.1 tiff-4.0.9-44.45.1 tiff-debuginfo-4.0.9-44.45.1 tiff-debugsource-4.0.9-44.45.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.45.1 tiff-debuginfo-4.0.9-44.45.1 tiff-debugsource-4.0.9-44.45.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libtiff5-4.0.9-44.45.1 libtiff5-debuginfo-4.0.9-44.45.1 tiff-4.0.9-44.45.1 tiff-debuginfo-4.0.9-44.45.1 tiff-debugsource-4.0.9-44.45.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libtiff5-32bit-4.0.9-44.45.1 libtiff5-debuginfo-32bit-4.0.9-44.45.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libtiff5-4.0.9-44.45.1 libtiff5-debuginfo-4.0.9-44.45.1 tiff-4.0.9-44.45.1 tiff-debuginfo-4.0.9-44.45.1 tiff-debugsource-4.0.9-44.45.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libtiff5-32bit-4.0.9-44.45.1 libtiff5-debuginfo-32bit-4.0.9-44.45.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.45.1 libtiff5-debuginfo-4.0.9-44.45.1 tiff-4.0.9-44.45.1 tiff-debuginfo-4.0.9-44.45.1 tiff-debugsource-4.0.9-44.45.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libtiff5-32bit-4.0.9-44.45.1 libtiff5-debuginfo-32bit-4.0.9-44.45.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.45.1 libtiff5-debuginfo-4.0.9-44.45.1 tiff-4.0.9-44.45.1 tiff-debuginfo-4.0.9-44.45.1 tiff-debugsource-4.0.9-44.45.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libtiff5-32bit-4.0.9-44.45.1 libtiff5-debuginfo-32bit-4.0.9-44.45.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.45.1 libtiff5-debuginfo-4.0.9-44.45.1 tiff-4.0.9-44.45.1 tiff-debuginfo-4.0.9-44.45.1 tiff-debugsource-4.0.9-44.45.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libtiff5-32bit-4.0.9-44.45.1 libtiff5-debuginfo-32bit-4.0.9-44.45.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libtiff5-32bit-4.0.9-44.45.1 libtiff5-4.0.9-44.45.1 libtiff5-debuginfo-32bit-4.0.9-44.45.1 libtiff5-debuginfo-4.0.9-44.45.1 tiff-4.0.9-44.45.1 tiff-debuginfo-4.0.9-44.45.1 tiff-debugsource-4.0.9-44.45.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libtiff5-32bit-4.0.9-44.45.1 libtiff5-4.0.9-44.45.1 libtiff5-debuginfo-32bit-4.0.9-44.45.1 libtiff5-debuginfo-4.0.9-44.45.1 tiff-4.0.9-44.45.1 tiff-debuginfo-4.0.9-44.45.1 tiff-debugsource-4.0.9-44.45.1 - HPE Helion Openstack 8 (x86_64): libtiff5-32bit-4.0.9-44.45.1 libtiff5-4.0.9-44.45.1 libtiff5-debuginfo-32bit-4.0.9-44.45.1 libtiff5-debuginfo-4.0.9-44.45.1 tiff-4.0.9-44.45.1 tiff-debuginfo-4.0.9-44.45.1 tiff-debugsource-4.0.9-44.45.1 References: https://www.suse.com/security/cve/CVE-2017-17095.html https://www.suse.com/security/cve/CVE-2019-17546.html https://www.suse.com/security/cve/CVE-2020-19131.html https://www.suse.com/security/cve/CVE-2020-35521.html https://www.suse.com/security/cve/CVE-2020-35522.html https://www.suse.com/security/cve/CVE-2020-35523.html https://www.suse.com/security/cve/CVE-2020-35524.html https://www.suse.com/security/cve/CVE-2022-22844.html https://bugzilla.suse.com/1071031 https://bugzilla.suse.com/1154365 https://bugzilla.suse.com/1182808 https://bugzilla.suse.com/1182809 https://bugzilla.suse.com/1182811 https://bugzilla.suse.com/1182812 https://bugzilla.suse.com/1190312 https://bugzilla.suse.com/1194539 From sle-updates at lists.suse.com Fri Feb 18 14:37:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:37:19 +0100 (CET) Subject: SUSE-SU-2022:14887-1: important: Security update for strongswan Message-ID: <20220218143719.7319BF371@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14887-1 Rating: important References: #1107874 #1109845 #1194471 Cross-References: CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2021-45079 CVSS scores: CVE-2018-16151 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2018-16151 (SUSE): 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2018-16152 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2018-16152 (SUSE): 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2018-17540 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-17540 (SUSE): 7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2021-45079 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2021-45079 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for strongswan fixes the following issues: - CVE-2018-16151: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-16152: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-17540: Fixed insufficient input validation in gmp plugin. (bsc#1109845) - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-strongswan-14887=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-strongswan-14887=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-strongswan-14887=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-strongswan-14887=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): strongswan-4.4.0-6.36.12.1 strongswan-doc-4.4.0-6.36.12.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): strongswan-4.4.0-6.36.12.1 strongswan-doc-4.4.0-6.36.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): strongswan-debuginfo-4.4.0-6.36.12.1 strongswan-debugsource-4.4.0-6.36.12.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): strongswan-debuginfo-4.4.0-6.36.12.1 strongswan-debugsource-4.4.0-6.36.12.1 References: https://www.suse.com/security/cve/CVE-2018-16151.html https://www.suse.com/security/cve/CVE-2018-16152.html https://www.suse.com/security/cve/CVE-2018-17540.html https://www.suse.com/security/cve/CVE-2021-45079.html https://bugzilla.suse.com/1107874 https://bugzilla.suse.com/1109845 https://bugzilla.suse.com/1194471 From sle-updates at lists.suse.com Fri Feb 18 14:38:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:38:11 +0100 (CET) Subject: SUSE-SU-2022:0499-1: important: Security update for python-Twisted Message-ID: <20220218143811.62173F371@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0499-1 Rating: important References: #1195667 Cross-References: CVE-2022-21712 CVSS scores: CVE-2022-21712 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21712 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2022-21712: Fixed secret exposure in cross-origin redirects by properly removing sensitive headers when redirecting to a different origin (bsc#1195667). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-499=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-499=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-499=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-499=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-499=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-499=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-499=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-499=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-499=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-499=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-499=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-499=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python3-Twisted-19.10.0-3.6.1 python3-Twisted-debuginfo-19.10.0-3.6.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python3-Twisted-19.10.0-3.6.1 python3-Twisted-debuginfo-19.10.0-3.6.1 - SUSE Manager Proxy 4.1 (x86_64): python3-Twisted-19.10.0-3.6.1 python3-Twisted-debuginfo-19.10.0-3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python3-Twisted-19.10.0-3.6.1 python3-Twisted-debuginfo-19.10.0-3.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python3-Twisted-19.10.0-3.6.1 python3-Twisted-debuginfo-19.10.0-3.6.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python3-Twisted-19.10.0-3.6.1 python3-Twisted-debuginfo-19.10.0-3.6.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): python3-Twisted-19.10.0-3.6.1 python3-Twisted-debuginfo-19.10.0-3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-3.6.1 python-Twisted-debugsource-19.10.0-3.6.1 python3-Twisted-19.10.0-3.6.1 python3-Twisted-debuginfo-19.10.0-3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python-Twisted-debugsource-19.10.0-3.6.1 python3-Twisted-19.10.0-3.6.1 python3-Twisted-debuginfo-19.10.0-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python3-Twisted-19.10.0-3.6.1 python3-Twisted-debuginfo-19.10.0-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python3-Twisted-19.10.0-3.6.1 python3-Twisted-debuginfo-19.10.0-3.6.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python3-Twisted-19.10.0-3.6.1 python3-Twisted-debuginfo-19.10.0-3.6.1 References: https://www.suse.com/security/cve/CVE-2022-21712.html https://bugzilla.suse.com/1195667 From sle-updates at lists.suse.com Fri Feb 18 14:38:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:38:50 +0100 (CET) Subject: SUSE-SU-2022:0502-1: important: Security update for ucode-intel Message-ID: <20220218143850.CF3FEF371@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0502-1 Rating: important References: #1192615 #1195779 #1195780 #1195781 Cross-References: CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120 CVSS scores: CVE-2021-0127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-0127 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-0145 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0145 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-0146 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0146 (SUSE): 7.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2021-33120 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-33120 (SUSE): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00532.html) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-502=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-502=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-502=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): ucode-intel-20220207-3.70.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): ucode-intel-20220207-3.70.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): ucode-intel-20220207-3.70.1 References: https://www.suse.com/security/cve/CVE-2021-0127.html https://www.suse.com/security/cve/CVE-2021-0145.html https://www.suse.com/security/cve/CVE-2021-0146.html https://www.suse.com/security/cve/CVE-2021-33120.html https://bugzilla.suse.com/1192615 https://bugzilla.suse.com/1195779 https://bugzilla.suse.com/1195780 https://bugzilla.suse.com/1195781 From sle-updates at lists.suse.com Fri Feb 18 14:40:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:40:11 +0100 (CET) Subject: SUSE-SU-2022:0500-1: important: Security update for xerces-j2 Message-ID: <20220218144011.678F1F371@maintenance.suse.de> SUSE Security Update: Security update for xerces-j2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0500-1 Rating: important References: #1195108 Cross-References: CVE-2022-23437 CVSS scores: CVE-2022-23437 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-23437 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-500=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-500=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-500=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-500=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-500=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-500=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-500=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-500=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-500=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-500=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): xerces-j2-2.11.0-4.3.1 xerces-j2-xml-apis-2.11.0-4.3.1 xerces-j2-xml-resolver-2.11.0-4.3.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): xerces-j2-2.11.0-4.3.1 xerces-j2-xml-apis-2.11.0-4.3.1 xerces-j2-xml-resolver-2.11.0-4.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): xerces-j2-2.11.0-4.3.1 xerces-j2-xml-apis-2.11.0-4.3.1 xerces-j2-xml-resolver-2.11.0-4.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): xerces-j2-2.11.0-4.3.1 xerces-j2-xml-apis-2.11.0-4.3.1 xerces-j2-xml-resolver-2.11.0-4.3.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): xerces-j2-2.11.0-4.3.1 xerces-j2-xml-apis-2.11.0-4.3.1 xerces-j2-xml-resolver-2.11.0-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): xerces-j2-2.11.0-4.3.1 xerces-j2-xml-apis-2.11.0-4.3.1 xerces-j2-xml-resolver-2.11.0-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): xerces-j2-2.11.0-4.3.1 xerces-j2-xml-apis-2.11.0-4.3.1 xerces-j2-xml-resolver-2.11.0-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): xerces-j2-2.11.0-4.3.1 xerces-j2-xml-apis-2.11.0-4.3.1 xerces-j2-xml-resolver-2.11.0-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): xerces-j2-2.11.0-4.3.1 xerces-j2-xml-apis-2.11.0-4.3.1 xerces-j2-xml-resolver-2.11.0-4.3.1 - SUSE Enterprise Storage 6 (noarch): xerces-j2-2.11.0-4.3.1 xerces-j2-xml-apis-2.11.0-4.3.1 xerces-j2-xml-resolver-2.11.0-4.3.1 - SUSE CaaS Platform 4.0 (noarch): xerces-j2-2.11.0-4.3.1 xerces-j2-xml-apis-2.11.0-4.3.1 xerces-j2-xml-resolver-2.11.0-4.3.1 References: https://www.suse.com/security/cve/CVE-2022-23437.html https://bugzilla.suse.com/1195108 From sle-updates at lists.suse.com Fri Feb 18 14:40:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:40:49 +0100 (CET) Subject: SUSE-SU-2022:0504-1: important: Security update for wpa_supplicant Message-ID: <20220218144049.E9788F371@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0504-1 Rating: important References: #1194732 #1194733 Cross-References: CVE-2022-23303 CVE-2022-2334 CVSS scores: CVE-2022-23303 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23303 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wpa_supplicant fixes the following issues: - CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732). - CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-504=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.9-23.15.1 wpa_supplicant-debuginfo-2.9-23.15.1 wpa_supplicant-debugsource-2.9-23.15.1 References: https://www.suse.com/security/cve/CVE-2022-23303.html https://www.suse.com/security/cve/CVE-2022-2334.html https://bugzilla.suse.com/1194732 https://bugzilla.suse.com/1194733 From sle-updates at lists.suse.com Fri Feb 18 14:41:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:41:36 +0100 (CET) Subject: SUSE-SU-2022:0492-1: important: Security update for strongswan Message-ID: <20220218144136.743D9F371@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0492-1 Rating: important References: #1194471 Cross-References: CVE-2021-45079 CVSS scores: CVE-2021-45079 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2021-45079 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for strongswan fixes the following issues: - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-492=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-492=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-492=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-492=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-492=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-492=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-492=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-492=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-492=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-492=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-492=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-492=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-492=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-492=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-492=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-492=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): strongswan-5.8.2-11.24.1 strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-hmac-5.8.2-11.24.1 strongswan-ipsec-5.8.2-11.24.1 strongswan-ipsec-debuginfo-5.8.2-11.24.1 strongswan-libs0-5.8.2-11.24.1 strongswan-libs0-debuginfo-5.8.2-11.24.1 - SUSE Manager Server 4.1 (noarch): strongswan-doc-5.8.2-11.24.1 - SUSE Manager Retail Branch Server 4.1 (noarch): strongswan-doc-5.8.2-11.24.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): strongswan-5.8.2-11.24.1 strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-hmac-5.8.2-11.24.1 strongswan-ipsec-5.8.2-11.24.1 strongswan-ipsec-debuginfo-5.8.2-11.24.1 strongswan-libs0-5.8.2-11.24.1 strongswan-libs0-debuginfo-5.8.2-11.24.1 - SUSE Manager Proxy 4.1 (noarch): strongswan-doc-5.8.2-11.24.1 - SUSE Manager Proxy 4.1 (x86_64): strongswan-5.8.2-11.24.1 strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-hmac-5.8.2-11.24.1 strongswan-ipsec-5.8.2-11.24.1 strongswan-ipsec-debuginfo-5.8.2-11.24.1 strongswan-libs0-5.8.2-11.24.1 strongswan-libs0-debuginfo-5.8.2-11.24.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-nm-5.8.2-11.24.1 strongswan-nm-debuginfo-5.8.2-11.24.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-nm-5.8.2-11.24.1 strongswan-nm-debuginfo-5.8.2-11.24.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): strongswan-5.8.2-11.24.1 strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-hmac-5.8.2-11.24.1 strongswan-ipsec-5.8.2-11.24.1 strongswan-ipsec-debuginfo-5.8.2-11.24.1 strongswan-libs0-5.8.2-11.24.1 strongswan-libs0-debuginfo-5.8.2-11.24.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): strongswan-doc-5.8.2-11.24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-11.24.1 strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-hmac-5.8.2-11.24.1 strongswan-ipsec-5.8.2-11.24.1 strongswan-ipsec-debuginfo-5.8.2-11.24.1 strongswan-libs0-5.8.2-11.24.1 strongswan-libs0-debuginfo-5.8.2-11.24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): strongswan-doc-5.8.2-11.24.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): strongswan-doc-5.8.2-11.24.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): strongswan-5.8.2-11.24.1 strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-hmac-5.8.2-11.24.1 strongswan-ipsec-5.8.2-11.24.1 strongswan-ipsec-debuginfo-5.8.2-11.24.1 strongswan-libs0-5.8.2-11.24.1 strongswan-libs0-debuginfo-5.8.2-11.24.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): strongswan-doc-5.8.2-11.24.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): strongswan-5.8.2-11.24.1 strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-hmac-5.8.2-11.24.1 strongswan-ipsec-5.8.2-11.24.1 strongswan-ipsec-debuginfo-5.8.2-11.24.1 strongswan-libs0-5.8.2-11.24.1 strongswan-libs0-debuginfo-5.8.2-11.24.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-nm-5.8.2-11.24.1 strongswan-nm-debuginfo-5.8.2-11.24.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-nm-5.8.2-11.24.1 strongswan-nm-debuginfo-5.8.2-11.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-11.24.1 strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-hmac-5.8.2-11.24.1 strongswan-ipsec-5.8.2-11.24.1 strongswan-ipsec-debuginfo-5.8.2-11.24.1 strongswan-libs0-5.8.2-11.24.1 strongswan-libs0-debuginfo-5.8.2-11.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): strongswan-doc-5.8.2-11.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-11.24.1 strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-hmac-5.8.2-11.24.1 strongswan-ipsec-5.8.2-11.24.1 strongswan-ipsec-debuginfo-5.8.2-11.24.1 strongswan-libs0-5.8.2-11.24.1 strongswan-libs0-debuginfo-5.8.2-11.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): strongswan-doc-5.8.2-11.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): strongswan-5.8.2-11.24.1 strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-hmac-5.8.2-11.24.1 strongswan-ipsec-5.8.2-11.24.1 strongswan-ipsec-debuginfo-5.8.2-11.24.1 strongswan-libs0-5.8.2-11.24.1 strongswan-libs0-debuginfo-5.8.2-11.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): strongswan-doc-5.8.2-11.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): strongswan-5.8.2-11.24.1 strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-hmac-5.8.2-11.24.1 strongswan-ipsec-5.8.2-11.24.1 strongswan-ipsec-debuginfo-5.8.2-11.24.1 strongswan-libs0-5.8.2-11.24.1 strongswan-libs0-debuginfo-5.8.2-11.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): strongswan-doc-5.8.2-11.24.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): strongswan-5.8.2-11.24.1 strongswan-debuginfo-5.8.2-11.24.1 strongswan-debugsource-5.8.2-11.24.1 strongswan-hmac-5.8.2-11.24.1 strongswan-ipsec-5.8.2-11.24.1 strongswan-ipsec-debuginfo-5.8.2-11.24.1 strongswan-libs0-5.8.2-11.24.1 strongswan-libs0-debuginfo-5.8.2-11.24.1 - SUSE Enterprise Storage 7 (noarch): strongswan-doc-5.8.2-11.24.1 References: https://www.suse.com/security/cve/CVE-2021-45079.html https://bugzilla.suse.com/1194471 From sle-updates at lists.suse.com Fri Feb 18 14:42:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:42:27 +0100 (CET) Subject: SUSE-SU-2022:0498-1: important: Security update for expat Message-ID: <20220218144227.F0BA0F371@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0498-1 Rating: important References: #1195054 #1195217 Cross-References: CVE-2022-23852 CVE-2022-23990 CVSS scores: CVE-2022-23852 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23852 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23990 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23990 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-498=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-498=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-498=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-498=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-498=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-498=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-498=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-498=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-498=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-498=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-498=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-498=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-498=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-498=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-498=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-498=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-498=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-498=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-498=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-498=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-498=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-498=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-498=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Manager Server 4.1 (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): expat-2.2.5-3.12.1 expat-32bit-debuginfo-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Manager Proxy 4.1 (x86_64): expat-2.2.5-3.12.1 expat-32bit-debuginfo-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): expat-2.2.5-3.12.1 expat-32bit-debuginfo-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): expat-2.2.5-3.12.1 expat-32bit-debuginfo-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): expat-2.2.5-3.12.1 expat-32bit-debuginfo-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Enterprise Storage 7 (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): expat-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 - SUSE Enterprise Storage 6 (x86_64): expat-32bit-debuginfo-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 - SUSE CaaS Platform 4.0 (x86_64): expat-2.2.5-3.12.1 expat-32bit-debuginfo-2.2.5-3.12.1 expat-debuginfo-2.2.5-3.12.1 expat-debugsource-2.2.5-3.12.1 libexpat-devel-2.2.5-3.12.1 libexpat1-2.2.5-3.12.1 libexpat1-32bit-2.2.5-3.12.1 libexpat1-32bit-debuginfo-2.2.5-3.12.1 libexpat1-debuginfo-2.2.5-3.12.1 References: https://www.suse.com/security/cve/CVE-2022-23852.html https://www.suse.com/security/cve/CVE-2022-23990.html https://bugzilla.suse.com/1195054 https://bugzilla.suse.com/1195217 From sle-updates at lists.suse.com Fri Feb 18 14:43:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:43:17 +0100 (CET) Subject: SUSE-RU-2022:0228-2: moderate: Recommended update for boost Message-ID: <20220218144317.05B81F371@maintenance.suse.de> SUSE Recommended Update: Recommended update for boost ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0228-2 Rating: moderate References: #1194522 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-228=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): boost-license1_66_0-1.66.0-12.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): boost-base-debugsource-1.66.0-12.3.1 libboost_atomic1_66_0-1.66.0-12.3.1 libboost_atomic1_66_0-debuginfo-1.66.0-12.3.1 libboost_atomic1_66_0-devel-1.66.0-12.3.1 libboost_chrono1_66_0-1.66.0-12.3.1 libboost_chrono1_66_0-debuginfo-1.66.0-12.3.1 libboost_chrono1_66_0-devel-1.66.0-12.3.1 libboost_container1_66_0-1.66.0-12.3.1 libboost_container1_66_0-debuginfo-1.66.0-12.3.1 libboost_container1_66_0-devel-1.66.0-12.3.1 libboost_context1_66_0-1.66.0-12.3.1 libboost_context1_66_0-debuginfo-1.66.0-12.3.1 libboost_context1_66_0-devel-1.66.0-12.3.1 libboost_coroutine1_66_0-1.66.0-12.3.1 libboost_coroutine1_66_0-debuginfo-1.66.0-12.3.1 libboost_coroutine1_66_0-devel-1.66.0-12.3.1 libboost_date_time1_66_0-1.66.0-12.3.1 libboost_date_time1_66_0-debuginfo-1.66.0-12.3.1 libboost_date_time1_66_0-devel-1.66.0-12.3.1 libboost_fiber1_66_0-1.66.0-12.3.1 libboost_fiber1_66_0-debuginfo-1.66.0-12.3.1 libboost_fiber1_66_0-devel-1.66.0-12.3.1 libboost_filesystem1_66_0-1.66.0-12.3.1 libboost_filesystem1_66_0-debuginfo-1.66.0-12.3.1 libboost_filesystem1_66_0-devel-1.66.0-12.3.1 libboost_graph1_66_0-1.66.0-12.3.1 libboost_graph1_66_0-debuginfo-1.66.0-12.3.1 libboost_graph1_66_0-devel-1.66.0-12.3.1 libboost_headers1_66_0-devel-1.66.0-12.3.1 libboost_iostreams1_66_0-1.66.0-12.3.1 libboost_iostreams1_66_0-debuginfo-1.66.0-12.3.1 libboost_iostreams1_66_0-devel-1.66.0-12.3.1 libboost_locale1_66_0-1.66.0-12.3.1 libboost_locale1_66_0-debuginfo-1.66.0-12.3.1 libboost_locale1_66_0-devel-1.66.0-12.3.1 libboost_log1_66_0-1.66.0-12.3.1 libboost_log1_66_0-debuginfo-1.66.0-12.3.1 libboost_log1_66_0-devel-1.66.0-12.3.1 libboost_math1_66_0-1.66.0-12.3.1 libboost_math1_66_0-debuginfo-1.66.0-12.3.1 libboost_math1_66_0-devel-1.66.0-12.3.1 libboost_program_options1_66_0-1.66.0-12.3.1 libboost_program_options1_66_0-debuginfo-1.66.0-12.3.1 libboost_program_options1_66_0-devel-1.66.0-12.3.1 libboost_python-py3-1_66_0-1.66.0-12.3.1 libboost_python-py3-1_66_0-debuginfo-1.66.0-12.3.1 libboost_python-py3-1_66_0-devel-1.66.0-12.3.1 libboost_random1_66_0-1.66.0-12.3.1 libboost_random1_66_0-debuginfo-1.66.0-12.3.1 libboost_random1_66_0-devel-1.66.0-12.3.1 libboost_regex1_66_0-1.66.0-12.3.1 libboost_regex1_66_0-debuginfo-1.66.0-12.3.1 libboost_regex1_66_0-devel-1.66.0-12.3.1 libboost_serialization1_66_0-1.66.0-12.3.1 libboost_serialization1_66_0-debuginfo-1.66.0-12.3.1 libboost_serialization1_66_0-devel-1.66.0-12.3.1 libboost_signals1_66_0-1.66.0-12.3.1 libboost_signals1_66_0-debuginfo-1.66.0-12.3.1 libboost_signals1_66_0-devel-1.66.0-12.3.1 libboost_stacktrace1_66_0-1.66.0-12.3.1 libboost_stacktrace1_66_0-debuginfo-1.66.0-12.3.1 libboost_stacktrace1_66_0-devel-1.66.0-12.3.1 libboost_system1_66_0-1.66.0-12.3.1 libboost_system1_66_0-debuginfo-1.66.0-12.3.1 libboost_system1_66_0-devel-1.66.0-12.3.1 libboost_test1_66_0-1.66.0-12.3.1 libboost_test1_66_0-debuginfo-1.66.0-12.3.1 libboost_test1_66_0-devel-1.66.0-12.3.1 libboost_thread1_66_0-1.66.0-12.3.1 libboost_thread1_66_0-debuginfo-1.66.0-12.3.1 libboost_thread1_66_0-devel-1.66.0-12.3.1 libboost_timer1_66_0-1.66.0-12.3.1 libboost_timer1_66_0-debuginfo-1.66.0-12.3.1 libboost_timer1_66_0-devel-1.66.0-12.3.1 libboost_type_erasure1_66_0-1.66.0-12.3.1 libboost_type_erasure1_66_0-debuginfo-1.66.0-12.3.1 libboost_type_erasure1_66_0-devel-1.66.0-12.3.1 libboost_wave1_66_0-1.66.0-12.3.1 libboost_wave1_66_0-debuginfo-1.66.0-12.3.1 libboost_wave1_66_0-devel-1.66.0-12.3.1 References: https://bugzilla.suse.com/1194522 From sle-updates at lists.suse.com Fri Feb 18 14:43:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:43:51 +0100 (CET) Subject: SUSE-SU-2022:0505-1: moderate: Security update for tcpdump Message-ID: <20220218144351.927AAF371@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0505-1 Rating: moderate References: #1195825 Cross-References: CVE-2018-16301 CVSS scores: CVE-2018-16301 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-505=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-505=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-505=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-505=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-505=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-505=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-505=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-505=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-505=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-505=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-505=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-505=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): tcpdump-4.9.2-14.20.1 tcpdump-debuginfo-4.9.2-14.20.1 tcpdump-debugsource-4.9.2-14.20.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): tcpdump-4.9.2-14.20.1 tcpdump-debuginfo-4.9.2-14.20.1 tcpdump-debugsource-4.9.2-14.20.1 - SUSE OpenStack Cloud 9 (x86_64): tcpdump-4.9.2-14.20.1 tcpdump-debuginfo-4.9.2-14.20.1 tcpdump-debugsource-4.9.2-14.20.1 - SUSE OpenStack Cloud 8 (x86_64): tcpdump-4.9.2-14.20.1 tcpdump-debuginfo-4.9.2-14.20.1 tcpdump-debugsource-4.9.2-14.20.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): tcpdump-4.9.2-14.20.1 tcpdump-debuginfo-4.9.2-14.20.1 tcpdump-debugsource-4.9.2-14.20.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): tcpdump-4.9.2-14.20.1 tcpdump-debuginfo-4.9.2-14.20.1 tcpdump-debugsource-4.9.2-14.20.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-14.20.1 tcpdump-debuginfo-4.9.2-14.20.1 tcpdump-debugsource-4.9.2-14.20.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-14.20.1 tcpdump-debuginfo-4.9.2-14.20.1 tcpdump-debugsource-4.9.2-14.20.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-14.20.1 tcpdump-debuginfo-4.9.2-14.20.1 tcpdump-debugsource-4.9.2-14.20.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): tcpdump-4.9.2-14.20.1 tcpdump-debuginfo-4.9.2-14.20.1 tcpdump-debugsource-4.9.2-14.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): tcpdump-4.9.2-14.20.1 tcpdump-debuginfo-4.9.2-14.20.1 tcpdump-debugsource-4.9.2-14.20.1 - HPE Helion Openstack 8 (x86_64): tcpdump-4.9.2-14.20.1 tcpdump-debuginfo-4.9.2-14.20.1 tcpdump-debugsource-4.9.2-14.20.1 References: https://www.suse.com/security/cve/CVE-2018-16301.html https://bugzilla.suse.com/1195825 From sle-updates at lists.suse.com Fri Feb 18 14:44:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:44:36 +0100 (CET) Subject: SUSE-RU-2022:0512-1: moderate: Recommended update for yast2-add-on Message-ID: <20220218144436.77493F371@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-add-on ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0512-1 Rating: moderate References: #1194851 #972046 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-add-on fixes the following issues: - Restore the repo unexpanded URL to get it properly saved in the /etc/zypp/repos.d file (bsc#972046, bsc#1194851). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-512=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-512=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-512=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-512=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-512=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-512=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-512=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-512=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-512=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-512=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-512=1 Package List: - SUSE Manager Server 4.1 (noarch): yast2-add-on-4.2.19-3.9.1 - SUSE Manager Retail Branch Server 4.1 (noarch): yast2-add-on-4.2.19-3.9.1 - SUSE Manager Proxy 4.1 (noarch): yast2-add-on-4.2.19-3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): yast2-add-on-4.2.19-3.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): yast2-add-on-4.2.19-3.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): yast2-add-on-4.2.19-3.9.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): yast2-add-on-4.2.19-3.9.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): yast2-add-on-4.2.19-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): yast2-add-on-4.2.19-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): yast2-add-on-4.2.19-3.9.1 - SUSE Enterprise Storage 7 (noarch): yast2-add-on-4.2.19-3.9.1 References: https://bugzilla.suse.com/1194851 https://bugzilla.suse.com/972046 From sle-updates at lists.suse.com Fri Feb 18 14:45:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:45:22 +0100 (CET) Subject: SUSE-RU-2022:0513-1: moderate: Recommended update for grub2 Message-ID: <20220218144522.BF164F371@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0513-1 Rating: moderate References: #1159205 #1190395 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix wrong default entry when booting snapshot (bsc#1159205). - Improve support for SLE Micro 5.1 on s390x (bsc#1190395). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-513=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-513=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-513=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): grub2-x86_64-xen-2.04-150300.22.12.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): grub2-arm64-efi-2.04-150300.22.12.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.04-150300.22.12.2 grub2-debuginfo-2.04-150300.22.12.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.04-150300.22.12.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): grub2-arm64-efi-2.04-150300.22.12.2 grub2-i386-pc-2.04-150300.22.12.2 grub2-powerpc-ieee1275-2.04-150300.22.12.2 grub2-snapper-plugin-2.04-150300.22.12.2 grub2-systemd-sleep-plugin-2.04-150300.22.12.2 grub2-x86_64-efi-2.04-150300.22.12.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): grub2-s390x-emu-2.04-150300.22.12.2 References: https://bugzilla.suse.com/1159205 https://bugzilla.suse.com/1190395 From sle-updates at lists.suse.com Fri Feb 18 14:47:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:47:16 +0100 (CET) Subject: SUSE-RU-2022:0515-1: moderate: Recommended update for yast2-add-on Message-ID: <20220218144716.EA99EF371@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-add-on ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0515-1 Rating: moderate References: #1194851 #972046 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-add-on fixes the following issues: - Restore the repo unexpanded URL to get it properly saved in the /etc/zypp/repos.d file (bsc#972046, bsc#1194851). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-515=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-515=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-515=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2022-515=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-515=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-515=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-515=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): yast2-add-on-4.1.16-3.16.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): yast2-add-on-4.1.16-3.16.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): yast2-add-on-4.1.16-3.16.1 - SUSE Linux Enterprise Installer 15-SP1 (noarch): yast2-add-on-4.1.16-3.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): yast2-add-on-4.1.16-3.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): yast2-add-on-4.1.16-3.16.1 - SUSE Enterprise Storage 6 (noarch): yast2-add-on-4.1.16-3.16.1 - SUSE CaaS Platform 4.0 (noarch): yast2-add-on-4.1.16-3.16.1 References: https://bugzilla.suse.com/1194851 https://bugzilla.suse.com/972046 From sle-updates at lists.suse.com Fri Feb 18 14:48:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:48:28 +0100 (CET) Subject: SUSE-RU-2022:0519-1: moderate: Recommended update for sysstat Message-ID: <20220218144829.017C5F371@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0519-1 Rating: moderate References: #1194679 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysstat fixes the following issues: - Fix possible segfault (bsc#1194679). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-519=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-519=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-519=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-519=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): sysstat-12.0.2-3.33.1 sysstat-debuginfo-12.0.2-3.33.1 sysstat-debugsource-12.0.2-3.33.1 sysstat-isag-12.0.2-3.33.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): sysstat-debuginfo-12.0.2-3.33.1 sysstat-debugsource-12.0.2-3.33.1 sysstat-isag-12.0.2-3.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-3.33.1 sysstat-debuginfo-12.0.2-3.33.1 sysstat-debugsource-12.0.2-3.33.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): sysstat-12.0.2-3.33.1 sysstat-debuginfo-12.0.2-3.33.1 sysstat-debugsource-12.0.2-3.33.1 References: https://bugzilla.suse.com/1194679 From sle-updates at lists.suse.com Fri Feb 18 14:50:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:50:07 +0100 (CET) Subject: SUSE-RU-2022:0520-1: moderate: Recommended update for rpm Message-ID: <20220218145007.905C5F371@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0520-1 Rating: moderate References: #1194968 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-520=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-520=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-520=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-520=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-520=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-520=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-520=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-150300.46.1 rpm-build-debuginfo-4.14.3-150300.46.1 rpm-debuginfo-4.14.3-150300.46.1 rpm-debugsource-4.14.3-150300.46.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-150300.46.1 rpm-build-debuginfo-4.14.3-150300.46.1 rpm-debuginfo-4.14.3-150300.46.1 rpm-debugsource-4.14.3-150300.46.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.3-150300.46.1 python2-rpm-4.14.3-150300.46.1 python2-rpm-debuginfo-4.14.3-150300.46.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): rpm-ndb-4.14.3-150300.46.1 rpm-ndb-debuginfo-4.14.3-150300.46.1 rpm-ndb-debugsource-4.14.3-150300.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-150300.46.1 rpm-build-debuginfo-4.14.3-150300.46.1 rpm-debuginfo-4.14.3-150300.46.1 rpm-debugsource-4.14.3-150300.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.3-150300.46.1 python3-rpm-4.14.3-150300.46.1 python3-rpm-debuginfo-4.14.3-150300.46.1 rpm-4.14.3-150300.46.1 rpm-debuginfo-4.14.3-150300.46.1 rpm-debugsource-4.14.3-150300.46.1 rpm-devel-4.14.3-150300.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): rpm-32bit-4.14.3-150300.46.1 rpm-32bit-debuginfo-4.14.3-150300.46.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python-rpm-debugsource-4.14.3-150300.46.1 python3-rpm-4.14.3-150300.46.1 python3-rpm-debuginfo-4.14.3-150300.46.1 rpm-4.14.3-150300.46.1 rpm-debuginfo-4.14.3-150300.46.1 rpm-debugsource-4.14.3-150300.46.1 References: https://bugzilla.suse.com/1194968 From sle-updates at lists.suse.com Fri Feb 18 14:50:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:50:57 +0100 (CET) Subject: SUSE-RU-2022:0522-1: moderate: Recommended update for fetchmail Message-ID: <20220218145057.CF600F371@maintenance.suse.de> SUSE Recommended Update: Recommended update for fetchmail ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0522-1 Rating: moderate References: #1193894 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fetchmail fixes the following issues: - Restore autoprobe functionality (bsc#1193894) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-522=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-522=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-522=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-522=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-522=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-522=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-522=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-522=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-522=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-522=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-522=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-522=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-522=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-522=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-522=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-522=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-522=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-522=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-522=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-522=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-522=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-522=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-522=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-522=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Manager Proxy 4.1 (x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 - SUSE CaaS Platform 4.0 (x86_64): fetchmail-6.4.22-20.26.1 fetchmail-debuginfo-6.4.22-20.26.1 fetchmail-debugsource-6.4.22-20.26.1 fetchmailconf-6.4.22-20.26.1 References: https://bugzilla.suse.com/1193894 From sle-updates at lists.suse.com Fri Feb 18 14:51:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:51:43 +0100 (CET) Subject: SUSE-RU-2022:0511-1: moderate: Recommended update for coreutils Message-ID: <20220218145143.6620DF371@maintenance.suse.de> SUSE Recommended Update: Recommended update for coreutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0511-1 Rating: moderate References: #1082318 #1189152 Affected Products: SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for coreutils fixes the following issues: - Add "fuse.portal" as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-511=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-511=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): coreutils-8.29-4.3.1 coreutils-debuginfo-8.29-4.3.1 coreutils-debugsource-8.29-4.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): coreutils-lang-8.29-4.3.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): coreutils-8.29-4.3.1 coreutils-debuginfo-8.29-4.3.1 coreutils-debugsource-8.29-4.3.1 References: https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1189152 From sle-updates at lists.suse.com Fri Feb 18 14:52:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:52:23 +0100 (CET) Subject: SUSE-RU-2022:0514-1: moderate: Recommended update for sysstat Message-ID: <20220218145223.20835F371@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0514-1 Rating: moderate References: #1194679 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysstat fixes the following issues: - Fix possible segfault (bsc#1194679). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-514=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-20.17.1 sysstat-debuginfo-12.0.2-20.17.1 sysstat-debugsource-12.0.2-20.17.1 sysstat-isag-12.0.2-20.17.1 References: https://bugzilla.suse.com/1194679 From sle-updates at lists.suse.com Fri Feb 18 14:53:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:53:05 +0100 (CET) Subject: SUSE-SU-2022:0493-1: important: Security update for clamav Message-ID: <20220218145305.6B6C1F371@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0493-1 Rating: important References: #1194731 Cross-References: CVE-2022-20698 CVSS scores: CVE-2022-20698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-493=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-493=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-493=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-493=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-493=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-493=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-493=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-493=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-493=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-493=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-493=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-493=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-493=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-493=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-493=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-493=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-493=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-493=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-493=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-493=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-493=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-493=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Manager Proxy 4.1 (x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 - SUSE CaaS Platform 4.0 (x86_64): clamav-0.103.5-3.35.1 clamav-debuginfo-0.103.5-3.35.1 clamav-debugsource-0.103.5-3.35.1 clamav-devel-0.103.5-3.35.1 libclamav9-0.103.5-3.35.1 libclamav9-debuginfo-0.103.5-3.35.1 libfreshclam2-0.103.5-3.35.1 libfreshclam2-debuginfo-0.103.5-3.35.1 References: https://www.suse.com/security/cve/CVE-2022-20698.html https://bugzilla.suse.com/1194731 From sle-updates at lists.suse.com Fri Feb 18 14:53:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:53:57 +0100 (CET) Subject: SUSE-SU-2022:0503-1: important: Security update for xerces-j2 Message-ID: <20220218145357.C9DA0F371@maintenance.suse.de> SUSE Security Update: Security update for xerces-j2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0503-1 Rating: important References: #1195108 Cross-References: CVE-2022-23437 CVSS scores: CVE-2022-23437 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-23437 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-503=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-503=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-503=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-503=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-503=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-503=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-503=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-503=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-503=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-503=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-503=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-503=1 Package List: - SUSE Manager Server 4.1 (noarch): xerces-j2-2.12.0-3.3.1 - SUSE Manager Retail Branch Server 4.1 (noarch): xerces-j2-2.12.0-3.3.1 - SUSE Manager Proxy 4.1 (noarch): xerces-j2-2.12.0-3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): xerces-j2-2.12.0-3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): xerces-j2-2.12.0-3.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): xerces-j2-2.12.0-3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): xerces-j2-2.12.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): xerces-j2-2.12.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): xerces-j2-2.12.0-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): xerces-j2-2.12.0-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): xerces-j2-2.12.0-3.3.1 - SUSE Enterprise Storage 7 (noarch): xerces-j2-2.12.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2022-23437.html https://bugzilla.suse.com/1195108 From sle-updates at lists.suse.com Fri Feb 18 14:54:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:54:40 +0100 (CET) Subject: SUSE-RU-2022:0521-1: moderate: Recommended update for coreutils Message-ID: <20220218145440.926E1F371@maintenance.suse.de> SUSE Recommended Update: Recommended update for coreutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0521-1 Rating: moderate References: #1190354 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for coreutils fixes the following issues: - Remove problematic special leaf optimization cases for XFS that can lead to du crashes. (bsc#1190354) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-521=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-521=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-521=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-521=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-521=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-521=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-521=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-521=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-521=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-521=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-521=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-521=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): coreutils-lang-8.25-13.13.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): coreutils-8.25-13.13.1 coreutils-debuginfo-8.25-13.13.1 coreutils-debugsource-8.25-13.13.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): coreutils-lang-8.25-13.13.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): coreutils-8.25-13.13.1 coreutils-debuginfo-8.25-13.13.1 coreutils-debugsource-8.25-13.13.1 - SUSE OpenStack Cloud 9 (noarch): coreutils-lang-8.25-13.13.1 - SUSE OpenStack Cloud 9 (x86_64): coreutils-8.25-13.13.1 coreutils-debuginfo-8.25-13.13.1 coreutils-debugsource-8.25-13.13.1 - SUSE OpenStack Cloud 8 (noarch): coreutils-lang-8.25-13.13.1 - SUSE OpenStack Cloud 8 (x86_64): coreutils-8.25-13.13.1 coreutils-debuginfo-8.25-13.13.1 coreutils-debugsource-8.25-13.13.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): coreutils-8.25-13.13.1 coreutils-debuginfo-8.25-13.13.1 coreutils-debugsource-8.25-13.13.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): coreutils-lang-8.25-13.13.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): coreutils-8.25-13.13.1 coreutils-debuginfo-8.25-13.13.1 coreutils-debugsource-8.25-13.13.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): coreutils-lang-8.25-13.13.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): coreutils-8.25-13.13.1 coreutils-debuginfo-8.25-13.13.1 coreutils-debugsource-8.25-13.13.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): coreutils-lang-8.25-13.13.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): coreutils-8.25-13.13.1 coreutils-debuginfo-8.25-13.13.1 coreutils-debugsource-8.25-13.13.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): coreutils-lang-8.25-13.13.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): coreutils-8.25-13.13.1 coreutils-debuginfo-8.25-13.13.1 coreutils-debugsource-8.25-13.13.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): coreutils-lang-8.25-13.13.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): coreutils-lang-8.25-13.13.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): coreutils-8.25-13.13.1 coreutils-debuginfo-8.25-13.13.1 coreutils-debugsource-8.25-13.13.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): coreutils-lang-8.25-13.13.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): coreutils-8.25-13.13.1 coreutils-debuginfo-8.25-13.13.1 coreutils-debugsource-8.25-13.13.1 - HPE Helion Openstack 8 (noarch): coreutils-lang-8.25-13.13.1 - HPE Helion Openstack 8 (x86_64): coreutils-8.25-13.13.1 coreutils-debuginfo-8.25-13.13.1 coreutils-debugsource-8.25-13.13.1 References: https://bugzilla.suse.com/1190354 From sle-updates at lists.suse.com Fri Feb 18 14:56:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:56:03 +0100 (CET) Subject: SUSE-RU-2022:0523-1: moderate: Recommended update for systemd Message-ID: <20220218145603.51864F371@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0523-1 Rating: moderate References: #1193759 #1193841 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce "none" for loop devices (bsc#1193759). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-523=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-523=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-523=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-523=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-523=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-523=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-523=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-523=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-523=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-523=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-523=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-523=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-523=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2022-523=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-523=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-523=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-523=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-523=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-523=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-523=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-523=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-523=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Manager Server 4.1 (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Manager Server 4.1 (noarch): systemd-bash-completion-234-24.105.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libsystemd0-234-24.105.1 libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Manager Retail Branch Server 4.1 (noarch): systemd-bash-completion-234-24.105.1 - SUSE Manager Proxy 4.1 (noarch): systemd-bash-completion-234-24.105.1 - SUSE Manager Proxy 4.1 (x86_64): libsystemd0-234-24.105.1 libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libsystemd0-234-24.105.1 libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libsystemd0-234-24.105.1 libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libsystemd0-234-24.105.1 libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libudev1-234-24.105.1 systemd-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): systemd-bash-completion-234-24.105.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Enterprise Storage 7 (noarch): systemd-bash-completion-234-24.105.1 - SUSE Enterprise Storage 7 (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libsystemd0-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 - SUSE Enterprise Storage 6 (x86_64): libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 - SUSE Enterprise Storage 6 (noarch): systemd-bash-completion-234-24.105.1 - SUSE CaaS Platform 4.0 (noarch): systemd-bash-completion-234-24.105.1 - SUSE CaaS Platform 4.0 (x86_64): libsystemd0-234-24.105.1 libsystemd0-32bit-234-24.105.1 libsystemd0-32bit-debuginfo-234-24.105.1 libsystemd0-debuginfo-234-24.105.1 libudev-devel-234-24.105.1 libudev1-234-24.105.1 libudev1-32bit-234-24.105.1 libudev1-32bit-debuginfo-234-24.105.1 libudev1-debuginfo-234-24.105.1 systemd-234-24.105.1 systemd-32bit-234-24.105.1 systemd-32bit-debuginfo-234-24.105.1 systemd-container-234-24.105.1 systemd-container-debuginfo-234-24.105.1 systemd-coredump-234-24.105.1 systemd-coredump-debuginfo-234-24.105.1 systemd-debuginfo-234-24.105.1 systemd-debugsource-234-24.105.1 systemd-devel-234-24.105.1 systemd-sysvinit-234-24.105.1 udev-234-24.105.1 udev-debuginfo-234-24.105.1 References: https://bugzilla.suse.com/1193759 https://bugzilla.suse.com/1193841 From sle-updates at lists.suse.com Fri Feb 18 14:56:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Feb 2022 15:56:53 +0100 (CET) Subject: SUSE-RU-2022:0517-1: moderate: Recommended update for openldap2 Message-ID: <20220218145653.41F1AF371@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0517-1 Rating: moderate References: #1193296 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openldap2 fixes the following issues: - Resolve double free in sssvlv overlay (bsc#1193296). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-517=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-517=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-517=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-517=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-517=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-517=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): openldap2-doc-2.4.41-22.5.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libldap-2_4-2-2.4.41-22.5.1 libldap-2_4-2-32bit-2.4.41-22.5.1 libldap-2_4-2-debuginfo-2.4.41-22.5.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.5.1 openldap2-2.4.41-22.5.1 openldap2-back-meta-2.4.41-22.5.1 openldap2-back-meta-debuginfo-2.4.41-22.5.1 openldap2-client-2.4.41-22.5.1 openldap2-client-debuginfo-2.4.41-22.5.1 openldap2-debuginfo-2.4.41-22.5.1 openldap2-debugsource-2.4.41-22.5.1 openldap2-ppolicy-check-password-1.2-22.5.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.5.1 - SUSE OpenStack Cloud 9 (noarch): openldap2-doc-2.4.41-22.5.1 - SUSE OpenStack Cloud 9 (x86_64): libldap-2_4-2-2.4.41-22.5.1 libldap-2_4-2-32bit-2.4.41-22.5.1 libldap-2_4-2-debuginfo-2.4.41-22.5.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.5.1 openldap2-2.4.41-22.5.1 openldap2-back-meta-2.4.41-22.5.1 openldap2-back-meta-debuginfo-2.4.41-22.5.1 openldap2-client-2.4.41-22.5.1 openldap2-client-debuginfo-2.4.41-22.5.1 openldap2-debuginfo-2.4.41-22.5.1 openldap2-debugsource-2.4.41-22.5.1 openldap2-ppolicy-check-password-1.2-22.5.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-22.5.1 openldap2-back-perl-debuginfo-2.4.41-22.5.1 openldap2-debuginfo-2.4.41-22.5.1 openldap2-debugsource-2.4.41-22.5.1 openldap2-devel-2.4.41-22.5.1 openldap2-devel-static-2.4.41-22.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libldap-2_4-2-2.4.41-22.5.1 libldap-2_4-2-debuginfo-2.4.41-22.5.1 openldap2-2.4.41-22.5.1 openldap2-back-meta-2.4.41-22.5.1 openldap2-back-meta-debuginfo-2.4.41-22.5.1 openldap2-client-2.4.41-22.5.1 openldap2-client-debuginfo-2.4.41-22.5.1 openldap2-debuginfo-2.4.41-22.5.1 openldap2-debugsource-2.4.41-22.5.1 openldap2-ppolicy-check-password-1.2-22.5.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libldap-2_4-2-32bit-2.4.41-22.5.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): openldap2-doc-2.4.41-22.5.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-22.5.1 libldap-2_4-2-debuginfo-2.4.41-22.5.1 openldap2-2.4.41-22.5.1 openldap2-back-meta-2.4.41-22.5.1 openldap2-back-meta-debuginfo-2.4.41-22.5.1 openldap2-client-2.4.41-22.5.1 openldap2-client-debuginfo-2.4.41-22.5.1 openldap2-debuginfo-2.4.41-22.5.1 openldap2-debugsource-2.4.41-22.5.1 openldap2-ppolicy-check-password-1.2-22.5.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.5.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-22.5.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.5.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): openldap2-doc-2.4.41-22.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-22.5.1 libldap-2_4-2-debuginfo-2.4.41-22.5.1 openldap2-2.4.41-22.5.1 openldap2-back-meta-2.4.41-22.5.1 openldap2-back-meta-debuginfo-2.4.41-22.5.1 openldap2-client-2.4.41-22.5.1 openldap2-client-debuginfo-2.4.41-22.5.1 openldap2-debuginfo-2.4.41-22.5.1 openldap2-debugsource-2.4.41-22.5.1 openldap2-ppolicy-check-password-1.2-22.5.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-22.5.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openldap2-doc-2.4.41-22.5.1 References: https://bugzilla.suse.com/1193296 From sle-updates at lists.suse.com Sat Feb 19 07:54:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Feb 2022 08:54:14 +0100 (CET) Subject: SUSE-CU-2022:180-1: Security update of suse/sles12sp3 Message-ID: <20220219075414.0C109F372@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:180-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.352 , suse/sles12sp3:latest Container Release : 24.352 Severity : important Type : security References : 1190354 1195054 1195217 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:495-1 Released: Fri Feb 18 10:40:22 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:521-1 Released: Fri Feb 18 12:46:15 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1190354 This update for coreutils fixes the following issues: - Remove problematic special leaf optimization cases for XFS that can lead to du crashes. (bsc#1190354) The following package changes have been done: - expat-2.1.0-21.15.1 updated - coreutils-8.25-13.13.1 updated - libexpat1-2.1.0-21.15.1 updated From sle-updates at lists.suse.com Sat Feb 19 08:10:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Feb 2022 09:10:05 +0100 (CET) Subject: SUSE-CU-2022:181-1: Security update of suse/sles12sp4 Message-ID: <20220219081005.843C1F372@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:181-1 Container Tags : suse/sles12sp4:26.412 , suse/sles12sp4:latest Container Release : 26.412 Severity : important Type : security References : 1190354 1193296 1195054 1195217 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:495-1 Released: Fri Feb 18 10:40:22 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:517-1 Released: Fri Feb 18 12:44:17 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1193296 This update for openldap2 fixes the following issues: - Resolve double free in sssvlv overlay (bsc#1193296). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:521-1 Released: Fri Feb 18 12:46:15 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1190354 This update for coreutils fixes the following issues: - Remove problematic special leaf optimization cases for XFS that can lead to du crashes. (bsc#1190354) The following package changes have been done: - base-container-licenses-3.0-1.267 updated - container-suseconnect-2.0.0-1.160 updated - coreutils-8.25-13.13.1 updated - libexpat1-2.1.0-21.15.1 updated - libldap-2_4-2-2.4.41-22.5.1 updated From sle-updates at lists.suse.com Sat Feb 19 08:34:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Feb 2022 09:34:22 +0100 (CET) Subject: SUSE-CU-2022:185-1: Recommended update of suse/sle15 Message-ID: <20220219083422.96ED7F373@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:185-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.513 Container Release : 4.22.513 Severity : moderate Type : recommended References : 1082318 1189152 1193759 1193841 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). The following package changes have been done: - coreutils-8.29-4.3.1 updated - libsystemd0-234-24.105.1 updated - libudev1-234-24.105.1 updated From sle-updates at lists.suse.com Sun Feb 20 07:51:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Feb 2022 08:51:45 +0100 (CET) Subject: SUSE-CU-2022:186-1: Security update of suse/sles12sp5 Message-ID: <20220220075145.89F1FF372@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:186-1 Container Tags : suse/sles12sp5:6.5.292 , suse/sles12sp5:latest Container Release : 6.5.292 Severity : important Type : security References : 1190354 1193296 1195054 1195217 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:495-1 Released: Fri Feb 18 10:40:22 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:517-1 Released: Fri Feb 18 12:44:17 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1193296 This update for openldap2 fixes the following issues: - Resolve double free in sssvlv overlay (bsc#1193296). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:521-1 Released: Fri Feb 18 12:46:15 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1190354 This update for coreutils fixes the following issues: - Remove problematic special leaf optimization cases for XFS that can lead to du crashes. (bsc#1190354) The following package changes have been done: - coreutils-8.25-13.13.1 updated - libexpat1-2.1.0-21.15.1 updated - libldap-2_4-2-2.4.41-22.5.1 updated From sle-updates at lists.suse.com Sun Feb 20 08:11:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Feb 2022 09:11:09 +0100 (CET) Subject: SUSE-CU-2022:187-1: Recommended update of suse/sle15 Message-ID: <20220220081109.A3601F372@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:187-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.568 Container Release : 6.2.568 Severity : moderate Type : recommended References : 1195326 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:473-1 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. The following package changes have been done: - libzypp-17.29.4-3.73.1 updated - zypper-1.14.51-3.52.1 updated From sle-updates at lists.suse.com Sun Feb 20 08:11:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Feb 2022 09:11:30 +0100 (CET) Subject: SUSE-CU-2022:189-1: Recommended update of suse/sle15 Message-ID: <20220220081130.349A0F372@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:189-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.570 Container Release : 6.2.570 Severity : moderate Type : recommended References : 1082318 1189152 1193759 1193841 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). The following package changes have been done: - coreutils-8.29-4.3.1 updated - libsystemd0-234-24.105.1 updated - libudev1-234-24.105.1 updated From sle-updates at lists.suse.com Sun Feb 20 08:25:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Feb 2022 09:25:53 +0100 (CET) Subject: SUSE-CU-2022:191-1: Recommended update of suse/sle15 Message-ID: <20220220082553.6E80DF372@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:191-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.89 Container Release : 9.5.89 Severity : moderate Type : recommended References : 1082318 1189152 1193759 1193841 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). The following package changes have been done: - coreutils-8.29-4.3.1 updated - libsystemd0-234-24.105.1 updated - libudev1-234-24.105.1 updated From sle-updates at lists.suse.com Sun Feb 20 08:34:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Feb 2022 09:34:10 +0100 (CET) Subject: SUSE-CU-2022:192-1: Recommended update of suse/sle15 Message-ID: <20220220083410.1C265F373@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:192-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.78 Container Release : 17.8.78 Severity : moderate Type : recommended References : 1194968 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) The following package changes have been done: - rpm-ndb-4.14.3-150300.46.1 updated From sle-updates at lists.suse.com Mon Feb 21 08:16:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 09:16:36 +0100 (CET) Subject: SUSE-RU-2022:0528-1: moderate: Recommended update for resource-agents Message-ID: <20220221081636.9C1A2F372@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0528-1 Rating: moderate References: SLE-23739 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for resource-agents fixes the following issues: - Provide a way to manage autofs mounts from within the HA Filesystem Resource Agent script. (jsc#SLE-23739) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-528=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ldirectord-4.8.0+git30.d0077df0-150300.8.20.1 resource-agents-4.8.0+git30.d0077df0-150300.8.20.1 resource-agents-debuginfo-4.8.0+git30.d0077df0-150300.8.20.1 resource-agents-debugsource-4.8.0+git30.d0077df0-150300.8.20.1 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): monitoring-plugins-metadata-4.8.0+git30.d0077df0-150300.8.20.1 References: From sle-updates at lists.suse.com Mon Feb 21 08:17:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 09:17:24 +0100 (CET) Subject: SUSE-SU-2022:0526-1: moderate: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container Message-ID: <20220221081724.6E3C1F372@maintenance.suse.de> SUSE Security Update: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0526-1 Rating: moderate References: Cross-References: CVE-2021-43565 CVSS scores: CVE-2021-43565 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: - Update to version 0.49.0 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v0.49.0 - Drop kubevirt-psp-caasp.yaml - Install curl and lsscsi (needed for testing) - Symlink UEFI firmware with AMD SEV support - Install tar package to enable kubectl cp ... - Make a "fixed appliance" for libguestfs - Explicitly install libguestfs{,-devel} and supermin Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-526=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64): kubevirt-manifests-0.49.0-150300.8.10.1 kubevirt-virtctl-0.49.0-150300.8.10.1 kubevirt-virtctl-debuginfo-0.49.0-150300.8.10.1 References: https://www.suse.com/security/cve/CVE-2021-43565.html From sle-updates at lists.suse.com Mon Feb 21 08:20:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 09:20:58 +0100 (CET) Subject: SUSE-RU-2022:0527-1: moderate: Recommended update for bcm43xx-firmware Message-ID: <20220221082058.430E7F372@maintenance.suse.de> SUSE Recommended Update: Recommended update for bcm43xx-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0527-1 Rating: moderate References: #1195451 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bcm43xx-firmware fixes the following issues: - Introduce firmware file for Raspberry Pi 400's bluetooth. (bsc#1195451) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-527=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): bcm43xx-firmware-20180314-150300.23.5.1 References: https://bugzilla.suse.com/1195451 From sle-updates at lists.suse.com Mon Feb 21 08:21:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 09:21:28 +0100 (CET) Subject: SUSE-SU-2022:0525-1: moderate: Security update for polkit Message-ID: <20220221082128.799FAF372@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0525-1 Rating: moderate References: #1195542 Cross-References: CVE-2021-4115 CVSS scores: CVE-2021-4115 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: - CVE-2021-4115: Fixed a denial of service via file descriptor leak (bsc#1195542). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-525=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-525=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-525=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-525=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libpolkit0-0.116-3.9.1 libpolkit0-debuginfo-0.116-3.9.1 polkit-0.116-3.9.1 polkit-debuginfo-0.116-3.9.1 polkit-debugsource-0.116-3.9.1 polkit-devel-0.116-3.9.1 polkit-devel-debuginfo-0.116-3.9.1 typelib-1_0-Polkit-1_0-0.116-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpolkit0-0.116-3.9.1 libpolkit0-debuginfo-0.116-3.9.1 polkit-0.116-3.9.1 polkit-debuginfo-0.116-3.9.1 polkit-debugsource-0.116-3.9.1 polkit-devel-0.116-3.9.1 polkit-devel-debuginfo-0.116-3.9.1 typelib-1_0-Polkit-1_0-0.116-3.9.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libpolkit0-0.116-3.9.1 libpolkit0-debuginfo-0.116-3.9.1 polkit-0.116-3.9.1 polkit-debuginfo-0.116-3.9.1 polkit-debugsource-0.116-3.9.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libpolkit0-0.116-3.9.1 libpolkit0-debuginfo-0.116-3.9.1 polkit-0.116-3.9.1 polkit-debuginfo-0.116-3.9.1 polkit-debugsource-0.116-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-4115.html https://bugzilla.suse.com/1195542 From sle-updates at lists.suse.com Mon Feb 21 08:22:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 09:22:33 +0100 (CET) Subject: SUSE-SU-2022:0524-1: moderate: Security update for polkit Message-ID: <20220221082233.47FEAF372@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0524-1 Rating: moderate References: #1195542 Cross-References: CVE-2021-4115 CVSS scores: CVE-2021-4115 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: - CVE-2021-4115: Fixed a denial of service via file descriptor leak (bsc#1195542). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-524=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-524=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-524=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libpolkit0-32bit-0.113-5.27.1 libpolkit0-debuginfo-32bit-0.113-5.27.1 polkit-debugsource-0.113-5.27.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): polkit-debuginfo-0.113-5.27.1 polkit-debugsource-0.113-5.27.1 polkit-devel-0.113-5.27.1 polkit-devel-debuginfo-0.113-5.27.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpolkit0-0.113-5.27.1 libpolkit0-debuginfo-0.113-5.27.1 polkit-0.113-5.27.1 polkit-debuginfo-0.113-5.27.1 polkit-debugsource-0.113-5.27.1 typelib-1_0-Polkit-1_0-0.113-5.27.1 References: https://www.suse.com/security/cve/CVE-2021-4115.html https://bugzilla.suse.com/1195542 From sle-updates at lists.suse.com Mon Feb 21 14:17:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 15:17:20 +0100 (CET) Subject: SUSE-SU-2022:0530-1: moderate: Security update for php74 Message-ID: <20220221141720.AA7FDF372@maintenance.suse.de> SUSE Security Update: Security update for php74 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0530-1 Rating: moderate References: #1038980 Cross-References: CVE-2017-8923 CVSS scores: CVE-2017-8923 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-8923 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php74 fixes the following issues: - CVE-2017-8923: Fixed denial of service (application crash) when using .= with a long string (zend_string_extend func in Zend/zend_string.h) (bsc#1038980). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-530=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-530=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php74-debuginfo-7.4.6-1.33.1 php74-debugsource-7.4.6-1.33.1 php74-devel-7.4.6-1.33.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php74-7.4.6-1.33.1 apache2-mod_php74-debuginfo-7.4.6-1.33.1 php74-7.4.6-1.33.1 php74-bcmath-7.4.6-1.33.1 php74-bcmath-debuginfo-7.4.6-1.33.1 php74-bz2-7.4.6-1.33.1 php74-bz2-debuginfo-7.4.6-1.33.1 php74-calendar-7.4.6-1.33.1 php74-calendar-debuginfo-7.4.6-1.33.1 php74-ctype-7.4.6-1.33.1 php74-ctype-debuginfo-7.4.6-1.33.1 php74-curl-7.4.6-1.33.1 php74-curl-debuginfo-7.4.6-1.33.1 php74-dba-7.4.6-1.33.1 php74-dba-debuginfo-7.4.6-1.33.1 php74-debuginfo-7.4.6-1.33.1 php74-debugsource-7.4.6-1.33.1 php74-dom-7.4.6-1.33.1 php74-dom-debuginfo-7.4.6-1.33.1 php74-enchant-7.4.6-1.33.1 php74-enchant-debuginfo-7.4.6-1.33.1 php74-exif-7.4.6-1.33.1 php74-exif-debuginfo-7.4.6-1.33.1 php74-fastcgi-7.4.6-1.33.1 php74-fastcgi-debuginfo-7.4.6-1.33.1 php74-fileinfo-7.4.6-1.33.1 php74-fileinfo-debuginfo-7.4.6-1.33.1 php74-fpm-7.4.6-1.33.1 php74-fpm-debuginfo-7.4.6-1.33.1 php74-ftp-7.4.6-1.33.1 php74-ftp-debuginfo-7.4.6-1.33.1 php74-gd-7.4.6-1.33.1 php74-gd-debuginfo-7.4.6-1.33.1 php74-gettext-7.4.6-1.33.1 php74-gettext-debuginfo-7.4.6-1.33.1 php74-gmp-7.4.6-1.33.1 php74-gmp-debuginfo-7.4.6-1.33.1 php74-iconv-7.4.6-1.33.1 php74-iconv-debuginfo-7.4.6-1.33.1 php74-intl-7.4.6-1.33.1 php74-intl-debuginfo-7.4.6-1.33.1 php74-json-7.4.6-1.33.1 php74-json-debuginfo-7.4.6-1.33.1 php74-ldap-7.4.6-1.33.1 php74-ldap-debuginfo-7.4.6-1.33.1 php74-mbstring-7.4.6-1.33.1 php74-mbstring-debuginfo-7.4.6-1.33.1 php74-mysql-7.4.6-1.33.1 php74-mysql-debuginfo-7.4.6-1.33.1 php74-odbc-7.4.6-1.33.1 php74-odbc-debuginfo-7.4.6-1.33.1 php74-opcache-7.4.6-1.33.1 php74-opcache-debuginfo-7.4.6-1.33.1 php74-openssl-7.4.6-1.33.1 php74-openssl-debuginfo-7.4.6-1.33.1 php74-pcntl-7.4.6-1.33.1 php74-pcntl-debuginfo-7.4.6-1.33.1 php74-pdo-7.4.6-1.33.1 php74-pdo-debuginfo-7.4.6-1.33.1 php74-pgsql-7.4.6-1.33.1 php74-pgsql-debuginfo-7.4.6-1.33.1 php74-phar-7.4.6-1.33.1 php74-phar-debuginfo-7.4.6-1.33.1 php74-posix-7.4.6-1.33.1 php74-posix-debuginfo-7.4.6-1.33.1 php74-readline-7.4.6-1.33.1 php74-readline-debuginfo-7.4.6-1.33.1 php74-shmop-7.4.6-1.33.1 php74-shmop-debuginfo-7.4.6-1.33.1 php74-snmp-7.4.6-1.33.1 php74-snmp-debuginfo-7.4.6-1.33.1 php74-soap-7.4.6-1.33.1 php74-soap-debuginfo-7.4.6-1.33.1 php74-sockets-7.4.6-1.33.1 php74-sockets-debuginfo-7.4.6-1.33.1 php74-sodium-7.4.6-1.33.1 php74-sodium-debuginfo-7.4.6-1.33.1 php74-sqlite-7.4.6-1.33.1 php74-sqlite-debuginfo-7.4.6-1.33.1 php74-sysvmsg-7.4.6-1.33.1 php74-sysvmsg-debuginfo-7.4.6-1.33.1 php74-sysvsem-7.4.6-1.33.1 php74-sysvsem-debuginfo-7.4.6-1.33.1 php74-sysvshm-7.4.6-1.33.1 php74-sysvshm-debuginfo-7.4.6-1.33.1 php74-tidy-7.4.6-1.33.1 php74-tidy-debuginfo-7.4.6-1.33.1 php74-tokenizer-7.4.6-1.33.1 php74-tokenizer-debuginfo-7.4.6-1.33.1 php74-xmlreader-7.4.6-1.33.1 php74-xmlreader-debuginfo-7.4.6-1.33.1 php74-xmlrpc-7.4.6-1.33.1 php74-xmlrpc-debuginfo-7.4.6-1.33.1 php74-xmlwriter-7.4.6-1.33.1 php74-xmlwriter-debuginfo-7.4.6-1.33.1 php74-xsl-7.4.6-1.33.1 php74-xsl-debuginfo-7.4.6-1.33.1 php74-zip-7.4.6-1.33.1 php74-zip-debuginfo-7.4.6-1.33.1 php74-zlib-7.4.6-1.33.1 php74-zlib-debuginfo-7.4.6-1.33.1 References: https://www.suse.com/security/cve/CVE-2017-8923.html https://bugzilla.suse.com/1038980 From sle-updates at lists.suse.com Mon Feb 21 14:17:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 15:17:50 +0100 (CET) Subject: SUSE-RU-2022:0532-1: moderate: Recommended update for resource-agents Message-ID: <20220221141750.3C935F372@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0532-1 Rating: moderate References: #1194502 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed an issue when resource agent prints warning regarding unproper error handling in cloud network issues. (bsc#1194502) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-532=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-4.60.1 resource-agents-4.3.0184.6ee15eb2-4.60.1 resource-agents-debuginfo-4.3.0184.6ee15eb2-4.60.1 resource-agents-debugsource-4.3.0184.6ee15eb2-4.60.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-4.60.1 References: https://bugzilla.suse.com/1194502 From sle-updates at lists.suse.com Mon Feb 21 14:18:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 15:18:20 +0100 (CET) Subject: SUSE-RU-2022:0535-1: moderate: Recommended update for libreoffice Message-ID: <20220221141820.EF75AF372@maintenance.suse.de> SUSE Recommended Update: Recommended update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0535-1 Rating: moderate References: #1183308 Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libreoffice fixes the following issue: - Performance improvements while loading a PPTX presentation that has a huge number of shapes in it. (bsc#1183308) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-535=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-535=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libreoffice-7.2.3.2-48.16.2 libreoffice-base-7.2.3.2-48.16.2 libreoffice-base-debuginfo-7.2.3.2-48.16.2 libreoffice-base-drivers-postgresql-7.2.3.2-48.16.2 libreoffice-base-drivers-postgresql-debuginfo-7.2.3.2-48.16.2 libreoffice-calc-7.2.3.2-48.16.2 libreoffice-calc-debuginfo-7.2.3.2-48.16.2 libreoffice-calc-extensions-7.2.3.2-48.16.2 libreoffice-debuginfo-7.2.3.2-48.16.2 libreoffice-debugsource-7.2.3.2-48.16.2 libreoffice-draw-7.2.3.2-48.16.2 libreoffice-draw-debuginfo-7.2.3.2-48.16.2 libreoffice-filters-optional-7.2.3.2-48.16.2 libreoffice-gnome-7.2.3.2-48.16.2 libreoffice-gnome-debuginfo-7.2.3.2-48.16.2 libreoffice-gtk3-7.2.3.2-48.16.2 libreoffice-gtk3-debuginfo-7.2.3.2-48.16.2 libreoffice-impress-7.2.3.2-48.16.2 libreoffice-impress-debuginfo-7.2.3.2-48.16.2 libreoffice-librelogo-7.2.3.2-48.16.2 libreoffice-mailmerge-7.2.3.2-48.16.2 libreoffice-math-7.2.3.2-48.16.2 libreoffice-math-debuginfo-7.2.3.2-48.16.2 libreoffice-officebean-7.2.3.2-48.16.2 libreoffice-officebean-debuginfo-7.2.3.2-48.16.2 libreoffice-pyuno-7.2.3.2-48.16.2 libreoffice-pyuno-debuginfo-7.2.3.2-48.16.2 libreoffice-writer-7.2.3.2-48.16.2 libreoffice-writer-debuginfo-7.2.3.2-48.16.2 libreoffice-writer-extensions-7.2.3.2-48.16.2 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): libreoffice-branding-upstream-7.2.3.2-48.16.2 libreoffice-icon-themes-7.2.3.2-48.16.2 libreoffice-l10n-af-7.2.3.2-48.16.2 libreoffice-l10n-ar-7.2.3.2-48.16.2 libreoffice-l10n-bg-7.2.3.2-48.16.2 libreoffice-l10n-ca-7.2.3.2-48.16.2 libreoffice-l10n-cs-7.2.3.2-48.16.2 libreoffice-l10n-da-7.2.3.2-48.16.2 libreoffice-l10n-de-7.2.3.2-48.16.2 libreoffice-l10n-en-7.2.3.2-48.16.2 libreoffice-l10n-es-7.2.3.2-48.16.2 libreoffice-l10n-fi-7.2.3.2-48.16.2 libreoffice-l10n-fr-7.2.3.2-48.16.2 libreoffice-l10n-gu-7.2.3.2-48.16.2 libreoffice-l10n-hi-7.2.3.2-48.16.2 libreoffice-l10n-hr-7.2.3.2-48.16.2 libreoffice-l10n-hu-7.2.3.2-48.16.2 libreoffice-l10n-it-7.2.3.2-48.16.2 libreoffice-l10n-ja-7.2.3.2-48.16.2 libreoffice-l10n-ko-7.2.3.2-48.16.2 libreoffice-l10n-lt-7.2.3.2-48.16.2 libreoffice-l10n-nb-7.2.3.2-48.16.2 libreoffice-l10n-nl-7.2.3.2-48.16.2 libreoffice-l10n-nn-7.2.3.2-48.16.2 libreoffice-l10n-pl-7.2.3.2-48.16.2 libreoffice-l10n-pt_BR-7.2.3.2-48.16.2 libreoffice-l10n-pt_PT-7.2.3.2-48.16.2 libreoffice-l10n-ro-7.2.3.2-48.16.2 libreoffice-l10n-ru-7.2.3.2-48.16.2 libreoffice-l10n-sk-7.2.3.2-48.16.2 libreoffice-l10n-sv-7.2.3.2-48.16.2 libreoffice-l10n-uk-7.2.3.2-48.16.2 libreoffice-l10n-xh-7.2.3.2-48.16.2 libreoffice-l10n-zh_CN-7.2.3.2-48.16.2 libreoffice-l10n-zh_TW-7.2.3.2-48.16.2 libreoffice-l10n-zu-7.2.3.2-48.16.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (x86_64): libreoffice-debuginfo-7.2.3.2-48.16.2 libreoffice-debugsource-7.2.3.2-48.16.2 libreoffice-sdk-7.2.3.2-48.16.2 libreoffice-sdk-debuginfo-7.2.3.2-48.16.2 References: https://bugzilla.suse.com/1183308 From sle-updates at lists.suse.com Mon Feb 21 14:20:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 15:20:04 +0100 (CET) Subject: SUSE-SU-2022:0531-1: important: Security update for nodejs12 Message-ID: <20220221142004.E8011F372@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0531-1 Rating: important References: #1191962 #1191963 #1192153 #1192154 #1192696 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVSS scores: CVE-2021-23343 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23343 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-32803 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32803 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-3807 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3918 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-531=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.10-1.42.2 nodejs12-debuginfo-12.22.10-1.42.2 nodejs12-debugsource-12.22.10-1.42.2 nodejs12-devel-12.22.10-1.42.2 npm12-12.22.10-1.42.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs12-docs-12.22.10-1.42.2 References: https://www.suse.com/security/cve/CVE-2021-23343.html https://www.suse.com/security/cve/CVE-2021-32803.html https://www.suse.com/security/cve/CVE-2021-32804.html https://www.suse.com/security/cve/CVE-2021-3807.html https://www.suse.com/security/cve/CVE-2021-3918.html https://bugzilla.suse.com/1191962 https://bugzilla.suse.com/1191963 https://bugzilla.suse.com/1192153 https://bugzilla.suse.com/1192154 https://bugzilla.suse.com/1192696 From sle-updates at lists.suse.com Mon Feb 21 14:20:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 15:20:59 +0100 (CET) Subject: SUSE-RU-2022:0533-1: moderate: Recommended update for python-kiwi Message-ID: <20220221142059.B4333F372@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0533-1 Rating: moderate References: #1180539 #1184128 #1184823 #1185287 #1185937 #1187460 #1187461 #1187515 #1192975 #1195229 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for python-kiwi fixes the following issues: This version upgrade includes several fixes: - Ensure backward compatibility on deprecated methods This commit ensures backward compatibility for deprecated config bash script utilities. (bsc#1195229) * Fixed regression in compression detection. (bsc#1192975) * index.rst: Change title (bsc#1189294#c2) * suggested in bsc#1189294#c2 for more clarity * change has been discussed with and approved by main author (Marcus S.) * Care for different snapper template locations. (bsc#1192940) * Do not force dracut into a compression setting * Fixed secure boot fallback setup Make sure MokManager gets copied. The name and location of the mok manager is distribution specific in the same way as the shim loader. Thus we need to apply a similar concept for looking it up. (bsc#1187515) * Allow creation of LUKS system with empty key To support cloud platforms better we should allow the creation of an initial(insecure) LUKS encrypted image with an empty passphrase/keyfile. (bsc#1187461, bsc#1187460) * Delete obsolete 'ddb.adapterType' patching When building a vmdk image with pvscsi as adapter type, kiwi implicitly changed the adapter_type from pvscsi to lsilogic because qemu only knows lsilogic. At the end kiwi patched the adapter type in the descriptor of the vmdk header back to pvscsi. That patching seems to be wrong according to information from users and VMware support. This commit deletes the descriptor patching and only leaves the pvscsi setting in the guest configuration(vmx). bsc#1180539) * Make dracut version check more robust The check_dracut_module_versions_compatible_to_kiwi() runtime check calls the package manager from the host and reads the package database from the image root. Doing this requires the package database in the image to be compatible with the package manager on the host. However this cannot be guarenteed and it is more robust to chroot into the image root and call the package manager from there. However, this change also comes with the cost that it's required to have a package manager available in the image root tree. Therefore along with the chroot based call, eventual exceptions from the call are now catched and leads to a debug message in the log file but will not lead the runtime check to fail. I consider the cases without a package database inside of the image to be less critical than the incompatibility issue between the host tooling and the package database in the image. (bsc#1185937) * Fixed setup of repository architecture Unfortunately the architecture reported by uname is not necessarily the same name as used in the repository metadata. Therefore it was not a good idea to set the architecture and manage the name via a mapping table. It also has turned out that repo arch names are distro specific which causes more complexity on an eventual mapping table. In the end this commit changes the way how the repository architecture is setup in a way that we only set the architecture if a name was explicitly specified such that the user keeps full control over it without any mapping magic included (bsc#1185287) * Do not apply default subcommand for derivate containers This commit does not apply the default subcommand for derivate containers. (bsc#1184823) * Added openssl to the core requires openssl is used in kiwi to construct a password hash if the plaintext password feature for user settings is used. (bsc#1184128) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-533=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-533=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-533=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-533=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): dracut-kiwi-lib-9.24.16-3.44.1 dracut-kiwi-live-9.24.16-3.44.1 dracut-kiwi-oem-dump-9.24.16-3.44.1 dracut-kiwi-oem-repart-9.24.16-3.44.1 dracut-kiwi-overlay-9.24.16-3.44.1 kiwi-man-pages-9.24.16-3.44.1 kiwi-pxeboot-9.24.16-3.44.1 kiwi-systemdeps-bootloaders-9.24.16-3.44.1 kiwi-systemdeps-core-9.24.16-3.44.1 kiwi-systemdeps-disk-images-9.24.16-3.44.1 kiwi-systemdeps-filesystems-9.24.16-3.44.1 kiwi-systemdeps-image-validation-9.24.16-3.44.1 kiwi-systemdeps-iso-media-9.24.16-3.44.1 kiwi-tools-9.24.16-3.44.1 kiwi-tools-debuginfo-9.24.16-3.44.1 python-kiwi-debugsource-9.24.16-3.44.1 python3-kiwi-9.24.16-3.44.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.24.16-3.44.1 dracut-kiwi-live-9.24.16-3.44.1 dracut-kiwi-oem-dump-9.24.16-3.44.1 dracut-kiwi-oem-repart-9.24.16-3.44.1 dracut-kiwi-overlay-9.24.16-3.44.1 kiwi-man-pages-9.24.16-3.44.1 kiwi-systemdeps-9.24.16-3.44.1 kiwi-systemdeps-bootloaders-9.24.16-3.44.1 kiwi-systemdeps-containers-9.24.16-3.44.1 kiwi-systemdeps-core-9.24.16-3.44.1 kiwi-systemdeps-disk-images-9.24.16-3.44.1 kiwi-systemdeps-filesystems-9.24.16-3.44.1 kiwi-systemdeps-image-validation-9.24.16-3.44.1 kiwi-systemdeps-iso-media-9.24.16-3.44.1 kiwi-tools-9.24.16-3.44.1 kiwi-tools-debuginfo-9.24.16-3.44.1 python-kiwi-debugsource-9.24.16-3.44.1 python3-kiwi-9.24.16-3.44.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): kiwi-pxeboot-9.24.16-3.44.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): dracut-kiwi-lib-9.24.16-3.44.1 dracut-kiwi-oem-repart-9.24.16-3.44.1 python-kiwi-debugsource-9.24.16-3.44.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): dracut-kiwi-lib-9.24.16-3.44.1 dracut-kiwi-oem-repart-9.24.16-3.44.1 python-kiwi-debugsource-9.24.16-3.44.1 References: https://bugzilla.suse.com/1180539 https://bugzilla.suse.com/1184128 https://bugzilla.suse.com/1184823 https://bugzilla.suse.com/1185287 https://bugzilla.suse.com/1185937 https://bugzilla.suse.com/1187460 https://bugzilla.suse.com/1187461 https://bugzilla.suse.com/1187515 https://bugzilla.suse.com/1192975 https://bugzilla.suse.com/1195229 From sle-updates at lists.suse.com Mon Feb 21 17:17:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 18:17:03 +0100 (CET) Subject: SUSE-RU-2022:0536-1: important: Recommended update for cloud-regionsrv-client Message-ID: <20220221171703.E3B4EF372@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0536-1 Rating: important References: #1182026 #1195414 #1195564 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.0.0 (bsc#1195414, bsc#1195564) - Refactor removes 'check_registration()' function in utils implementation - Only start the registration service for PAYG images - 'addon-azure' sub-package to version 1.0.1 - Follow up changes to (jsc#PCT-130, bsc#1182026) - Fix executable name for AHB service/timer - Update manpage for BYOS instance registration Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-536=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-536=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-10.0.0-52.66.1 cloud-regionsrv-client-addon-azure-1.0.1-52.66.1 cloud-regionsrv-client-generic-config-1.0.0-52.66.1 cloud-regionsrv-client-plugin-azure-1.0.1-52.66.1 cloud-regionsrv-client-plugin-ec2-1.0.2-52.66.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.66.1 References: https://bugzilla.suse.com/1182026 https://bugzilla.suse.com/1195414 https://bugzilla.suse.com/1195564 From sle-updates at lists.suse.com Mon Feb 21 17:18:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 18:18:14 +0100 (CET) Subject: SUSE-RU-2022:0537-1: Recommended update for yast2-dhcp-server Message-ID: <20220221171814.C79EFF372@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-dhcp-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0537-1 Rating: low References: Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for yast2-dhcp-server fixes the following issues: - Fix DNS zone creation by fixing a maintained DNS zone check. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-537=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-dhcp-server-4.3.2-150300.3.3.1 References: From sle-updates at lists.suse.com Mon Feb 21 17:19:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 18:19:27 +0100 (CET) Subject: SUSE-OU-2020:2291-2: Optional update for xmltooling Message-ID: <20220221171927.0BA84F372@maintenance.suse.de> SUSE Optional Update: Optional update for xmltooling ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2291-2 Rating: low References: #1172351 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for xmltooling doesn't fix any user visible bugs. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-538=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libxmltooling-devel-1.6.4-3.6.1 libxmltooling7-1.6.4-3.6.1 libxmltooling7-debuginfo-1.6.4-3.6.1 xmltooling-debugsource-1.6.4-3.6.1 xmltooling-schemas-1.6.4-3.6.1 References: https://bugzilla.suse.com/1172351 From sle-updates at lists.suse.com Mon Feb 21 17:20:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 18:20:00 +0100 (CET) Subject: SUSE-SU-2022:0542-1: important: Security update for xerces-j2 Message-ID: <20220221172000.F2D82F372@maintenance.suse.de> SUSE Security Update: Security update for xerces-j2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0542-1 Rating: important References: #1195108 Cross-References: CVE-2022-23437 CVSS scores: CVE-2022-23437 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-23437 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-542=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-542=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-542=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-542=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-542=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-542=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-542=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-542=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-542=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-542=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-542=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-542=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-542=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): xerces-j2-2.8.1-268.9.1 xerces-j2-xml-apis-2.8.1-268.9.1 xerces-j2-xml-resolver-2.8.1-268.9.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): xerces-j2-2.8.1-268.9.1 xerces-j2-xml-apis-2.8.1-268.9.1 xerces-j2-xml-resolver-2.8.1-268.9.1 - SUSE OpenStack Cloud 9 (noarch): xerces-j2-2.8.1-268.9.1 xerces-j2-xml-apis-2.8.1-268.9.1 xerces-j2-xml-resolver-2.8.1-268.9.1 - SUSE OpenStack Cloud 8 (noarch): xerces-j2-2.8.1-268.9.1 xerces-j2-xml-apis-2.8.1-268.9.1 xerces-j2-xml-resolver-2.8.1-268.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): xerces-j2-demo-2.8.1-268.9.1 xerces-j2-scripts-2.8.1-268.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): xerces-j2-2.8.1-268.9.1 xerces-j2-xml-apis-2.8.1-268.9.1 xerces-j2-xml-resolver-2.8.1-268.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): xerces-j2-2.8.1-268.9.1 xerces-j2-xml-apis-2.8.1-268.9.1 xerces-j2-xml-resolver-2.8.1-268.9.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): xerces-j2-2.8.1-268.9.1 xerces-j2-xml-apis-2.8.1-268.9.1 xerces-j2-xml-resolver-2.8.1-268.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): xerces-j2-2.8.1-268.9.1 xerces-j2-xml-apis-2.8.1-268.9.1 xerces-j2-xml-resolver-2.8.1-268.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): xerces-j2-2.8.1-268.9.1 xerces-j2-xml-apis-2.8.1-268.9.1 xerces-j2-xml-resolver-2.8.1-268.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): xerces-j2-2.8.1-268.9.1 xerces-j2-xml-apis-2.8.1-268.9.1 xerces-j2-xml-resolver-2.8.1-268.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): xerces-j2-2.8.1-268.9.1 xerces-j2-xml-apis-2.8.1-268.9.1 xerces-j2-xml-resolver-2.8.1-268.9.1 - HPE Helion Openstack 8 (noarch): xerces-j2-2.8.1-268.9.1 xerces-j2-xml-apis-2.8.1-268.9.1 xerces-j2-xml-resolver-2.8.1-268.9.1 References: https://www.suse.com/security/cve/CVE-2022-23437.html https://bugzilla.suse.com/1195108 From sle-updates at lists.suse.com Mon Feb 21 17:20:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 18:20:45 +0100 (CET) Subject: SUSE-SU-2022:0539-1: moderate: Security update for systemd Message-ID: <20220221172045.7BE0DF372@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0539-1 Rating: moderate References: #1191826 #1192637 #1194178 Cross-References: CVE-2021-3997 CVSS scores: CVE-2021-3997 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-539=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-539=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.39.1 libsystemd0-debuginfo-246.16-150300.7.39.1 libudev-devel-246.16-150300.7.39.1 libudev1-246.16-150300.7.39.1 libudev1-debuginfo-246.16-150300.7.39.1 systemd-246.16-150300.7.39.1 systemd-container-246.16-150300.7.39.1 systemd-container-debuginfo-246.16-150300.7.39.1 systemd-coredump-246.16-150300.7.39.1 systemd-coredump-debuginfo-246.16-150300.7.39.1 systemd-debuginfo-246.16-150300.7.39.1 systemd-debugsource-246.16-150300.7.39.1 systemd-devel-246.16-150300.7.39.1 systemd-doc-246.16-150300.7.39.1 systemd-journal-remote-246.16-150300.7.39.1 systemd-journal-remote-debuginfo-246.16-150300.7.39.1 systemd-sysvinit-246.16-150300.7.39.1 udev-246.16-150300.7.39.1 udev-debuginfo-246.16-150300.7.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libsystemd0-32bit-246.16-150300.7.39.1 libsystemd0-32bit-debuginfo-246.16-150300.7.39.1 libudev1-32bit-246.16-150300.7.39.1 libudev1-32bit-debuginfo-246.16-150300.7.39.1 systemd-32bit-246.16-150300.7.39.1 systemd-32bit-debuginfo-246.16-150300.7.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-lang-246.16-150300.7.39.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsystemd0-246.16-150300.7.39.1 libsystemd0-debuginfo-246.16-150300.7.39.1 libudev1-246.16-150300.7.39.1 libudev1-debuginfo-246.16-150300.7.39.1 systemd-246.16-150300.7.39.1 systemd-container-246.16-150300.7.39.1 systemd-container-debuginfo-246.16-150300.7.39.1 systemd-debuginfo-246.16-150300.7.39.1 systemd-debugsource-246.16-150300.7.39.1 systemd-journal-remote-246.16-150300.7.39.1 systemd-journal-remote-debuginfo-246.16-150300.7.39.1 systemd-sysvinit-246.16-150300.7.39.1 udev-246.16-150300.7.39.1 udev-debuginfo-246.16-150300.7.39.1 References: https://www.suse.com/security/cve/CVE-2021-3997.html https://bugzilla.suse.com/1191826 https://bugzilla.suse.com/1192637 https://bugzilla.suse.com/1194178 From sle-updates at lists.suse.com Mon Feb 21 17:21:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 18:21:42 +0100 (CET) Subject: SUSE-SU-2022:0543-1: critical: Security update for the Linux RT Kernel Message-ID: <20220221172142.0C9F0F373@maintenance.suse.de> SUSE Security Update: Security update for the Linux RT Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0543-1 Rating: critical References: #1154353 #1154488 #1156395 #1160634 #1176447 #1177599 #1183405 #1185377 #1187428 #1187723 #1188605 #1191881 #1193096 #1193506 #1193802 #1193861 #1193864 #1193867 #1194048 #1194227 #1194291 #1194880 #1195009 #1195065 #1195073 #1195183 #1195184 #1195254 #1195267 #1195293 #1195371 #1195476 #1195477 #1195478 #1195479 #1195480 #1195481 #1195482 Cross-References: CVE-2020-28097 CVE-2021-22600 CVE-2021-39648 CVE-2021-39657 CVE-2021-39685 CVE-2021-45095 CVE-2022-0286 CVE-2022-0330 CVE-2022-22942 CVSS scores: CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-39685 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0286 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0286 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Realtime 15-SP3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 29 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad "Not Charging" quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upper limit of processed events (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Bluetooth: refactor malicious adv data check (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/core: Always release restrack object (git-fixes) - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) - RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/siw: Release xarray entry (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: refactor ns->ctrl by request (git-fixes). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fix potential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: Add support for Brainboxes UC cards (git-fixes). - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-543=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-543=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.76.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.76.1 dlm-kmp-rt-5.3.18-150300.76.1 dlm-kmp-rt-debuginfo-5.3.18-150300.76.1 gfs2-kmp-rt-5.3.18-150300.76.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.76.1 kernel-rt-5.3.18-150300.76.1 kernel-rt-debuginfo-5.3.18-150300.76.1 kernel-rt-debugsource-5.3.18-150300.76.1 kernel-rt-devel-5.3.18-150300.76.1 kernel-rt-devel-debuginfo-5.3.18-150300.76.1 kernel-rt_debug-debuginfo-5.3.18-150300.76.1 kernel-rt_debug-debugsource-5.3.18-150300.76.1 kernel-rt_debug-devel-5.3.18-150300.76.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.76.1 kernel-syms-rt-5.3.18-150300.76.1 ocfs2-kmp-rt-5.3.18-150300.76.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.76.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-150300.76.1 kernel-source-rt-5.3.18-150300.76.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): kernel-rt-5.3.18-150300.76.1 kernel-rt-debuginfo-5.3.18-150300.76.1 kernel-rt-debugsource-5.3.18-150300.76.1 References: https://www.suse.com/security/cve/CVE-2020-28097.html https://www.suse.com/security/cve/CVE-2021-22600.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-39685.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2022-0286.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-22942.html https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154488 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1177599 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1187723 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1191881 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193506 https://bugzilla.suse.com/1193802 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194291 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1195009 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195073 https://bugzilla.suse.com/1195183 https://bugzilla.suse.com/1195184 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195267 https://bugzilla.suse.com/1195293 https://bugzilla.suse.com/1195371 https://bugzilla.suse.com/1195476 https://bugzilla.suse.com/1195477 https://bugzilla.suse.com/1195478 https://bugzilla.suse.com/1195479 https://bugzilla.suse.com/1195480 https://bugzilla.suse.com/1195481 https://bugzilla.suse.com/1195482 From sle-updates at lists.suse.com Mon Feb 21 17:26:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 18:26:38 +0100 (CET) Subject: SUSE-SU-2022:0540-1: moderate: Security update for ImageMagick Message-ID: <20220221172638.C7BA6F373@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0540-1 Rating: moderate References: #1195563 Cross-References: CVE-2022-0284 CVSS scores: CVE-2022-0284 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2022-0284: Fixed heap buffer overread in GetPixelAlpha() in MagickCore/pixel-accessor.h (bsc#1195563). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-540=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-540=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-540=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): ImageMagick-7.0.7.34-10.21.1 ImageMagick-config-7-SUSE-7.0.7.34-10.21.1 ImageMagick-config-7-upstream-7.0.7.34-10.21.1 ImageMagick-debuginfo-7.0.7.34-10.21.1 ImageMagick-debugsource-7.0.7.34-10.21.1 ImageMagick-devel-7.0.7.34-10.21.1 libMagick++-7_Q16HDRI4-7.0.7.34-10.21.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-10.21.1 libMagick++-devel-7.0.7.34-10.21.1 libMagickCore-7_Q16HDRI6-7.0.7.34-10.21.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-10.21.1 libMagickWand-7_Q16HDRI6-7.0.7.34-10.21.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-10.21.1 perl-PerlMagick-7.0.7.34-10.21.1 perl-PerlMagick-debuginfo-7.0.7.34-10.21.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-10.21.1 ImageMagick-debugsource-7.0.7.34-10.21.1 perl-PerlMagick-7.0.7.34-10.21.1 perl-PerlMagick-debuginfo-7.0.7.34-10.21.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-10.21.1 ImageMagick-config-7-SUSE-7.0.7.34-10.21.1 ImageMagick-config-7-upstream-7.0.7.34-10.21.1 ImageMagick-debuginfo-7.0.7.34-10.21.1 ImageMagick-debugsource-7.0.7.34-10.21.1 ImageMagick-devel-7.0.7.34-10.21.1 libMagick++-7_Q16HDRI4-7.0.7.34-10.21.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-10.21.1 libMagick++-devel-7.0.7.34-10.21.1 libMagickCore-7_Q16HDRI6-7.0.7.34-10.21.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-10.21.1 libMagickWand-7_Q16HDRI6-7.0.7.34-10.21.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-10.21.1 References: https://www.suse.com/security/cve/CVE-2022-0284.html https://bugzilla.suse.com/1195563 From sle-updates at lists.suse.com Mon Feb 21 17:27:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 18:27:16 +0100 (CET) Subject: SUSE-SU-2022:0544-1: critical: Security update for the Linux RT Kernel Message-ID: <20220221172716.E8479F373@maintenance.suse.de> SUSE Security Update: Security update for the Linux RT Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0544-1 Rating: critical References: #1177599 #1183405 #1185377 #1187428 #1188605 #1193096 #1193506 #1193861 #1193864 #1193867 #1194048 #1194227 #1194880 #1195009 #1195065 #1195184 #1195254 Cross-References: CVE-2021-22600 CVE-2021-39648 CVE-2021-39657 CVE-2021-45095 CVE-2022-0330 CVE-2022-22942 CVSS scores: CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 11 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2022-544=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-544=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-73.1 cluster-md-kmp-rt-debuginfo-5.3.18-73.1 dlm-kmp-rt-5.3.18-73.1 dlm-kmp-rt-debuginfo-5.3.18-73.1 gfs2-kmp-rt-5.3.18-73.1 gfs2-kmp-rt-debuginfo-5.3.18-73.1 kernel-rt-5.3.18-73.1 kernel-rt-debuginfo-5.3.18-73.1 kernel-rt-debugsource-5.3.18-73.1 kernel-rt-devel-5.3.18-73.1 kernel-rt-devel-debuginfo-5.3.18-73.1 kernel-rt_debug-5.3.18-73.1 kernel-rt_debug-debuginfo-5.3.18-73.1 kernel-rt_debug-debugsource-5.3.18-73.1 kernel-rt_debug-devel-5.3.18-73.1 kernel-rt_debug-devel-debuginfo-5.3.18-73.1 kernel-syms-rt-5.3.18-73.1 ocfs2-kmp-rt-5.3.18-73.1 ocfs2-kmp-rt-debuginfo-5.3.18-73.1 - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-73.1 kernel-source-rt-5.3.18-73.1 - SUSE Linux Enterprise Micro 5.0 (x86_64): kernel-rt-5.3.18-73.1 kernel-rt-debuginfo-5.3.18-73.1 kernel-rt-debugsource-5.3.18-73.1 References: https://www.suse.com/security/cve/CVE-2021-22600.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-22942.html https://bugzilla.suse.com/1177599 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193506 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1195009 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195184 https://bugzilla.suse.com/1195254 From sle-updates at lists.suse.com Mon Feb 21 17:29:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Feb 2022 18:29:36 +0100 (CET) Subject: SUSE-SU-2022:0541-1: important: Security update for ucode-intel Message-ID: <20220221172936.23D87F373@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0541-1 Rating: important References: #1192615 #1195779 #1195780 #1195781 Cross-References: CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120 CVSS scores: CVE-2021-0127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-0127 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-0145 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0145 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-0146 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0146 (SUSE): 7.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2021-33120 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-33120 (SUSE): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00532.html) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-541=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-541=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-541=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-541=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-541=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-541=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): ucode-intel-20220207-3.206.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): ucode-intel-20220207-3.206.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): ucode-intel-20220207-3.206.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): ucode-intel-20220207-3.206.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): ucode-intel-20220207-3.206.1 - SUSE Enterprise Storage 6 (x86_64): ucode-intel-20220207-3.206.1 - SUSE CaaS Platform 4.0 (x86_64): ucode-intel-20220207-3.206.1 References: https://www.suse.com/security/cve/CVE-2021-0127.html https://www.suse.com/security/cve/CVE-2021-0145.html https://www.suse.com/security/cve/CVE-2021-0146.html https://www.suse.com/security/cve/CVE-2021-33120.html https://bugzilla.suse.com/1192615 https://bugzilla.suse.com/1195779 https://bugzilla.suse.com/1195780 https://bugzilla.suse.com/1195781 From sle-updates at lists.suse.com Mon Feb 21 23:18:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Feb 2022 00:18:05 +0100 (CET) Subject: SUSE-RU-2022:0546-1: important: Recommended update for monitoring-plugins Message-ID: <20220221231805.064A3F372@maintenance.suse.de> SUSE Recommended Update: Recommended update for monitoring-plugins ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0546-1 Rating: important References: #1047218 #1114483 #1191011 SLE-23324 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update for monitoring-plugins fixes the following issues: the patch just reverts the problem, if you get more than 64K on stdout - recommend syslog for monitoring-plugins-log, as people probably want to analize logs generated by (r)syslog or journald check_snmp will segfaults at line 489 if number of lines returned by SNMPD is greater than number of defined thresholds - Remove unneeded build requirement on "syslog" - Remove unneeded BuildRequires on python-devel (bsc#1191011) - Call gettextize with --no-changelog to make package build reproducible (bsc#1047218) - Update to 2.3.1: Enhancements * check_curl: Add an option to verify the peer certificate and host using the system CA's Fixes * check_curl: fixed help, usage and errors for TLS 1.3 * check_curl: fixed a potential buffer overflow in url buffer * check_dns: split multiple IP addresses passed in one -a argument * check_curl: added string_statuscode function for printing HTTP/1.1 and HTTP/2 correctly * check_curl: fix crash if http header contains leading spaces * check_curl: display a specific human-readable error message where possible * check_pgsql: Using snprintf which honors the buffers size and guarantees null termination. * check_snmp: put the "c" (to mark a counter) after the perfdata value * check_http: Increase regexp limit * check_http: make -C obvious * check_curl: Increase regexp limit (to 1024 as in check_http) * check_curl: make -C obvious (from check_http) - Update to 2.3 (final): Enhancements * check_dns: allow 'expected address' (-a) to be specified in CIDR notation (IPv4 only). * check_dns: allow for IPv6 RDNS * check_dns: Accept CIDR * check_dns: allow unsorted addresses * check_dns: allow forcing complete match of all addresses * check_apt: add --only-critical switch * check_apt: add -l/--list option to print packages * check_file_age: add range checking * check_file_age: enable to test for maximum file size * check_apt: adding packages-warning option * check_load: Adding top consuming processes option * check_http: Adding Proxy-Authorization and extra headers * check_snmp: make calcualtion of timeout value in help output more clear * check_uptime: new plugin for checking uptime to see how long the system is running * check_curl: check_http replacement based on libcurl * check_http: Allow user to specify HTTP method after proxy CONNECT * check_http: Add new flag --show-body/-B to print body * check_cluster: Added data argument validation * check_icmp: Add IPv6 support * check_icmp: Automatically detect IP protocol * check_icmp: emit error if multiple protocol version * check_disk: add support to display inodes usage in perfdata * check_hpjd: Added -D option to disable warning on 'out of paper' * check_http: support the --show-body/-B flag when --expect is used * check_mysql: allow mariadbclient to be used * check_tcp: add --sni * check_dns: detect unreachable dns service in nslookup output Fixes * Fix regression where check_dhcp was rereading response in a tight loop * check_dns: fix error detection on sles nslookup * check_disk_smb: fix timeout issue * check_swap: repaired -n behaviour * check_icmp: Correctly set address_family on lookup * check_icmp: Do not overwrite -4,-6 on lookup * check_smtp: initializes n before it is used * check_dns: fix typo in parameter description * check_by_ssh: fix child process leak on timeouts * check_mysql: Allow sockets to be specified to -H * check_procs: improve command examples for 'at least' processes * check_disk: include -P switch in help * check_mailq: restore accidentially removed options - change version to 2.3~alpha.$date.$commit changes summarized * detect unreachable dns service in nslookup output * check_curl: host_name may be null * update test parameter according to check_http * check_curl: use CURLOPT_RESOLVE to fix connecting to the right ip * workaround for issue #1550 - better use "ping -4" instead of "ping" if supported * Use size_t instead of int when calling sysctl(3) * check_tcp: add --sni * Fix timeout_interval declarations * check_curl: NSS, parse more date formats from certificate (in -C cert check) * check_curl: more tolerant CN= parsing when checking certificates (hit on Centos 8) * setting no_body to TRUE when we have a HEAD request * some LIBCURL_VERSION checks around HTTP/2 feature * added --http-version option to check_curl to choose HTTP * improved curlhelp_parse_statusline to handle both HTTP/1.x and HTTP/2 * check_curl: updates embedded picohttpparser to newest git version * setting progname of check_curl plugin to check_curl (at least for now) * Allow mariadbclient to be used for check_mysql * fix maxfd being zero * include -P switch in help * check_swap: repaired "-n" behaviour * improve command examples for 'at least' processes * check_mysql: Allow sockets to be specified to -H * Adding packages-warning option to check_apt plugin * Adding print top consuming processes option to check_load * check_snmp: make calcualtion of timeout value in help output more clear * [check_disk] add support to display inodes usage in perfdata * check_by_ssh: fix child process leak on timeouts * check_icmp: Add IPv6 support * check_dns: fix typo in parameter description * Also support the --show-body/-B flag when --expect is used * check_dns: improve support for checking multiple addresses * check_hpjd: Added -D option to disable warning on 'out of paper' * check_icmp: Do not overwrite -4,-6 on lookup * check_icmp: emit error if multiple protocol version * check_icmp: move opts string into a variable * check_cluster.c: Added data argument validation. * check_icmp: Correctly set address_family on lookup * check_icmp: process protocol version args first * check_icmp: Add IPv6 support - drop explicit attr in filelist for check_host and check_rta_multi as they are symlinks to check_icmp - add new subpackage monitoring-plugins-uptime - include upstream fixes for check_swap - simply fix the plugin name in the comment - improve the output if the swap has zero size - use unknown exit code for help/version in plugins - updated context in - monitoring-plugins-mysql should also provide monitoring-plugins-mysql_query - Provide/Obsolete nagios-plugins in old version for better compatibility and to allow dist upgrade (bsc#1114483) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-546=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-546=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-546=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-546=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-546=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-546=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-546=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-546=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-546=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-546=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-546=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-546=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-546=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-546=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-546=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-546=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-546=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-546=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-546=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-546=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-546=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-546=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-546=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-546=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-546=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-546=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-546=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-546=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-546=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-546=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Manager Server 4.1 (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Manager Retail Branch Server 4.1 (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Manager Proxy 4.1 (x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Manager Proxy 4.1 (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): monitoring-plugins-2.3.1-3.9.2 monitoring-plugins-all-2.3.1-3.9.2 monitoring-plugins-breeze-2.3.1-3.9.2 monitoring-plugins-by_ssh-2.3.1-3.9.2 monitoring-plugins-by_ssh-debuginfo-2.3.1-3.9.2 monitoring-plugins-cluster-2.3.1-3.9.2 monitoring-plugins-cluster-debuginfo-2.3.1-3.9.2 monitoring-plugins-common-2.3.1-3.9.2 monitoring-plugins-common-debuginfo-2.3.1-3.9.2 monitoring-plugins-cups-2.3.1-3.9.2 monitoring-plugins-dbi-2.3.1-3.9.2 monitoring-plugins-dbi-debuginfo-2.3.1-3.9.2 monitoring-plugins-dbi-mysql-2.3.1-3.9.2 monitoring-plugins-dbi-pgsql-2.3.1-3.9.2 monitoring-plugins-dbi-sqlite3-2.3.1-3.9.2 monitoring-plugins-debuginfo-2.3.1-3.9.2 monitoring-plugins-debugsource-2.3.1-3.9.2 monitoring-plugins-dhcp-2.3.1-3.9.2 monitoring-plugins-dhcp-debuginfo-2.3.1-3.9.2 monitoring-plugins-dig-2.3.1-3.9.2 monitoring-plugins-dig-debuginfo-2.3.1-3.9.2 monitoring-plugins-disk-2.3.1-3.9.2 monitoring-plugins-disk-debuginfo-2.3.1-3.9.2 monitoring-plugins-disk_smb-2.3.1-3.9.2 monitoring-plugins-dns-2.3.1-3.9.2 monitoring-plugins-dns-debuginfo-2.3.1-3.9.2 monitoring-plugins-dummy-2.3.1-3.9.2 monitoring-plugins-dummy-debuginfo-2.3.1-3.9.2 monitoring-plugins-extras-2.3.1-3.9.2 monitoring-plugins-file_age-2.3.1-3.9.2 monitoring-plugins-flexlm-2.3.1-3.9.2 monitoring-plugins-hpjd-2.3.1-3.9.2 monitoring-plugins-hpjd-debuginfo-2.3.1-3.9.2 monitoring-plugins-icmp-2.3.1-3.9.2 monitoring-plugins-icmp-debuginfo-2.3.1-3.9.2 monitoring-plugins-ide_smart-2.3.1-3.9.2 monitoring-plugins-ide_smart-debuginfo-2.3.1-3.9.2 monitoring-plugins-ifoperstatus-2.3.1-3.9.2 monitoring-plugins-ifstatus-2.3.1-3.9.2 monitoring-plugins-ircd-2.3.1-3.9.2 monitoring-plugins-load-2.3.1-3.9.2 monitoring-plugins-load-debuginfo-2.3.1-3.9.2 monitoring-plugins-log-2.3.1-3.9.2 monitoring-plugins-mailq-2.3.1-3.9.2 monitoring-plugins-mrtg-2.3.1-3.9.2 monitoring-plugins-mrtg-debuginfo-2.3.1-3.9.2 monitoring-plugins-mrtgtraf-2.3.1-3.9.2 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-3.9.2 monitoring-plugins-nagios-2.3.1-3.9.2 monitoring-plugins-nagios-debuginfo-2.3.1-3.9.2 monitoring-plugins-nt-2.3.1-3.9.2 monitoring-plugins-nt-debuginfo-2.3.1-3.9.2 monitoring-plugins-ntp_peer-2.3.1-3.9.2 monitoring-plugins-ntp_peer-debuginfo-2.3.1-3.9.2 monitoring-plugins-ntp_time-2.3.1-3.9.2 monitoring-plugins-ntp_time-debuginfo-2.3.1-3.9.2 monitoring-plugins-nwstat-2.3.1-3.9.2 monitoring-plugins-nwstat-debuginfo-2.3.1-3.9.2 monitoring-plugins-oracle-2.3.1-3.9.2 monitoring-plugins-overcr-2.3.1-3.9.2 monitoring-plugins-overcr-debuginfo-2.3.1-3.9.2 monitoring-plugins-ping-2.3.1-3.9.2 monitoring-plugins-ping-debuginfo-2.3.1-3.9.2 monitoring-plugins-procs-2.3.1-3.9.2 monitoring-plugins-procs-debuginfo-2.3.1-3.9.2 monitoring-plugins-radius-2.3.1-3.9.2 monitoring-plugins-radius-debuginfo-2.3.1-3.9.2 monitoring-plugins-real-2.3.1-3.9.2 monitoring-plugins-real-debuginfo-2.3.1-3.9.2 monitoring-plugins-rpc-2.3.1-3.9.2 monitoring-plugins-smtp-2.3.1-3.9.2 monitoring-plugins-smtp-debuginfo-2.3.1-3.9.2 monitoring-plugins-snmp-2.3.1-3.9.2 monitoring-plugins-snmp-debuginfo-2.3.1-3.9.2 monitoring-plugins-ssh-2.3.1-3.9.2 monitoring-plugins-ssh-debuginfo-2.3.1-3.9.2 monitoring-plugins-swap-2.3.1-3.9.2 monitoring-plugins-swap-debuginfo-2.3.1-3.9.2 monitoring-plugins-time-2.3.1-3.9.2 monitoring-plugins-time-debuginfo-2.3.1-3.9.2 monitoring-plugins-ups-2.3.1-3.9.2 monitoring-plugins-ups-debuginfo-2.3.1-3.9.2 monitoring-plugins-users-2.3.1-3.9.2 monitoring-plugins-users-debuginfo-2.3.1-3.9.2 monitoring-plugins-wave-2.3.1-3.9.2 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le x86_64): monitoring-plugins-sensors-2.3.1-3.9.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): monitoring-plugins-debuginfo-2.3.1-3.9.2 monitoring-plugins-debugsource-2.3.1-3.9.2 monitoring-plugins-fping-2.3.1-3.9.2 monitoring-plugins-fping-debuginfo-2.3.1-3.9.2 monitoring-plugins-http-2.3.1-3.9.2 monitoring-plugins-http-debuginfo-2.3.1-3.9.2 monitoring-plugins-ldap-2.3.1-3.9.2 monitoring-plugins-ldap-debuginfo-2.3.1-3.9.2 monitoring-plugins-mysql-2.3.1-3.9.2 monitoring-plugins-mysql-debuginfo-2.3.1-3.9.2 monitoring-plugins-pgsql-2.3.1-3.9.2 monitoring-plugins-pgsql-debuginfo-2.3.1-3.9.2 monitoring-plugins-tcp-2.3.1-3.9.2 monitoring-plugins-tcp-debuginfo-2.3.1-3.9.2 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): monitoring-plugins-debuginfo-2.3.1-3.9.2 monitoring-plugins-debugsource-2.3.1-3.9.2 monitoring-plugins-fping-2.3.1-3.9.2 monitoring-plugins-fping-debuginfo-2.3.1-3.9.2 monitoring-plugins-http-2.3.1-3.9.2 monitoring-plugins-http-debuginfo-2.3.1-3.9.2 monitoring-plugins-ldap-2.3.1-3.9.2 monitoring-plugins-ldap-debuginfo-2.3.1-3.9.2 monitoring-plugins-mysql-2.3.1-3.9.2 monitoring-plugins-mysql-debuginfo-2.3.1-3.9.2 monitoring-plugins-pgsql-2.3.1-3.9.2 monitoring-plugins-pgsql-debuginfo-2.3.1-3.9.2 monitoring-plugins-tcp-2.3.1-3.9.2 monitoring-plugins-tcp-debuginfo-2.3.1-3.9.2 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): monitoring-plugins-debuginfo-2.3.1-3.9.2 monitoring-plugins-debugsource-2.3.1-3.9.2 monitoring-plugins-fping-2.3.1-3.9.2 monitoring-plugins-fping-debuginfo-2.3.1-3.9.2 monitoring-plugins-http-2.3.1-3.9.2 monitoring-plugins-http-debuginfo-2.3.1-3.9.2 monitoring-plugins-ldap-2.3.1-3.9.2 monitoring-plugins-ldap-debuginfo-2.3.1-3.9.2 monitoring-plugins-mysql-2.3.1-3.9.2 monitoring-plugins-mysql-debuginfo-2.3.1-3.9.2 monitoring-plugins-pgsql-2.3.1-3.9.2 monitoring-plugins-pgsql-debuginfo-2.3.1-3.9.2 monitoring-plugins-tcp-2.3.1-3.9.2 monitoring-plugins-tcp-debuginfo-2.3.1-3.9.2 - SUSE Linux Enterprise High Availability 15-SP2 (ppc64le): monitoring-plugins-2.3.1-3.9.2 monitoring-plugins-all-2.3.1-3.9.2 monitoring-plugins-breeze-2.3.1-3.9.2 monitoring-plugins-by_ssh-2.3.1-3.9.2 monitoring-plugins-by_ssh-debuginfo-2.3.1-3.9.2 monitoring-plugins-cluster-2.3.1-3.9.2 monitoring-plugins-cluster-debuginfo-2.3.1-3.9.2 monitoring-plugins-common-2.3.1-3.9.2 monitoring-plugins-common-debuginfo-2.3.1-3.9.2 monitoring-plugins-cups-2.3.1-3.9.2 monitoring-plugins-dhcp-2.3.1-3.9.2 monitoring-plugins-dhcp-debuginfo-2.3.1-3.9.2 monitoring-plugins-dig-2.3.1-3.9.2 monitoring-plugins-dig-debuginfo-2.3.1-3.9.2 monitoring-plugins-disk-2.3.1-3.9.2 monitoring-plugins-disk-debuginfo-2.3.1-3.9.2 monitoring-plugins-disk_smb-2.3.1-3.9.2 monitoring-plugins-dns-2.3.1-3.9.2 monitoring-plugins-dns-debuginfo-2.3.1-3.9.2 monitoring-plugins-dummy-2.3.1-3.9.2 monitoring-plugins-dummy-debuginfo-2.3.1-3.9.2 monitoring-plugins-extras-2.3.1-3.9.2 monitoring-plugins-file_age-2.3.1-3.9.2 monitoring-plugins-flexlm-2.3.1-3.9.2 monitoring-plugins-hpjd-2.3.1-3.9.2 monitoring-plugins-hpjd-debuginfo-2.3.1-3.9.2 monitoring-plugins-icmp-2.3.1-3.9.2 monitoring-plugins-icmp-debuginfo-2.3.1-3.9.2 monitoring-plugins-ide_smart-2.3.1-3.9.2 monitoring-plugins-ide_smart-debuginfo-2.3.1-3.9.2 monitoring-plugins-ircd-2.3.1-3.9.2 monitoring-plugins-load-2.3.1-3.9.2 monitoring-plugins-load-debuginfo-2.3.1-3.9.2 monitoring-plugins-log-2.3.1-3.9.2 monitoring-plugins-mailq-2.3.1-3.9.2 monitoring-plugins-mrtg-2.3.1-3.9.2 monitoring-plugins-mrtg-debuginfo-2.3.1-3.9.2 monitoring-plugins-mrtgtraf-2.3.1-3.9.2 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-3.9.2 monitoring-plugins-nt-2.3.1-3.9.2 monitoring-plugins-nt-debuginfo-2.3.1-3.9.2 monitoring-plugins-ntp_peer-2.3.1-3.9.2 monitoring-plugins-ntp_peer-debuginfo-2.3.1-3.9.2 monitoring-plugins-ntp_time-2.3.1-3.9.2 monitoring-plugins-ntp_time-debuginfo-2.3.1-3.9.2 monitoring-plugins-nwstat-2.3.1-3.9.2 monitoring-plugins-nwstat-debuginfo-2.3.1-3.9.2 monitoring-plugins-oracle-2.3.1-3.9.2 monitoring-plugins-overcr-2.3.1-3.9.2 monitoring-plugins-overcr-debuginfo-2.3.1-3.9.2 monitoring-plugins-ping-2.3.1-3.9.2 monitoring-plugins-ping-debuginfo-2.3.1-3.9.2 monitoring-plugins-procs-2.3.1-3.9.2 monitoring-plugins-procs-debuginfo-2.3.1-3.9.2 monitoring-plugins-radius-2.3.1-3.9.2 monitoring-plugins-radius-debuginfo-2.3.1-3.9.2 monitoring-plugins-real-2.3.1-3.9.2 monitoring-plugins-real-debuginfo-2.3.1-3.9.2 monitoring-plugins-rpc-2.3.1-3.9.2 monitoring-plugins-sensors-2.3.1-3.9.2 monitoring-plugins-smtp-2.3.1-3.9.2 monitoring-plugins-smtp-debuginfo-2.3.1-3.9.2 monitoring-plugins-snmp-2.3.1-3.9.2 monitoring-plugins-snmp-debuginfo-2.3.1-3.9.2 monitoring-plugins-ssh-2.3.1-3.9.2 monitoring-plugins-ssh-debuginfo-2.3.1-3.9.2 monitoring-plugins-swap-2.3.1-3.9.2 monitoring-plugins-swap-debuginfo-2.3.1-3.9.2 monitoring-plugins-time-2.3.1-3.9.2 monitoring-plugins-time-debuginfo-2.3.1-3.9.2 monitoring-plugins-ups-2.3.1-3.9.2 monitoring-plugins-ups-debuginfo-2.3.1-3.9.2 monitoring-plugins-users-2.3.1-3.9.2 monitoring-plugins-users-debuginfo-2.3.1-3.9.2 monitoring-plugins-wave-2.3.1-3.9.2 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): monitoring-plugins-debuginfo-2.3.1-3.9.2 monitoring-plugins-debugsource-2.3.1-3.9.2 monitoring-plugins-fping-2.3.1-3.9.2 monitoring-plugins-fping-debuginfo-2.3.1-3.9.2 monitoring-plugins-http-2.3.1-3.9.2 monitoring-plugins-http-debuginfo-2.3.1-3.9.2 monitoring-plugins-ldap-2.3.1-3.9.2 monitoring-plugins-ldap-debuginfo-2.3.1-3.9.2 monitoring-plugins-mysql-2.3.1-3.9.2 monitoring-plugins-mysql-debuginfo-2.3.1-3.9.2 monitoring-plugins-pgsql-2.3.1-3.9.2 monitoring-plugins-pgsql-debuginfo-2.3.1-3.9.2 monitoring-plugins-tcp-2.3.1-3.9.2 monitoring-plugins-tcp-debuginfo-2.3.1-3.9.2 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): monitoring-plugins-debuginfo-2.3.1-3.9.2 monitoring-plugins-debugsource-2.3.1-3.9.2 monitoring-plugins-fping-2.3.1-3.9.2 monitoring-plugins-fping-debuginfo-2.3.1-3.9.2 monitoring-plugins-http-2.3.1-3.9.2 monitoring-plugins-http-debuginfo-2.3.1-3.9.2 monitoring-plugins-ldap-2.3.1-3.9.2 monitoring-plugins-ldap-debuginfo-2.3.1-3.9.2 monitoring-plugins-mysql-2.3.1-3.9.2 monitoring-plugins-mysql-debuginfo-2.3.1-3.9.2 monitoring-plugins-pgsql-2.3.1-3.9.2 monitoring-plugins-pgsql-debuginfo-2.3.1-3.9.2 monitoring-plugins-tcp-2.3.1-3.9.2 monitoring-plugins-tcp-debuginfo-2.3.1-3.9.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Enterprise Storage 7 (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE Enterprise Storage 6 (noarch): perl-Net-SNMP-6.0.1-3.2.1 - SUSE CaaS Platform 4.0 (x86_64): freeradius-client-1.1.7-3.2.1 freeradius-client-debuginfo-1.1.7-3.2.1 freeradius-client-debugsource-1.1.7-3.2.1 freeradius-client-devel-1.1.7-3.2.1 freeradius-client-libs-1.1.7-3.2.1 freeradius-client-libs-debuginfo-1.1.7-3.2.1 perl-Crypt-DES-2.07-3.2.1 perl-Crypt-DES-debuginfo-2.07-3.2.1 perl-Crypt-DES-debugsource-2.07-3.2.1 perl-Crypt-Rijndael-1.13-3.2.1 perl-Crypt-Rijndael-debuginfo-1.13-3.2.1 perl-Crypt-Rijndael-debugsource-1.13-3.2.1 - SUSE CaaS Platform 4.0 (noarch): perl-Net-SNMP-6.0.1-3.2.1 References: https://bugzilla.suse.com/1047218 https://bugzilla.suse.com/1114483 https://bugzilla.suse.com/1191011 From sle-updates at lists.suse.com Mon Feb 21 23:19:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Feb 2022 00:19:25 +0100 (CET) Subject: SUSE-RU-2022:0545-1: moderate: Recommended update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer, libnbd, nbdkit Message-ID: <20220221231925.84EE2F372@maintenance.suse.de> SUSE Recommended Update: Recommended update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer, libnbd, nbdkit ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0545-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer, libnbd, nbdkit fixes the following issues: - Update to version 1.43.0 Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.43. 0 - Update to version 1.42.0 Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.42. 0 - Detect SLE15 SP4 build environment - Update to version 1.41.0 Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.41. 0 - Update to version 1.40.0 Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.40. 0 - Install util-linux package (provides blockdev) - Update to version 1.29.4: * Remove deprecated nbdkit-streaming-plugin * Added retry-request-filter, an alternative, more lightweight, filter with different trade-offs for nbdkit-retry-filter. * cc: Document how to create OCaml plugin scripts * cc: Add binding for .cleanup * docs: Document NBDKIT_VERSION_* macros Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-545=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64): containerized-data-importer-manifests-1.43.0-150300.8.6.3 References: From sle-updates at lists.suse.com Tue Feb 22 07:52:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Feb 2022 08:52:37 +0100 (CET) Subject: SUSE-CU-2022:195-1: Security update of suse/sle15 Message-ID: <20220222075237.9CF80F372@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:195-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.81 Container Release : 17.8.81 Severity : moderate Type : security References : 1191826 1192637 1194178 CVE-2021-3997 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) The following package changes have been done: - libsystemd0-246.16-150300.7.39.1 updated - libudev1-246.16-150300.7.39.1 updated From sle-updates at lists.suse.com Wed Feb 23 17:19:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Feb 2022 18:19:34 +0100 (CET) Subject: SUSE-RU-2022:0557-1: moderate: Recommended update for fence-agents Message-ID: <20220223171934.65BA7F373@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0557-1 Rating: moderate References: #1065966 #1185058 SLE-18202 SLE-18227 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Performance Computing 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes and contains two features can now be installed. Description: This update for fence-agents fixes the following issues: - Add upstream PR to aws-vpc-move-ip and apply required resource (jsc#SLE-18202) - ECO: Update fence-agents (jsc#SLE-18227) - Update all scripts to python3 (bsc#1065966) - fence_azure_arm: corrections to support Azure SDK greater then 15 - including backward compatibility (bsc#1185058) - Major upgrade changes:: * fence_kubevirt: new fence agent * configure: dont fail when --with-agents contains virt * fence_mpath: watchdog retries support * fencing: add multi plug support for reboot-action * fencing: fix issue with hardcoded help text length for metadata * fence_lindypdu: new fence agent * fence_openstack: code formatting fixes * Restore port metadata. * Update xml metadata. * Use standard logging. * fence_aws: add filter parameter to be able to limit which nodes are listed * virt: drop pm-fence plugin * virt: drop libvirt-qmf plugin * virt: drop null plugin * virt: drop fence_virtd non-modular build * virt: fix plugin installation regression on upgrades * build: temporary disable -Wcast-align for some agents * fence_virt: metadata fixes, implement manpage generation and metadata/delay/rng checks * virt: drop support for LSB init script * virt: collect docs in one location * spec: use python3 path for newer releases * fence_gce: support google-auth and oauthlib and fallback to deprecated libs when not available * fence_gce: Adds cloud-platform scope for bare metal API and optional proxy flags * fence_redfish: Add diag action * fence_vbox: updated metadata file * fence_vbox: do not flood host account with vboxmanage calls * fence_lpar: Make --managed a required option * fence_zvmip: fix shell-timeout when using new disable-timeout parameter * Adds service account authentication to GCE fence agent * fence_redfish: Fix typo in help. * fence_aws: add support for IMDSv2 * Try to detect directory for initscripts configuration * Add man pages to fence_virtd service file. * fence_virtd: Fix segfault in vl_get when no domains are found * fence_virt: don't report success for incorrect parameters * fence_virt: mcast: config: Warn when provided mcast addr is not used * fence-virt: Add vsock support * fence_virtd: Fix transposed arguments in startup message * fence_virtd: Cleanup: remove unused configuration options * fence_virtd: Implement hostlist for the cpg backend * fence_virtd: Cleanup config module * fence_virtd: cpg: Fail initialization if no hypervisor connections * fence_virtd: Make the libvirt backend survive libvirtd restarts * fence_virtd: Allow the cpg backend to survive libvirt failures * fence-virtd: Add cpg-virt backend plugin * fence_virtd: Remove checkpoint, replace it with a CPG only plugin * fence_virtd: Fix select logic in listener plugins * Document the fence_virtd -p command line flag * fence_virtd: Log an error when startup fails * Retry writes in the TCP, mcast, and serial listener plugins while sending a response to clients, on write issues. * Make the packet authentication code more resilient in the face of transient failures. * Disable the libvirt-qmf backend by default * Bump the versions of the libvirt and checkpoint plugins * fence-virtd: Enable TCP listener plugin by default * fence-virtd: Cleanup documentation of the TCP listener * fence_xvm/fence_virt: Add support for the validate-all status op * fence-virt: Add list-status command to man page and metadata * fence-virt: Log message to syslog in addition to stdout/stderr * fence-virt: Permit explicitly setting delay to 0 * fence-virt: Add 'list-status' operation for compat with other agents * Allow fence_virtd to run as non-root * Remove delay from the status, monitor and list functions * Resolves several problems in checkpoint plugin, making it functional. * Use event listener implementation from libvirt. * daemon_init: Removed PID check and update * fence-virt: client: Do not truncate VM domains in list output * client: fix "delay" parameter checking (copy-paste) * fence-virt: Fix broken restrictions on the port ranges * fence-virtd: Fix printing wrong system call in perror * fence-virtd: Allow multiple hypervisors for the libvirt backend * fence-virt: Fix small memory leak in the config module * fence-virt: Fix mismatched sizeof in memset call * fence-virt: Send complete hostlist info * fence-virt: Clarify the path option in serial mode * fence_virt/fence_xvm: Print status when invoked with -o status * fence-virt: Fix for missed libvirtd events * fence-virt: Fail properly if unable to bind the listener socket * Drop executable flag for man pages * fence_virtd: Return success if a domain exists but is already off. * fence_virt: Fix typo in fence_virt(8) man page * Improve fence_virt.conf man page description of 'hash' * Add a delay (-w) option. * Remove duplicated port struct entry * Add a TCP listener plugin for use with viosproxy * In serial mode, return failure if the other end closes the connection before we see SERIAL_MAGIC in the reply or timeout. * Update libvirt-qmf plugin and docs * Fix crash when we fail to read key file. * Fix erroneous man page XML * Add 'interface' directive to example.conf * Return proper error if we can't set up our socket. * Fix startup in systemd environments * Add systemd unit file and generation * Don't override user's pick for backend server module * Use libvirt as default in shipped config * Fix serial domain handling * Rename libvirt-qpid * Fix static analysis errors * Reword assignment to appease static analyzers * Add map_check on 'status' action * Don't reference out-of-scope temporary * Add libvirt-qmf support to the libvirt-qpid plugin * Convert libvirt-qpid plugin to QMFv2 * Fix incorrect return value on hash mismatch * Fix error getting status from libvirt-qpid plugin * Fix typo that broke multicast plugin * Make fence-virt requests endian clean * Fix input parsing to allow domain again * Provide 'domain' in metadata output for compatibility * High: Fix UUID lookups in checkpoint backend * Fix man page references: fence_virtd.conf and fence_virt.conf * Add 'list' operation for plugins; fix missing getopt line * Make configure.in actually disable plugins * Fix metadata output * Rename parameters to match other fencing agents * Fix fence_xvm man page to point to the right location * Return 2 for 'off' like other fencing agents * Reset flags before returning from connect_nb * Use nonblocking connect to vmchannel sockets * More parity with other fencing agents' parameters * Add basic daemon functions * Fix bug in path pruning support for serial plugin * Fix libvirt-qpid bugs found while testing * Fix segfault caused by invalid map pointer assignment * Add 'monitor' as an alias for 'status' * Add serial listener to configuration utility * Make serial/vmchannel module enabled by default * Add missing 'metadata' option to help text * Add metadata support to fence_xvm/fence_virt * Allow IPs to be members of groups * Allow use of static mappings w/ mcast listener * Enable VM Channel support in serial plugin * Mirror libvirt-qpid's settings in libvirt-qpid plugin * Enable a configurable host/port on libvirt-qpid plugin * Static map support and permissions reporting * Add capabilities to virt-serial * Note that serial support is experimental * Add vmchannel serial event interface * Add static map functions. * Better config query; multiple value/tag support * Add simple configuration mode * Add missing man pages * Allow setting config values to NULL to clear them * Sort plugins by type when printing them * Clean up some configuration plugin information * Hostlist functionality for libvirt, libvirt-qpid * Make fence_xvm compatibility mode enabled by default * Fix libvirt / mcast support for name_mode * Fix agent option parsing * Make uuids work with libvirt-qpid * Add 'help' to fence_virtd * Fix libvirt-qpid build * Make 'reboot' work * Initial checking of libvirt-qpid plugin * Make symlink/compatibilty mode disabled by default * Use immediate resolution of symbols * Use sysconfdir for /etc/fence_virt.conf * Fix package name and install locations * Make cluster mode plugin work * Enable 'on' operation for libvirt backend * Initial port to autoconf * Call generic history functions * Make history functions generic * Cleanups, add daemon support * Make all plugins dynamically loaded * Remove dummy serial prototypes * Make listeners plugins * Add name_mode to example.conf * Move VM naming scheme to top level of config * Add missing log.c, enable syslog wrapping * Drop duplicate fencing requests * Don't require specifying an interface in fence_virt.conf * Fix empty node parsing * Use the default port by default * Don't overwrite config files * Install modules, too * Add temporary 'make install' target * Make a default configuration file * Make mcast work with UUIDs * Add architecture overview description * Make multicast use config file * Integrate config file processing * Create server-side plugin architecture * Make libvirt a built-in plugin * serial: Make client work Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2022-557=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-4.17.10 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-4.17.10 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-4.17.10 References: https://bugzilla.suse.com/1065966 https://bugzilla.suse.com/1185058 From sle-updates at lists.suse.com Wed Feb 23 17:20:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Feb 2022 18:20:16 +0100 (CET) Subject: SUSE-SU-2022:0559-1: important: Security update for MozillaThunderbird Message-ID: <20220223172016.D296EF373@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0559-1 Rating: important References: #1195682 #1196072 Cross-References: CVE-2022-0566 CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.6.1 / MFSA 2022-07 (bsc#1196072) * CVE-2022-0566 (bmo#1753094) Crafted email could trigger an out-of-bounds write - Mozilla Thunderbird 91.6 / MFSA 2022-06 (bsc#1195682) * CVE-2022-22753 (bmo#1732435) Privilege Escalation to SYSTEM on Windows via Maintenance Service * CVE-2022-22754 (bmo#1750565) Extensions could have bypassed permission confirmation during update * CVE-2022-22756 (bmo#1317873) Drag and dropping an image could have resulted in the dropped object being an executable * CVE-2022-22759 (bmo#1739957) Sandboxed iframes could have executed script if the parent appended elements * CVE-2022-22760 (bmo#1740985, bmo#1748503) Cross-Origin responses could be distinguished between script and non-script content-types * CVE-2022-22761 (bmo#1745566) frame-ancestors Content Security Policy directive was not enforced for framed extension pages * CVE-2022-22763 (bmo#1740534) Script Execution during invalid object state * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545, bmo#1748210, bmo#1748279) Memory safety bugs fixed in Thunderbird 91.6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-559=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.6.1-8.54.1 MozillaThunderbird-debuginfo-91.6.1-8.54.1 MozillaThunderbird-debugsource-91.6.1-8.54.1 MozillaThunderbird-translations-common-91.6.1-8.54.1 MozillaThunderbird-translations-other-91.6.1-8.54.1 References: https://www.suse.com/security/cve/CVE-2022-0566.html https://www.suse.com/security/cve/CVE-2022-22753.html https://www.suse.com/security/cve/CVE-2022-22754.html https://www.suse.com/security/cve/CVE-2022-22756.html https://www.suse.com/security/cve/CVE-2022-22759.html https://www.suse.com/security/cve/CVE-2022-22760.html https://www.suse.com/security/cve/CVE-2022-22761.html https://www.suse.com/security/cve/CVE-2022-22763.html https://www.suse.com/security/cve/CVE-2022-22764.html https://bugzilla.suse.com/1195682 https://bugzilla.suse.com/1196072 From sle-updates at lists.suse.com Wed Feb 23 17:19:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Feb 2022 18:19:02 +0100 (CET) Subject: SUSE-SU-2022:14894-1: important: Security update for cyrus-sasl Message-ID: <20220223171902.F153CF373@maintenance.suse.de> SUSE Security Update: Security update for cyrus-sasl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14894-1 Rating: important References: #1196036 Cross-References: CVE-2022-24407 CVSS scores: CVE-2022-24407 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-cyrus-sasl-14894=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-cyrus-sasl-14894=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-cyrus-sasl-14894=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-cyrus-sasl-14894=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-cyrus-sasl-14894=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): cyrus-sasl-2.1.22-182.26.7.1 cyrus-sasl-crammd5-2.1.22-182.26.7.1 cyrus-sasl-digestmd5-2.1.22-182.26.7.1 cyrus-sasl-gssapi-2.1.22-182.26.7.1 cyrus-sasl-otp-2.1.22-182.26.7.1 cyrus-sasl-plain-2.1.22-182.26.7.1 cyrus-sasl-saslauthd-2.1.22-182.26.7.1 cyrus-sasl-sqlauxprop-2.1.22-182.26.7.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): cyrus-sasl-32bit-2.1.22-182.26.7.1 cyrus-sasl-crammd5-32bit-2.1.22-182.26.7.1 cyrus-sasl-digestmd5-32bit-2.1.22-182.26.7.1 cyrus-sasl-gssapi-32bit-2.1.22-182.26.7.1 cyrus-sasl-otp-32bit-2.1.22-182.26.7.1 cyrus-sasl-plain-32bit-2.1.22-182.26.7.1 cyrus-sasl-sqlauxprop-32bit-2.1.22-182.26.7.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): cyrus-sasl-openssl1-2.1.22-182.26.7.1 cyrus-sasl-openssl1-crammd5-2.1.22-182.26.7.1 cyrus-sasl-openssl1-digestmd5-2.1.22-182.26.7.1 cyrus-sasl-openssl1-gssapi-2.1.22-182.26.7.1 cyrus-sasl-openssl1-ntlm-2.1.22-182.26.7.1 cyrus-sasl-openssl1-otp-2.1.22-182.26.7.1 cyrus-sasl-openssl1-plain-2.1.22-182.26.7.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): cyrus-sasl-openssl1-32bit-2.1.22-182.26.7.1 cyrus-sasl-openssl1-crammd5-32bit-2.1.22-182.26.7.1 cyrus-sasl-openssl1-digestmd5-32bit-2.1.22-182.26.7.1 cyrus-sasl-openssl1-gssapi-32bit-2.1.22-182.26.7.1 cyrus-sasl-openssl1-otp-32bit-2.1.22-182.26.7.1 cyrus-sasl-openssl1-plain-32bit-2.1.22-182.26.7.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): cyrus-sasl-openssl1-crammd5-x86-2.1.22-182.26.7.1 cyrus-sasl-openssl1-digestmd5-x86-2.1.22-182.26.7.1 cyrus-sasl-openssl1-gssapi-x86-2.1.22-182.26.7.1 cyrus-sasl-openssl1-otp-x86-2.1.22-182.26.7.1 cyrus-sasl-openssl1-plain-x86-2.1.22-182.26.7.1 cyrus-sasl-openssl1-x86-2.1.22-182.26.7.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): cyrus-sasl-2.1.22-182.26.7.1 cyrus-sasl-crammd5-2.1.22-182.26.7.1 cyrus-sasl-digestmd5-2.1.22-182.26.7.1 cyrus-sasl-gssapi-2.1.22-182.26.7.1 cyrus-sasl-otp-2.1.22-182.26.7.1 cyrus-sasl-plain-2.1.22-182.26.7.1 cyrus-sasl-saslauthd-2.1.22-182.26.7.1 cyrus-sasl-sqlauxprop-2.1.22-182.26.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): cyrus-sasl-debuginfo-2.1.22-182.26.7.1 cyrus-sasl-debugsource-2.1.22-182.26.7.1 cyrus-sasl-saslauthd-debuginfo-2.1.22-182.26.7.1 cyrus-sasl-saslauthd-debugsource-2.1.22-182.26.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): cyrus-sasl-debuginfo-32bit-2.1.22-182.26.7.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): cyrus-sasl-debuginfo-2.1.22-182.26.7.1 cyrus-sasl-debugsource-2.1.22-182.26.7.1 cyrus-sasl-openssl1-debuginfo-2.1.22-182.26.7.1 cyrus-sasl-openssl1-debugsource-2.1.22-182.26.7.1 cyrus-sasl-saslauthd-debuginfo-2.1.22-182.26.7.1 cyrus-sasl-saslauthd-debugsource-2.1.22-182.26.7.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): cyrus-sasl-debuginfo-32bit-2.1.22-182.26.7.1 cyrus-sasl-openssl1-debuginfo-32bit-2.1.22-182.26.7.1 References: https://www.suse.com/security/cve/CVE-2022-24407.html https://bugzilla.suse.com/1196036 From sle-updates at lists.suse.com Tue Feb 22 17:16:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Feb 2022 18:16:57 +0100 (CET) Subject: SUSE-SU-2022:0552-1: critical: Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) Message-ID: <20220222171657.16C42F374@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0552-1 Rating: critical References: #1194460 #1194533 Cross-References: CVE-2021-4083 CVE-2021-4202 CVSS scores: CVE-2021-4083 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_150 fixes several issues. The following security issues were fixed: - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-549=1 SUSE-SLE-SAP-12-SP3-2022-550=1 SUSE-SLE-SAP-12-SP3-2022-551=1 SUSE-SLE-SAP-12-SP3-2022-552=1 SUSE-SLE-SAP-12-SP3-2022-553=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-549=1 SUSE-SLE-SERVER-12-SP3-2022-550=1 SUSE-SLE-SERVER-12-SP3-2022-551=1 SUSE-SLE-SERVER-12-SP3-2022-552=1 SUSE-SLE-SERVER-12-SP3-2022-553=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_138-default-15-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-15-2.2 kgraft-patch-4_4_180-94_141-default-14-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-14-2.2 kgraft-patch-4_4_180-94_144-default-11-2.2 kgraft-patch-4_4_180-94_144-default-debuginfo-11-2.2 kgraft-patch-4_4_180-94_147-default-8-2.2 kgraft-patch-4_4_180-94_147-default-debuginfo-8-2.2 kgraft-patch-4_4_180-94_150-default-4-2.2 kgraft-patch-4_4_180-94_150-default-debuginfo-4-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_138-default-15-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-15-2.2 kgraft-patch-4_4_180-94_141-default-14-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-14-2.2 kgraft-patch-4_4_180-94_144-default-11-2.2 kgraft-patch-4_4_180-94_144-default-debuginfo-11-2.2 kgraft-patch-4_4_180-94_147-default-8-2.2 kgraft-patch-4_4_180-94_147-default-debuginfo-8-2.2 kgraft-patch-4_4_180-94_150-default-4-2.2 kgraft-patch-4_4_180-94_150-default-debuginfo-4-2.2 References: https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4202.html https://bugzilla.suse.com/1194460 https://bugzilla.suse.com/1194533 From sle-updates at lists.suse.com Tue Feb 22 17:17:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Feb 2022 18:17:37 +0100 (CET) Subject: SUSE-RU-2022:0548-1: moderate: Recommended update for blog Message-ID: <20220222171737.E6606F374@maintenance.suse.de> SUSE Recommended Update: Recommended update for blog ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0548-1 Rating: moderate References: #1186506 #1191057 SLE-23234 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for blog fixes the following issues: - Update to version 2.26 * On s390/x and PPC64 gcc misses unused arg0 - Update to version 2.24 * Avoid install errror due missed directory - Update to version 2.22 * Avoid KillMode=none for newer systemd version as well as rework the systemd unit files of blog (bsc#1186506) - Move to /usr for UsrMerge (bsc#1191057) - Update to version 2.21 * Merge pull request #4 from samueldr/fix/makefile Fixup Makefile for better build system support * Silent new gcc compiler Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-548=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-548=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): blog-2.26-150300.4.3.1 blog-debuginfo-2.26-150300.4.3.1 blog-debugsource-2.26-150300.4.3.1 blog-devel-2.26-150300.4.3.1 blog-plymouth-2.26-150300.4.3.1 libblogger2-2.26-150300.4.3.1 libblogger2-debuginfo-2.26-150300.4.3.1 - SUSE Linux Enterprise Micro 5.1 (s390x): blog-2.26-150300.4.3.1 blog-debuginfo-2.26-150300.4.3.1 blog-debugsource-2.26-150300.4.3.1 libblogger2-2.26-150300.4.3.1 libblogger2-debuginfo-2.26-150300.4.3.1 References: https://bugzilla.suse.com/1186506 https://bugzilla.suse.com/1191057 From sle-updates at lists.suse.com Tue Feb 22 14:21:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Feb 2022 15:21:20 +0100 (CET) Subject: SUSE-RU-2022:0547-1: moderate: Recommended update for python-texttable Message-ID: <20220222142120.8B678F374@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-texttable ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0547-1 Rating: moderate References: SLE-22450 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update of python-texttable is delivering the package to the Containers module of s390x and ppc64le additionaly to the x86_64 module. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2022-547=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (noarch): python-texttable-0.8.3-6.2.1 References: From sle-updates at lists.suse.com Tue Feb 22 20:16:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Feb 2022 21:16:22 +0100 (CET) Subject: SUSE-SU-2022:0555-1: critical: Security update for the Linux RT Kernel Message-ID: <20220222201622.047CDF373@maintenance.suse.de> SUSE Security Update: Security update for the Linux RT Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0555-1 Rating: critical References: #1065729 #1071995 #1082555 #1163405 #1177599 #1183405 #1184209 #1185377 #1186207 #1186222 #1187428 #1187723 #1188605 #1190973 #1192729 #1193096 #1193234 #1193235 #1193242 #1193507 #1193660 #1193669 #1193727 #1193767 #1193861 #1193864 #1193867 #1193927 #1194001 #1194027 #1194048 #1194227 #1194302 #1194410 #1194493 #1194516 #1194529 #1194814 #1194880 #1194888 #1194965 #1194985 #1195065 #1195073 #1195254 #1195272 #1195612 Cross-References: CVE-2020-28097 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4083 CVE-2021-4135 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-44733 CVE-2021-45095 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 CVE-2022-22942 CVE-2022-24448 CVSS scores: CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-4083 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4149 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0322 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 31 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-24448: Fixed an issue inside fs/nfs/dir.c if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup (bnc#1195612). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new map's value in function nsim_bpf_map_alloc (bsc#1193927). The following non-security bugs were fixed: - KVM: remember position in kvm->vcpus array (bsc#1190973). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1190973). - SUNRPC: Add basic load balancing to the transport switch - kabi fix. (bnc#1192729). - SUNRPC: Add basic load balancing to the transport switch. (bnc#1192729) - SUNRPC: Fix initialisation of struct rpc_xprt_switch (bnc#1192729). - SUNRPC: Optimise transport balancing code (bnc#1192729). - SUNRPC: Replace division by multiplication in calculation of queue length (bnc#1192729). - SUNRPC: Skip zero-refcount transports (bnc#1192729). - USB: serial: option: add Telit FN990 compositions (git-fixes). - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195272). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - hv_netvsc: Set needed_headroom according to VF (bsc#1193507). - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190973). - kabi: mask new member "empty" of struct Qdisc (bsc#1183405). - kabi: revert drop of Qdisc::atomic_qlen (bsc#1183405). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - mm/hwpoison: do not lock page again when me_huge_page() successfully recovers (bsc#1194814). - mm/slab: Using proper atomic helper (bsc#1186222). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193507). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193507). - net/sched: annotate lockless accesses to qdisc->empty (bsc#1183405). - net/sched: fix race between deactivation and dequeue for NOLOCK qdisc (bsc#1183405). - net/sched: pfifo_fast: fix wrong dereference in pfifo_fast_enqueue (bsc#1183405). - net/sched: pfifo_fast: fix wrong dereference when qdisc is reset (bsc#1183405). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: caif: avoid using qdisc_qlen() (bsc#1183405). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: dev: introduce support for sch BYPASS for lockless qdisc (bsc#1183405). - net: mana: Add RX fencing (bsc#1193507). - net: mana: Add XDP support (bsc#1193507). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: Avoid using yield() in a busy waiting loop (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: add empty status flag for NOLOCK qdisc (bsc#1183405). - net: sched: always do stats accounting according to TCQ_F_CPUSTATS (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: prefer qdisc_is_empty() over direct qlen access (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sched: when clearing NOLOCK, clear TCQ_F_CPUSTATS, too (bsc#1183405). - net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nfs: do not dirty kernel pages read by direct-io (bsc#1194410). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: return BLK_STS_TRANSPORT unless DNR for NVME_SC_NS_NOT_READY (bsc#1163405). - of: Add cpu node iterator for_each_of_cpu_node() (bsc#1065729). - of: Add device_type access helper functions (bsc#1065729). - of: Fix cpu node iterator to not ignore disabled cpu nodes (bsc#1065729). - of: Fix property name in of_node_get_device_type (bsc#1065729). - of: add node name compare helper functions (bsc#1065729). - powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729). - powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729). - powerpc/pseries/cpuhp: cache node corrections (bsc#1065729). - powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729). - powerpc/pseries/mobility: ignore ibm, platform-facilities updates (bsc#1065729). - powerpc/traps: do not enable irqs in _exception (bsc#1065729). - powerpc: add interrupt_cond_local_irq_enable helper (bsc#1065729). - s390/cio: make ccw_device_dma_* more robust (bsc#1193242). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193234). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194965). - select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027). - tpm: Check for integer overflow in tpm2_map_response_body() (bsc#1082555). - tpm: add request_locality before write TPM_INT_ENABLE (bsc#1082555). - tpm: fix potential NULL pointer access in tpm_del_char_device (bsc#1184209 ltc#190917 git-fixes bsc#1193660 ltc#195634). - tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes). - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - usb: core: config: fix validation of wMaxPacketValue entries (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - virtio: write back F_VERSION_1 before validate (bsc#1193235). - x86/platform/uv: Add more to secondary CPU kdump info (bsc#1194493). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-555=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.78.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.78.1 dlm-kmp-rt-4.12.14-10.78.1 dlm-kmp-rt-debuginfo-4.12.14-10.78.1 gfs2-kmp-rt-4.12.14-10.78.1 gfs2-kmp-rt-debuginfo-4.12.14-10.78.1 kernel-rt-4.12.14-10.78.1 kernel-rt-base-4.12.14-10.78.1 kernel-rt-base-debuginfo-4.12.14-10.78.1 kernel-rt-debuginfo-4.12.14-10.78.1 kernel-rt-debugsource-4.12.14-10.78.1 kernel-rt-devel-4.12.14-10.78.1 kernel-rt-devel-debuginfo-4.12.14-10.78.1 kernel-rt_debug-4.12.14-10.78.1 kernel-rt_debug-debuginfo-4.12.14-10.78.1 kernel-rt_debug-debugsource-4.12.14-10.78.1 kernel-rt_debug-devel-4.12.14-10.78.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.78.1 kernel-syms-rt-4.12.14-10.78.1 ocfs2-kmp-rt-4.12.14-10.78.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.78.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.78.1 kernel-source-rt-4.12.14-10.78.1 References: https://www.suse.com/security/cve/CVE-2020-28097.html https://www.suse.com/security/cve/CVE-2021-3564.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4135.html https://www.suse.com/security/cve/CVE-2021-4149.html https://www.suse.com/security/cve/CVE-2021-4197.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2022-0322.html https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-0435.html https://www.suse.com/security/cve/CVE-2022-22942.html https://www.suse.com/security/cve/CVE-2022-24448.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1163405 https://bugzilla.suse.com/1177599 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1184209 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1186207 https://bugzilla.suse.com/1186222 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1187723 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1190973 https://bugzilla.suse.com/1192729 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193234 https://bugzilla.suse.com/1193235 https://bugzilla.suse.com/1193242 https://bugzilla.suse.com/1193507 https://bugzilla.suse.com/1193660 https://bugzilla.suse.com/1193669 https://bugzilla.suse.com/1193727 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1193927 https://bugzilla.suse.com/1194001 https://bugzilla.suse.com/1194027 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194302 https://bugzilla.suse.com/1194410 https://bugzilla.suse.com/1194493 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194529 https://bugzilla.suse.com/1194814 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1194888 https://bugzilla.suse.com/1194965 https://bugzilla.suse.com/1194985 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195073 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195272 https://bugzilla.suse.com/1195612 From sle-updates at lists.suse.com Thu Feb 24 08:01:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 09:01:21 +0100 (CET) Subject: SUSE-CU-2022:206-1: Security update of bci/golang Message-ID: <20220224080121.C57FFF372@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:206-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-10.12 Container Release : 10.12 Severity : moderate Type : security References : 1191826 1192637 1194178 1194265 1194968 CVE-2021-3997 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) The following package changes have been done: - libsasl2-3-2.1.27-150300.4.3.1 updated - libsystemd0-246.16-150300.7.39.1 updated - libudev1-246.16-150300.7.39.1 updated - openssl-1_1-1.1.1d-11.38.1 added - rpm-ndb-4.14.3-150300.46.1 updated - container:sles15-image-15.0.0-17.8.81 updated From sle-updates at lists.suse.com Thu Feb 24 08:03:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 09:03:02 +0100 (CET) Subject: SUSE-CU-2022:207-1: Security update of bci/golang Message-ID: <20220224080302.16158F372@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:207-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-9.11 , bci/golang:latest Container Release : 9.11 Severity : moderate Type : security References : 1191826 1192637 1194178 1194265 1194968 CVE-2021-3997 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) The following package changes have been done: - libsasl2-3-2.1.27-150300.4.3.1 updated - libsystemd0-246.16-150300.7.39.1 updated - libudev1-246.16-150300.7.39.1 updated - openssl-1_1-1.1.1d-11.38.1 added - rpm-ndb-4.14.3-150300.46.1 updated - container:sles15-image-15.0.0-17.8.81 updated From sle-updates at lists.suse.com Thu Feb 24 08:03:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 09:03:44 +0100 (CET) Subject: SUSE-CU-2022:208-1: Security update of bci/bci-init Message-ID: <20220224080344.11663F372@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:208-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.9.13 , bci/bci-init:latest Container Release : 9.13 Severity : important Type : security References : 1191826 1192637 1194178 1194265 1194968 1195054 1195217 CVE-2021-3997 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) The following package changes have been done: - libexpat1-2.2.5-3.12.1 updated - libsasl2-3-2.1.27-150300.4.3.1 updated - libsystemd0-246.16-150300.7.39.1 updated - libudev1-246.16-150300.7.39.1 updated - openssl-1_1-1.1.1d-11.38.1 added - rpm-ndb-4.14.3-150300.46.1 updated - systemd-246.16-150300.7.39.1 updated - udev-246.16-150300.7.39.1 updated - container:sles15-image-15.0.0-17.8.81 updated From sle-updates at lists.suse.com Thu Feb 24 08:04:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 09:04:25 +0100 (CET) Subject: SUSE-CU-2022:210-1: Recommended update of bci/bci-minimal Message-ID: <20220224080425.CE0A2F372@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:210-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.21.1 , bci/bci-minimal:latest Container Release : 21.1 Severity : moderate Type : recommended References : 1194968 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) The following package changes have been done: - rpm-ndb-4.14.3-150300.46.1 updated - container:micro-image-15.3.0-10.5 updated From sle-updates at lists.suse.com Thu Feb 24 08:05:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 09:05:18 +0100 (CET) Subject: SUSE-CU-2022:211-1: Security update of bci/nodejs Message-ID: <20220224080518.92CF8F372@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:211-1 Container Tags : bci/node:12 , bci/node:12-11.9 , bci/nodejs:12 , bci/nodejs:12-11.9 Container Release : 11.9 Severity : important Type : security References : 1191826 1192637 1194178 1194265 1194968 1195054 1195217 CVE-2021-3997 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) The following package changes have been done: - libexpat1-2.2.5-3.12.1 updated - libsasl2-3-2.1.27-150300.4.3.1 updated - libsystemd0-246.16-150300.7.39.1 updated - libudev1-246.16-150300.7.39.1 updated - openssl-1_1-1.1.1d-11.38.1 added - rpm-ndb-4.14.3-150300.46.1 updated - container:sles15-image-15.0.0-17.8.80 updated From sle-updates at lists.suse.com Thu Feb 24 08:06:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 09:06:13 +0100 (CET) Subject: SUSE-CU-2022:212-1: Security update of bci/nodejs Message-ID: <20220224080613.4F0D8F372@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:212-1 Container Tags : bci/node:14 , bci/node:14-14.1 , bci/nodejs:14 , bci/nodejs:14-14.1 Container Release : 14.1 Severity : important Type : security References : 1191826 1192637 1194178 1194265 1194968 1195054 1195217 CVE-2021-3997 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) The following package changes have been done: - libexpat1-2.2.5-3.12.1 updated - libsasl2-3-2.1.27-150300.4.3.1 updated - libsystemd0-246.16-150300.7.39.1 updated - libudev1-246.16-150300.7.39.1 updated - openssl-1_1-1.1.1d-11.38.1 added - rpm-ndb-4.14.3-150300.46.1 updated - container:sles15-image-15.0.0-17.8.81 updated From sle-updates at lists.suse.com Thu Feb 24 08:08:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 09:08:30 +0100 (CET) Subject: SUSE-CU-2022:214-1: Security update of bci/openjdk-devel Message-ID: <20220224080830.D21C6F372@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:214-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-12.21 , bci/openjdk-devel:latest Container Release : 12.21 Severity : important Type : security References : 1191826 1192637 1194178 1194265 1194968 1195054 1195217 CVE-2021-3997 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) The following package changes have been done: - libexpat1-2.2.5-3.12.1 updated - libsasl2-3-2.1.27-150300.4.3.1 updated - libsystemd0-246.16-150300.7.39.1 updated - libudev1-246.16-150300.7.39.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - container:openjdk-11-image-15.3.0-12.13 updated From sle-updates at lists.suse.com Thu Feb 24 08:10:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 09:10:23 +0100 (CET) Subject: SUSE-CU-2022:215-1: Security update of bci/openjdk Message-ID: <20220224081023.A92E9F372@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:215-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-12.13 , bci/openjdk:latest Container Release : 12.13 Severity : important Type : security References : 1191826 1192637 1194178 1194265 1194968 1195054 1195217 CVE-2021-3997 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) The following package changes have been done: - libexpat1-2.2.5-3.12.1 updated - libsasl2-3-2.1.27-150300.4.3.1 updated - libsystemd0-246.16-150300.7.39.1 updated - libudev1-246.16-150300.7.39.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - container:sles15-image-15.0.0-17.8.81 updated From sle-updates at lists.suse.com Thu Feb 24 08:11:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 09:11:19 +0100 (CET) Subject: SUSE-CU-2022:216-1: Security update of bci/python Message-ID: <20220224081119.77D97F372@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:216-1 Container Tags : bci/python:3.6 , bci/python:3.6-10.11 Container Release : 10.11 Severity : important Type : security References : 1191826 1192637 1194178 1194265 1194968 1195054 1195217 CVE-2021-3997 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) The following package changes have been done: - libexpat1-2.2.5-3.12.1 updated - libsasl2-3-2.1.27-150300.4.3.1 updated - libsystemd0-246.16-150300.7.39.1 updated - libudev1-246.16-150300.7.39.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - container:sles15-image-15.0.0-17.8.81 updated From sle-updates at lists.suse.com Thu Feb 24 08:12:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 09:12:14 +0100 (CET) Subject: SUSE-CU-2022:217-1: Security update of bci/python Message-ID: <20220224081214.A473DF372@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:217-1 Container Tags : bci/python:3.9 , bci/python:3.9-11.11 , bci/python:latest Container Release : 11.11 Severity : important Type : security References : 1191826 1192637 1194178 1194265 1194968 1195054 1195217 CVE-2021-3997 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) The following package changes have been done: - libexpat1-2.2.5-3.12.1 updated - libsasl2-3-2.1.27-150300.4.3.1 updated - libsystemd0-246.16-150300.7.39.1 updated - libudev1-246.16-150300.7.39.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - container:sles15-image-15.0.0-17.8.81 updated From sle-updates at lists.suse.com Thu Feb 24 08:14:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 09:14:14 +0100 (CET) Subject: SUSE-CU-2022:222-1: Security update of bci/ruby Message-ID: <20220224081414.3C333F372@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:222-1 Container Tags : bci/ruby:2.5 , bci/ruby:2.5-12.9 , bci/ruby:latest Container Release : 12.9 Severity : important Type : security References : 1191826 1192637 1194178 1194265 1194968 1195054 1195217 CVE-2021-3997 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) The following package changes have been done: - libexpat1-2.2.5-3.12.1 updated - libsasl2-3-2.1.27-150300.4.3.1 updated - libsystemd0-246.16-150300.7.39.1 updated - libudev1-246.16-150300.7.39.1 updated - openssl-1_1-1.1.1d-11.38.1 added - rpm-ndb-4.14.3-150300.46.1 updated - container:sles15-image-15.0.0-17.8.81 updated From sle-updates at lists.suse.com Thu Feb 24 11:21:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 12:21:21 +0100 (CET) Subject: SUSE-SU-2022:14896-1: important: Security update for MozillaFirefox Message-ID: <20220224112121.84A32F374@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14896-1 Rating: important References: #1195230 #1195682 Cross-References: CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14896=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-14896=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-91.6.0-78.162.2 MozillaFirefox-translations-common-91.6.0-78.162.2 MozillaFirefox-translations-other-91.6.0-78.162.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): MozillaFirefox-debuginfo-91.6.0-78.162.2 References: https://www.suse.com/security/cve/CVE-2022-22753.html https://www.suse.com/security/cve/CVE-2022-22754.html https://www.suse.com/security/cve/CVE-2022-22756.html https://www.suse.com/security/cve/CVE-2022-22759.html https://www.suse.com/security/cve/CVE-2022-22760.html https://www.suse.com/security/cve/CVE-2022-22761.html https://www.suse.com/security/cve/CVE-2022-22763.html https://www.suse.com/security/cve/CVE-2022-22764.html https://bugzilla.suse.com/1195230 https://bugzilla.suse.com/1195682 From sle-updates at lists.suse.com Thu Feb 24 11:22:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 12:22:16 +0100 (CET) Subject: SUSE-SU-2022:0565-1: important: Security update for MozillaFirefox Message-ID: <20220224112216.062A5F374@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0565-1 Rating: important References: #1195230 #1195682 Cross-References: CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-565=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-565=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-565=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-565=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-565=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-565=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-565=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-565=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-565=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-565=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-565=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-565=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-565=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-91.6.0-112.89.1 MozillaFirefox-debuginfo-91.6.0-112.89.1 MozillaFirefox-debugsource-91.6.0-112.89.1 MozillaFirefox-devel-91.6.0-112.89.1 MozillaFirefox-translations-common-91.6.0-112.89.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-91.6.0-112.89.1 MozillaFirefox-debuginfo-91.6.0-112.89.1 MozillaFirefox-debugsource-91.6.0-112.89.1 MozillaFirefox-devel-91.6.0-112.89.1 MozillaFirefox-translations-common-91.6.0-112.89.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-91.6.0-112.89.1 MozillaFirefox-debuginfo-91.6.0-112.89.1 MozillaFirefox-debugsource-91.6.0-112.89.1 MozillaFirefox-devel-91.6.0-112.89.1 MozillaFirefox-translations-common-91.6.0-112.89.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-91.6.0-112.89.1 MozillaFirefox-debuginfo-91.6.0-112.89.1 MozillaFirefox-debugsource-91.6.0-112.89.1 MozillaFirefox-devel-91.6.0-112.89.1 MozillaFirefox-translations-common-91.6.0-112.89.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-91.6.0-112.89.1 MozillaFirefox-debugsource-91.6.0-112.89.1 MozillaFirefox-devel-91.6.0-112.89.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-91.6.0-112.89.1 MozillaFirefox-debuginfo-91.6.0-112.89.1 MozillaFirefox-debugsource-91.6.0-112.89.1 MozillaFirefox-devel-91.6.0-112.89.1 MozillaFirefox-translations-common-91.6.0-112.89.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-91.6.0-112.89.1 MozillaFirefox-debuginfo-91.6.0-112.89.1 MozillaFirefox-debugsource-91.6.0-112.89.1 MozillaFirefox-devel-91.6.0-112.89.1 MozillaFirefox-translations-common-91.6.0-112.89.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.0-112.89.1 MozillaFirefox-debuginfo-91.6.0-112.89.1 MozillaFirefox-debugsource-91.6.0-112.89.1 MozillaFirefox-devel-91.6.0-112.89.1 MozillaFirefox-translations-common-91.6.0-112.89.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.0-112.89.1 MozillaFirefox-debuginfo-91.6.0-112.89.1 MozillaFirefox-debugsource-91.6.0-112.89.1 MozillaFirefox-devel-91.6.0-112.89.1 MozillaFirefox-translations-common-91.6.0-112.89.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.0-112.89.1 MozillaFirefox-debuginfo-91.6.0-112.89.1 MozillaFirefox-debugsource-91.6.0-112.89.1 MozillaFirefox-devel-91.6.0-112.89.1 MozillaFirefox-translations-common-91.6.0-112.89.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-91.6.0-112.89.1 MozillaFirefox-debuginfo-91.6.0-112.89.1 MozillaFirefox-debugsource-91.6.0-112.89.1 MozillaFirefox-devel-91.6.0-112.89.1 MozillaFirefox-translations-common-91.6.0-112.89.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-91.6.0-112.89.1 MozillaFirefox-debuginfo-91.6.0-112.89.1 MozillaFirefox-debugsource-91.6.0-112.89.1 MozillaFirefox-devel-91.6.0-112.89.1 MozillaFirefox-translations-common-91.6.0-112.89.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-91.6.0-112.89.1 MozillaFirefox-debuginfo-91.6.0-112.89.1 MozillaFirefox-debugsource-91.6.0-112.89.1 MozillaFirefox-devel-91.6.0-112.89.1 MozillaFirefox-translations-common-91.6.0-112.89.1 References: https://www.suse.com/security/cve/CVE-2022-22753.html https://www.suse.com/security/cve/CVE-2022-22754.html https://www.suse.com/security/cve/CVE-2022-22756.html https://www.suse.com/security/cve/CVE-2022-22759.html https://www.suse.com/security/cve/CVE-2022-22760.html https://www.suse.com/security/cve/CVE-2022-22761.html https://www.suse.com/security/cve/CVE-2022-22763.html https://www.suse.com/security/cve/CVE-2022-22764.html https://bugzilla.suse.com/1195230 https://bugzilla.suse.com/1195682 From sle-updates at lists.suse.com Thu Feb 24 11:23:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 12:23:09 +0100 (CET) Subject: SUSE-SU-2022:0562-1: moderate: Security update for jasper Message-ID: <20220224112309.E61F8F374@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0562-1 Rating: moderate References: #1188437 Cross-References: CVE-2021-27845 CVSS scores: CVE-2021-27845 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-27845 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jasper fixes the following issues: - CVE-2021-27845: Fixed divide-by-zery issue in cp_create() (bsc#1188437). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-562=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-562=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-562=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 References: https://www.suse.com/security/cve/CVE-2021-27845.html https://bugzilla.suse.com/1188437 From sle-updates at lists.suse.com Thu Feb 24 11:23:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 12:23:51 +0100 (CET) Subject: SUSE-SU-2022:0563-1: important: Security update for nodejs8 Message-ID: <20220224112351.E0773F374@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0563-1 Rating: important References: #1191962 #1191963 #1192153 #1192154 #1192696 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVSS scores: CVE-2021-23343 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23343 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-32803 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32803 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-3807 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3918 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs8 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-563=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-563=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-563=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-563=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-563=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-563=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-563=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-563=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-563=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-563=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): nodejs8-8.17.0-3.54.2 nodejs8-debuginfo-8.17.0-3.54.2 nodejs8-debugsource-8.17.0-3.54.2 nodejs8-devel-8.17.0-3.54.2 npm8-8.17.0-3.54.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): nodejs8-docs-8.17.0-3.54.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nodejs8-8.17.0-3.54.2 nodejs8-debuginfo-8.17.0-3.54.2 nodejs8-debugsource-8.17.0-3.54.2 nodejs8-devel-8.17.0-3.54.2 npm8-8.17.0-3.54.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs8-docs-8.17.0-3.54.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-3.54.2 nodejs8-debuginfo-8.17.0-3.54.2 nodejs8-debugsource-8.17.0-3.54.2 nodejs8-devel-8.17.0-3.54.2 npm8-8.17.0-3.54.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): nodejs8-docs-8.17.0-3.54.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): nodejs8-8.17.0-3.54.2 nodejs8-debuginfo-8.17.0-3.54.2 nodejs8-debugsource-8.17.0-3.54.2 nodejs8-devel-8.17.0-3.54.2 npm8-8.17.0-3.54.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): nodejs8-docs-8.17.0-3.54.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs8-8.17.0-3.54.2 nodejs8-debuginfo-8.17.0-3.54.2 nodejs8-debugsource-8.17.0-3.54.2 nodejs8-devel-8.17.0-3.54.2 npm8-8.17.0-3.54.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs8-docs-8.17.0-3.54.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): nodejs8-8.17.0-3.54.2 nodejs8-debuginfo-8.17.0-3.54.2 nodejs8-debugsource-8.17.0-3.54.2 nodejs8-devel-8.17.0-3.54.2 npm8-8.17.0-3.54.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): nodejs8-docs-8.17.0-3.54.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): nodejs8-8.17.0-3.54.2 nodejs8-debuginfo-8.17.0-3.54.2 nodejs8-debugsource-8.17.0-3.54.2 nodejs8-devel-8.17.0-3.54.2 npm8-8.17.0-3.54.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): nodejs8-docs-8.17.0-3.54.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs8-8.17.0-3.54.2 nodejs8-debuginfo-8.17.0-3.54.2 nodejs8-debugsource-8.17.0-3.54.2 nodejs8-devel-8.17.0-3.54.2 npm8-8.17.0-3.54.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs8-docs-8.17.0-3.54.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs8-8.17.0-3.54.2 nodejs8-debuginfo-8.17.0-3.54.2 nodejs8-debugsource-8.17.0-3.54.2 nodejs8-devel-8.17.0-3.54.2 npm8-8.17.0-3.54.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs8-docs-8.17.0-3.54.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): nodejs8-8.17.0-3.54.2 nodejs8-debuginfo-8.17.0-3.54.2 nodejs8-debugsource-8.17.0-3.54.2 nodejs8-devel-8.17.0-3.54.2 npm8-8.17.0-3.54.2 - SUSE Enterprise Storage 6 (noarch): nodejs8-docs-8.17.0-3.54.2 - SUSE CaaS Platform 4.0 (x86_64): nodejs8-8.17.0-3.54.2 nodejs8-debuginfo-8.17.0-3.54.2 nodejs8-debugsource-8.17.0-3.54.2 nodejs8-devel-8.17.0-3.54.2 npm8-8.17.0-3.54.2 - SUSE CaaS Platform 4.0 (noarch): nodejs8-docs-8.17.0-3.54.2 References: https://www.suse.com/security/cve/CVE-2021-23343.html https://www.suse.com/security/cve/CVE-2021-32803.html https://www.suse.com/security/cve/CVE-2021-32804.html https://www.suse.com/security/cve/CVE-2021-3807.html https://www.suse.com/security/cve/CVE-2021-3918.html https://bugzilla.suse.com/1191962 https://bugzilla.suse.com/1191963 https://bugzilla.suse.com/1192153 https://bugzilla.suse.com/1192154 https://bugzilla.suse.com/1192696 From sle-updates at lists.suse.com Thu Feb 24 11:24:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 12:24:59 +0100 (CET) Subject: SUSE-SU-2022:0561-1: moderate: Security update for jasper Message-ID: <20220224112459.55C03F374@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0561-1 Rating: moderate References: #1188437 Cross-References: CVE-2021-27845 CVSS scores: CVE-2021-27845 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-27845 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jasper fixes the following issues: - CVE-2021-27845: Fixed divide-by-zery issue in cp_create() (bsc#1188437). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-561=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-561=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.28.1 jasper-debugsource-1.900.14-195.28.1 libjasper-devel-1.900.14-195.28.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.28.1 jasper-debugsource-1.900.14-195.28.1 libjasper1-1.900.14-195.28.1 libjasper1-debuginfo-1.900.14-195.28.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libjasper1-32bit-1.900.14-195.28.1 libjasper1-debuginfo-32bit-1.900.14-195.28.1 References: https://www.suse.com/security/cve/CVE-2021-27845.html https://bugzilla.suse.com/1188437 From sle-updates at lists.suse.com Thu Feb 24 14:19:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 15:19:33 +0100 (CET) Subject: SUSE-RU-2022:0566-1: moderate: Recommended update for postgresql13 Message-ID: <20220224141933.072DEF373@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0566-1 Rating: moderate References: #1190740 #1195680 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postgresql13 fixes the following issues: - Upgrade to 14.2: (bsc#1195680) * https://www.postgresql.org/docs/14/release-14-2.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-566=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-566=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql14-debugsource-14.2-3.6.1 postgresql14-devel-14.2-3.6.1 postgresql14-devel-debuginfo-14.2-3.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql14-server-devel-14.2-3.6.1 postgresql14-server-devel-debuginfo-14.2-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libecpg6-14.2-3.6.1 libecpg6-debuginfo-14.2-3.6.1 libpq5-14.2-3.6.1 libpq5-debuginfo-14.2-3.6.1 postgresql14-14.2-3.6.1 postgresql14-contrib-14.2-3.6.1 postgresql14-contrib-debuginfo-14.2-3.6.1 postgresql14-debuginfo-14.2-3.6.1 postgresql14-debugsource-14.2-3.6.1 postgresql14-plperl-14.2-3.6.1 postgresql14-plperl-debuginfo-14.2-3.6.1 postgresql14-plpython-14.2-3.6.1 postgresql14-plpython-debuginfo-14.2-3.6.1 postgresql14-pltcl-14.2-3.6.1 postgresql14-pltcl-debuginfo-14.2-3.6.1 postgresql14-server-14.2-3.6.1 postgresql14-server-debuginfo-14.2-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpq5-32bit-14.2-3.6.1 libpq5-debuginfo-32bit-14.2-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql14-docs-14.2-3.6.1 References: https://bugzilla.suse.com/1190740 https://bugzilla.suse.com/1195680 From sle-updates at lists.suse.com Thu Feb 24 14:20:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 15:20:11 +0100 (CET) Subject: SUSE-RU-2022:0572-1: moderate: Recommended update for psmisc Message-ID: <20220224142011.CBEE7F373@maintenance.suse.de> SUSE Recommended Update: Recommended update for psmisc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0572-1 Rating: moderate References: #1194172 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for psmisc fixes the following issues: - Determine the namespace of a process only once to speed up the parsing of 'fdinfo'. (bsc#1194172) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-572=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-572=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-572=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-572=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): psmisc-lang-23.0-6.19.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): psmisc-23.0-6.19.1 psmisc-debuginfo-23.0-6.19.1 psmisc-debugsource-23.0-6.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): psmisc-23.0-6.19.1 psmisc-debuginfo-23.0-6.19.1 psmisc-debugsource-23.0-6.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): psmisc-lang-23.0-6.19.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): psmisc-23.0-6.19.1 psmisc-debuginfo-23.0-6.19.1 psmisc-debugsource-23.0-6.19.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): psmisc-23.0-6.19.1 psmisc-debuginfo-23.0-6.19.1 psmisc-debugsource-23.0-6.19.1 References: https://bugzilla.suse.com/1194172 From sle-updates at lists.suse.com Thu Feb 24 14:20:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 15:20:44 +0100 (CET) Subject: SUSE-RU-2022:0567-1: moderate: Recommended update for psmisc Message-ID: <20220224142044.1A929F373@maintenance.suse.de> SUSE Recommended Update: Recommended update for psmisc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0567-1 Rating: moderate References: #1194172 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for psmisc fixes the following issues: - Determine the namespace of a process only once to speed up the parsing of 'fdinfo'. (bsc#1194172) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-567=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): psmisc-22.21-6.22.1 psmisc-debuginfo-22.21-6.22.1 psmisc-debugsource-22.21-6.22.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): psmisc-lang-22.21-6.22.1 References: https://bugzilla.suse.com/1194172 From sle-updates at lists.suse.com Thu Feb 24 14:21:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 15:21:17 +0100 (CET) Subject: SUSE-SU-2022:0570-1: important: Security update for nodejs10 Message-ID: <20220224142117.91F90F373@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0570-1 Rating: important References: #1191962 #1191963 #1192153 #1192154 #1192696 #1194514 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVE-2022-21824 CVSS scores: CVE-2021-23343 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23343 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-32803 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32803 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-3807 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3918 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). - CVE-2022-21824: Fixed prototype pollution via console.table (bsc#1194514). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-570=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-1.46.1 nodejs10-debuginfo-10.24.1-1.46.1 nodejs10-debugsource-10.24.1-1.46.1 nodejs10-devel-10.24.1-1.46.1 npm10-10.24.1-1.46.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs10-docs-10.24.1-1.46.1 References: https://www.suse.com/security/cve/CVE-2021-23343.html https://www.suse.com/security/cve/CVE-2021-32803.html https://www.suse.com/security/cve/CVE-2021-32804.html https://www.suse.com/security/cve/CVE-2021-3807.html https://www.suse.com/security/cve/CVE-2021-3918.html https://www.suse.com/security/cve/CVE-2022-21824.html https://bugzilla.suse.com/1191962 https://bugzilla.suse.com/1191963 https://bugzilla.suse.com/1192153 https://bugzilla.suse.com/1192154 https://bugzilla.suse.com/1192696 https://bugzilla.suse.com/1194514 From sle-updates at lists.suse.com Thu Feb 24 14:22:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 15:22:57 +0100 (CET) Subject: SUSE-SU-2022:0569-1: important: Security update for nodejs14 Message-ID: <20220224142257.31711F373@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0569-1 Rating: important References: #1191962 #1191963 #1192153 #1192154 #1192696 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVSS scores: CVE-2021-23343 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23343 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-32803 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32803 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-3807 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3918 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-569=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.19.0-6.24.1 nodejs14-debuginfo-14.19.0-6.24.1 nodejs14-debugsource-14.19.0-6.24.1 nodejs14-devel-14.19.0-6.24.1 npm14-14.19.0-6.24.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.19.0-6.24.1 References: https://www.suse.com/security/cve/CVE-2021-23343.html https://www.suse.com/security/cve/CVE-2021-32803.html https://www.suse.com/security/cve/CVE-2021-32804.html https://www.suse.com/security/cve/CVE-2021-3807.html https://www.suse.com/security/cve/CVE-2021-3918.html https://bugzilla.suse.com/1191962 https://bugzilla.suse.com/1191963 https://bugzilla.suse.com/1192153 https://bugzilla.suse.com/1192154 https://bugzilla.suse.com/1192696 From sle-updates at lists.suse.com Thu Feb 24 20:17:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Feb 2022 21:17:42 +0100 (CET) Subject: SUSE-RU-2022:0573-1: moderate: Recommended update for postgresql12 Message-ID: <20220224201742.3A239F372@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0573-1 Rating: moderate References: #1190740 #1195680 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postgresql12 fixes the following issues: - Upgrade to 12.10: (bsc#1195680) * https://www.postgresql.org/docs/12/release-12-10.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-573=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-573=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-debugsource-12.10-3.24.1 postgresql12-devel-12.10-3.24.1 postgresql12-devel-debuginfo-12.10-3.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql12-server-devel-12.10-3.24.1 postgresql12-server-devel-debuginfo-12.10-3.24.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-12.10-3.24.1 postgresql12-contrib-12.10-3.24.1 postgresql12-contrib-debuginfo-12.10-3.24.1 postgresql12-debuginfo-12.10-3.24.1 postgresql12-debugsource-12.10-3.24.1 postgresql12-plperl-12.10-3.24.1 postgresql12-plperl-debuginfo-12.10-3.24.1 postgresql12-plpython-12.10-3.24.1 postgresql12-plpython-debuginfo-12.10-3.24.1 postgresql12-pltcl-12.10-3.24.1 postgresql12-pltcl-debuginfo-12.10-3.24.1 postgresql12-server-12.10-3.24.1 postgresql12-server-debuginfo-12.10-3.24.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql12-docs-12.10-3.24.1 References: https://bugzilla.suse.com/1190740 https://bugzilla.suse.com/1195680 From sle-updates at lists.suse.com Fri Feb 25 20:18:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Feb 2022 21:18:47 +0100 (CET) Subject: SUSE-SU-2022:0575-1: important: Security update for ucode-intel Message-ID: <20220225201847.E099BF375@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0575-1 Rating: important References: #1192615 #1195779 #1195780 #1195781 Cross-References: CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120 CVSS scores: CVE-2021-0127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-0127 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-0145 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0145 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-0146 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0146 (SUSE): 7.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2021-33120 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-33120 (SUSE): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00532.html) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-575=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-575=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-575=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-575=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-575=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-575=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-575=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-575=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-575=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-575=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-575=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ucode-intel-20220207-13.93.1 ucode-intel-debuginfo-20220207-13.93.1 ucode-intel-debugsource-20220207-13.93.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ucode-intel-20220207-13.93.1 ucode-intel-debuginfo-20220207-13.93.1 ucode-intel-debugsource-20220207-13.93.1 - SUSE OpenStack Cloud 9 (x86_64): ucode-intel-20220207-13.93.1 ucode-intel-debuginfo-20220207-13.93.1 ucode-intel-debugsource-20220207-13.93.1 - SUSE OpenStack Cloud 8 (x86_64): ucode-intel-20220207-13.93.1 ucode-intel-debuginfo-20220207-13.93.1 ucode-intel-debugsource-20220207-13.93.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): ucode-intel-20220207-13.93.1 ucode-intel-debuginfo-20220207-13.93.1 ucode-intel-debugsource-20220207-13.93.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): ucode-intel-20220207-13.93.1 ucode-intel-debuginfo-20220207-13.93.1 ucode-intel-debugsource-20220207-13.93.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): ucode-intel-20220207-13.93.1 ucode-intel-debuginfo-20220207-13.93.1 ucode-intel-debugsource-20220207-13.93.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): ucode-intel-20220207-13.93.1 ucode-intel-debuginfo-20220207-13.93.1 ucode-intel-debugsource-20220207-13.93.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ucode-intel-20220207-13.93.1 ucode-intel-debuginfo-20220207-13.93.1 ucode-intel-debugsource-20220207-13.93.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20220207-13.93.1 ucode-intel-debuginfo-20220207-13.93.1 ucode-intel-debugsource-20220207-13.93.1 - HPE Helion Openstack 8 (x86_64): ucode-intel-20220207-13.93.1 ucode-intel-debuginfo-20220207-13.93.1 ucode-intel-debugsource-20220207-13.93.1 References: https://www.suse.com/security/cve/CVE-2021-0127.html https://www.suse.com/security/cve/CVE-2021-0145.html https://www.suse.com/security/cve/CVE-2021-0146.html https://www.suse.com/security/cve/CVE-2021-33120.html https://bugzilla.suse.com/1192615 https://bugzilla.suse.com/1195779 https://bugzilla.suse.com/1195780 https://bugzilla.suse.com/1195781 From sle-updates at lists.suse.com Fri Feb 25 20:19:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Feb 2022 21:19:35 +0100 (CET) Subject: SUSE-SU-2022:0576-1: important: Security update for ucode-intel Message-ID: <20220225201935.50BD8F375@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0576-1 Rating: important References: #1192615 #1195779 #1195780 #1195781 Cross-References: CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120 CVSS scores: CVE-2021-0127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-0127 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-0145 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0145 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-0146 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0146 (SUSE): 7.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2021-33120 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-33120 (SUSE): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00532.html) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-576=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): ucode-intel-20220207-3.38.1 ucode-intel-debuginfo-20220207-3.38.1 ucode-intel-debugsource-20220207-3.38.1 References: https://www.suse.com/security/cve/CVE-2021-0127.html https://www.suse.com/security/cve/CVE-2021-0145.html https://www.suse.com/security/cve/CVE-2021-0146.html https://www.suse.com/security/cve/CVE-2021-33120.html https://bugzilla.suse.com/1192615 https://bugzilla.suse.com/1195779 https://bugzilla.suse.com/1195780 https://bugzilla.suse.com/1195781 From sle-updates at lists.suse.com Fri Feb 25 20:20:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Feb 2022 21:20:24 +0100 (CET) Subject: SUSE-SU-2022:0574-1: important: Security update for ucode-intel Message-ID: <20220225202024.5EC03F375@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0574-1 Rating: important References: #1192615 #1195779 #1195780 #1195781 Cross-References: CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120 CVSS scores: CVE-2021-0127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-0127 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-0145 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0145 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-0146 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0146 (SUSE): 7.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2021-33120 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-33120 (SUSE): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00532.html) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-574=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-574=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-574=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-574=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-574=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-574=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-574=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-574=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-574=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-574=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-574=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-574=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-574=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-574=1 Package List: - SUSE Manager Server 4.1 (x86_64): ucode-intel-20220207-10.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): ucode-intel-20220207-10.1 - SUSE Manager Proxy 4.1 (x86_64): ucode-intel-20220207-10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): ucode-intel-20220207-10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): ucode-intel-20220207-10.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): ucode-intel-20220207-10.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): ucode-intel-20220207-10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): ucode-intel-20220207-10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): ucode-intel-20220207-10.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): ucode-intel-20220207-10.1 - SUSE Linux Enterprise Micro 5.0 (x86_64): ucode-intel-20220207-10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): ucode-intel-20220207-10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): ucode-intel-20220207-10.1 - SUSE Enterprise Storage 7 (x86_64): ucode-intel-20220207-10.1 References: https://www.suse.com/security/cve/CVE-2021-0127.html https://www.suse.com/security/cve/CVE-2021-0145.html https://www.suse.com/security/cve/CVE-2021-0146.html https://www.suse.com/security/cve/CVE-2021-33120.html https://bugzilla.suse.com/1192615 https://bugzilla.suse.com/1195779 https://bugzilla.suse.com/1195780 https://bugzilla.suse.com/1195781 From sle-updates at lists.suse.com Fri Feb 25 23:18:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Feb 2022 00:18:25 +0100 (CET) Subject: SUSE-SU-2022:0577-1: moderate: Security update for php72 Message-ID: <20220225231825.A14A8F375@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0577-1 Rating: moderate References: #1038980 #1081790 #1193041 Cross-References: CVE-2015-9253 CVE-2017-8923 CVE-2021-21707 CVSS scores: CVE-2015-9253 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2015-9253 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-8923 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-8923 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-21707 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-21707 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php72 fixes the following issues: - CVE-2015-9253: Fixed endless loop when the master process restarts a child process using program execution functions (bsc#1081790). - CVE-2017-8923: Fixed denial of service (application crash) when using .= with a long string (zend_string_extend func in Zend/zend_string.h) (bsc#1038980). - CVE-2021-21707: Fixed special character handling that broke path in xml parsing (bsc#1193041). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-577=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-577=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.75.1 php72-debugsource-7.2.5-1.75.1 php72-devel-7.2.5-1.75.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.75.1 apache2-mod_php72-debuginfo-7.2.5-1.75.1 php72-7.2.5-1.75.1 php72-bcmath-7.2.5-1.75.1 php72-bcmath-debuginfo-7.2.5-1.75.1 php72-bz2-7.2.5-1.75.1 php72-bz2-debuginfo-7.2.5-1.75.1 php72-calendar-7.2.5-1.75.1 php72-calendar-debuginfo-7.2.5-1.75.1 php72-ctype-7.2.5-1.75.1 php72-ctype-debuginfo-7.2.5-1.75.1 php72-curl-7.2.5-1.75.1 php72-curl-debuginfo-7.2.5-1.75.1 php72-dba-7.2.5-1.75.1 php72-dba-debuginfo-7.2.5-1.75.1 php72-debuginfo-7.2.5-1.75.1 php72-debugsource-7.2.5-1.75.1 php72-dom-7.2.5-1.75.1 php72-dom-debuginfo-7.2.5-1.75.1 php72-enchant-7.2.5-1.75.1 php72-enchant-debuginfo-7.2.5-1.75.1 php72-exif-7.2.5-1.75.1 php72-exif-debuginfo-7.2.5-1.75.1 php72-fastcgi-7.2.5-1.75.1 php72-fastcgi-debuginfo-7.2.5-1.75.1 php72-fileinfo-7.2.5-1.75.1 php72-fileinfo-debuginfo-7.2.5-1.75.1 php72-fpm-7.2.5-1.75.1 php72-fpm-debuginfo-7.2.5-1.75.1 php72-ftp-7.2.5-1.75.1 php72-ftp-debuginfo-7.2.5-1.75.1 php72-gd-7.2.5-1.75.1 php72-gd-debuginfo-7.2.5-1.75.1 php72-gettext-7.2.5-1.75.1 php72-gettext-debuginfo-7.2.5-1.75.1 php72-gmp-7.2.5-1.75.1 php72-gmp-debuginfo-7.2.5-1.75.1 php72-iconv-7.2.5-1.75.1 php72-iconv-debuginfo-7.2.5-1.75.1 php72-imap-7.2.5-1.75.1 php72-imap-debuginfo-7.2.5-1.75.1 php72-intl-7.2.5-1.75.1 php72-intl-debuginfo-7.2.5-1.75.1 php72-json-7.2.5-1.75.1 php72-json-debuginfo-7.2.5-1.75.1 php72-ldap-7.2.5-1.75.1 php72-ldap-debuginfo-7.2.5-1.75.1 php72-mbstring-7.2.5-1.75.1 php72-mbstring-debuginfo-7.2.5-1.75.1 php72-mysql-7.2.5-1.75.1 php72-mysql-debuginfo-7.2.5-1.75.1 php72-odbc-7.2.5-1.75.1 php72-odbc-debuginfo-7.2.5-1.75.1 php72-opcache-7.2.5-1.75.1 php72-opcache-debuginfo-7.2.5-1.75.1 php72-openssl-7.2.5-1.75.1 php72-openssl-debuginfo-7.2.5-1.75.1 php72-pcntl-7.2.5-1.75.1 php72-pcntl-debuginfo-7.2.5-1.75.1 php72-pdo-7.2.5-1.75.1 php72-pdo-debuginfo-7.2.5-1.75.1 php72-pgsql-7.2.5-1.75.1 php72-pgsql-debuginfo-7.2.5-1.75.1 php72-phar-7.2.5-1.75.1 php72-phar-debuginfo-7.2.5-1.75.1 php72-posix-7.2.5-1.75.1 php72-posix-debuginfo-7.2.5-1.75.1 php72-pspell-7.2.5-1.75.1 php72-pspell-debuginfo-7.2.5-1.75.1 php72-readline-7.2.5-1.75.1 php72-readline-debuginfo-7.2.5-1.75.1 php72-shmop-7.2.5-1.75.1 php72-shmop-debuginfo-7.2.5-1.75.1 php72-snmp-7.2.5-1.75.1 php72-snmp-debuginfo-7.2.5-1.75.1 php72-soap-7.2.5-1.75.1 php72-soap-debuginfo-7.2.5-1.75.1 php72-sockets-7.2.5-1.75.1 php72-sockets-debuginfo-7.2.5-1.75.1 php72-sodium-7.2.5-1.75.1 php72-sodium-debuginfo-7.2.5-1.75.1 php72-sqlite-7.2.5-1.75.1 php72-sqlite-debuginfo-7.2.5-1.75.1 php72-sysvmsg-7.2.5-1.75.1 php72-sysvmsg-debuginfo-7.2.5-1.75.1 php72-sysvsem-7.2.5-1.75.1 php72-sysvsem-debuginfo-7.2.5-1.75.1 php72-sysvshm-7.2.5-1.75.1 php72-sysvshm-debuginfo-7.2.5-1.75.1 php72-tidy-7.2.5-1.75.1 php72-tidy-debuginfo-7.2.5-1.75.1 php72-tokenizer-7.2.5-1.75.1 php72-tokenizer-debuginfo-7.2.5-1.75.1 php72-wddx-7.2.5-1.75.1 php72-wddx-debuginfo-7.2.5-1.75.1 php72-xmlreader-7.2.5-1.75.1 php72-xmlreader-debuginfo-7.2.5-1.75.1 php72-xmlrpc-7.2.5-1.75.1 php72-xmlrpc-debuginfo-7.2.5-1.75.1 php72-xmlwriter-7.2.5-1.75.1 php72-xmlwriter-debuginfo-7.2.5-1.75.1 php72-xsl-7.2.5-1.75.1 php72-xsl-debuginfo-7.2.5-1.75.1 php72-zip-7.2.5-1.75.1 php72-zip-debuginfo-7.2.5-1.75.1 php72-zlib-7.2.5-1.75.1 php72-zlib-debuginfo-7.2.5-1.75.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.75.1 php72-pear-Archive_Tar-7.2.5-1.75.1 References: https://www.suse.com/security/cve/CVE-2015-9253.html https://www.suse.com/security/cve/CVE-2017-8923.html https://www.suse.com/security/cve/CVE-2021-21707.html https://bugzilla.suse.com/1038980 https://bugzilla.suse.com/1081790 https://bugzilla.suse.com/1193041 From sle-updates at lists.suse.com Mon Feb 28 07:32:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 08:32:23 +0100 (CET) Subject: SUSE-IU-2022:282-1: Security update of sles-15-sp3-chost-byos-v20220222 Message-ID: <20220228073223.62952F375@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20220222 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:282-1 Image Tags : sles-15-sp3-chost-byos-v20220222:20220222 Image Release : Severity : critical Type : security References : 1057592 1102408 1139519 1154353 1154488 1156395 1156920 1159205 1160634 1160654 1176447 1177599 1178357 1181163 1181812 1182227 1183405 1183407 1183495 1183572 1183574 1185377 1186506 1187428 1187723 1188019 1188571 1188605 1189152 1189560 1190395 1191015 1191057 1191121 1191227 1191334 1191434 1191532 1191826 1191881 1192164 1192311 1192353 1192637 1192652 1192653 1192684 1192685 1193007 1193086 1193096 1193257 1193258 1193273 1193488 1193506 1193690 1193767 1193802 1193861 1193864 1193867 1194048 1194178 1194227 1194265 1194291 1194392 1194522 1194576 1194581 1194588 1194597 1194640 1194661 1194716 1194768 1194770 1194785 1194859 1194880 1194898 1194968 1195009 1195048 1195054 1195062 1195065 1195073 1195142 1195183 1195184 1195217 1195254 1195267 1195293 1195371 1195476 1195477 1195478 1195479 1195480 1195481 1195482 954813 CVE-2020-27840 CVE-2020-28097 CVE-2021-20277 CVE-2021-20316 CVE-2021-22600 CVE-2021-36222 CVE-2021-39648 CVE-2021-39657 CVE-2021-39685 CVE-2021-3997 CVE-2021-3999 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2021-44733 CVE-2021-45095 CVE-2022-0286 CVE-2022-0330 CVE-2022-0336 CVE-2022-0435 CVE-2022-22942 CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVE-2022-23218 CVE-2022-23219 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20220222 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:273-1 Released: Tue Feb 1 14:15:21 2022 Summary: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Type: recommended Severity: important References: 1102408,1192652,1192653,1193257,1193258 This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes: Changes in google-guest-agent: - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * dont duplicate logs (#146) * Add WantedBy network dependencies to google-guest-agent service (#136) * dont try dhcpv6 when not needed (#145) * Integration tests: instance setup (#143) * Integration test: test create and remove google user (#128) * handle comm errors in script runner (#140) * enforce script ordering (#138) * enable ipv6 on secondary interfaces (#133) - from version 20211103.00 * Integration tests: instance setup (#143) - from version 20211027.00 * Integration test: test create and remove google user (#128) - Update to version 20211019.00 * handle comm errors in script runner (#140) - from version 20211015.00 * enforce script ordering (#138) - from version 20211014.00 * enable ipv6 on secondary interfaces (#133) - from version 20211013.00 * dont open ssh tempfile exclusively (#137) - from version 20211011.00 * correct linux startup script order (#135) * Emit sshable attribute (#123) - from version 20210908.1 * restore line (#127) - from version 20210908.00 * New integ test (#124) - from version 20210901.00 * support enable-oslogin-sk key (#120) * match script logging to guest agent (#125) - from version 20210804.00 * Debug logging (#122) - Refresh patches for new version * dont_overwrite_ifcfg.patch - Build with go1.15 for reproducible build results (bsc#1102408) - Update to version 20210707.00 * Use IP address for calling the metadata server. (#116) - from version 20210629.00 * use IP for MDS (#115) - Update to version 20210603.00 * systemd-notify in agentInit (#113) * dont check status (#112) - from version 20210524.00 * more granular service restarts (#111) - from version 20210414.00 * (no functional changes) Changes in google-guest-configs: - Add missing pkg-config dependency to BuildRequires for SLE-12 - Install modprobe configuration files into /etc again on SLE-15-SP2 and older since that's stil the default location on these distributions - Probe udev directory using the 'udevdir' pkg-config variable on SLE-15-SP2 and older since the variable got renamed to 'udev_dir' in later versions - Remove redundant pkgconfig(udev) from BuildRequires for SLE-12 - Update to version 20211116.00 (bsc#1193257, bsc#1193258) * GCE supports up to 24 NVMe local SSDs, but the regex in the PROGRAM field only looks for the last digit of the given string causing issues when there are >= 10 local SSDs. Changed REGEX to get the last number of the string instead to support the up to 24 local SSDs. (#30) * chmod+x google_nvme_id on EL (#31) - Fix duplicate installation of google_optimize_local_ssd and google_set_multiqueue - Install google_nvme_id into /usr/lib/udev (bsc#1192652, bsc#1192653) - Update to version 20210916.00 * Revert 'dont set IP in etc/hosts; remove rsyslog (#26)' (#28) - from version 20210831.00 * restore rsyslog (#27) - from version 20210830.00 * Fix NVMe partition names (#25) - from version 20210824.00 * dont set IP in etc/hosts; remove rsyslog (#26) * update OWNERS - Use %_modprobedir for modprobe.d files (out of /etc) - Use %_sysctldir for sysctl.d files (out of /etc) - Update to version 20210702.00 * use grep for hostname check (#23) - from version 20210629.00 * address set_hostname vuln (#22) - from version 20210324.00 * dracut.conf wants spaces around values (#19) Changes in google-guest-oslogin: - Update to version 20211013.00 (bsc#1193257, bsc#1193258) * remove deprecated binary (#79) - from version 20211001.00 * no message if no groups (#78) - from version 20210907.00 * use sigaction for signals (#76) - from version 20210906.00 * include cstdlib for exit (#75) * catch SIGPIPE in authorized_keys (#73) - from version 20210805.00 * fix double free in ParseJsonToKey (#70) - from version 20210804.00 * fix packaging for authorized_keys_sk (#68) * add authorized_keys_sk (#66) - Add google_authorized_keys_sk to %files section - Remove google_oslogin_control from %files section Changes in google-osconfig-agent: - Update to version 20211117.00 (bsc#1193257, bsc#1193258) * Add retry logic for RegisterAgent (#404) - from version 20211111.01 * e2e_test: drop ubuntu 1604 image as its EOL (#403) - from version 20211111.00 * e2e_test: move to V1 api for OSPolicies (#397) - from version 20211102.00 * Fix context logging and fix label names (#400) - from version 20211028.00 * Add cloudops example for gcloud (#399) - Update to version 20211021.00 * Added patch report logging for Zypper. (#395) - from version 20211012.00 * Replace deprecated instance filters with the new filters (#394) - from version 20211006.00 * Added patch report log messages for Yum and Apt (#392) - from version 20210930.00 * Config: Add package info caching (#391) - from version 20210928.00 * Fixed the runWithPty function to set ctty to child's filedesc (#389) - from version 20210927.00 * e2e_tests: fix a test output mismatch (#390) - from version 20210924.00 * Fix some e2e test failures (#388) - from version 20210923.02 * Correctly check for folder existance in package upgrade (#387) - from version 20210923.01 * ReportInventory: Fix bug in deb/rpm inventory, reduce calls to append (#386) - from version 20210923.00 * Deprecate old config directory in favor of new cache directory (#385) - from version 20210922.02 * Fix rpm/deb package formating for inventory reporting (#384) - from version 20210922.01 * Add centos stream rocky linux and available package tests (#383) - from version 20210922.00 * Add more info logs, actually cleanup unmanaged repos (#382) - from version 20210901.00 * Add E2E tests for Windows Application (#379) * Return lower-case package name (#377) * Update Terraform scripts for multi-project deployments tutorial. (#378) - from version 20210811.00 * Support Windows Application Inventory (#371) - from version 20210723.00 * Send basic inventory with RegisterAgent (#373) - from version 20210722.1 * e2e_tests: move to manually generated osconfig library (#372) - from version 20210722.00 * Create OWNERS file for examples directory (#368) - from version 20210719.00 * Update Zypper patch info parsing (#370) - Build with go1.15 for reproducible build results (bsc#1102408) - Update to version 20210712.1 * Skip getting patch info when no patches are found. (#369) - from version 20210712.00 * Add Terraform scripts for multi-project deployments (#367) - from version 20210709.00 * Add examples/Terraform directory. (#366) - from version 20210707.00 * Fix bug in printing packages to update, return error for zypper patch (#365) - from version 20210629.00 * Add CloudOps examples for CentOS (#364) - Update to version 20210621.00 * chore: Fixing a comment. (#363) - from version 20210617.00 * Use exec.CommandContext so that canceling the context also kills any running processes (#362) - from version 20210608.1 * e2e_tests: point to official osconfig client library (#359) - from version 20210608.00 * e2e_tests: deflake tests (#358) - from version 20210607.00 * Fix build on some architectures (#357) - from version 20210603.00 * Create win-validation-powershell.yaml (#356) - from version 20210602.00 * Agent efficiency improvements/bugfixes/logging updates (#355) * e2e_tests: add tests for ExecResource output (#354) - from version 20210525.00 * Run fieldalignment on all structs (#353) - from version 20210521.00 * Config Task: add error message and ExecResource output recording (#350) * e2e_tests: remove Windows server 1909 and add server 20h2 (#352) * Added a method for logging structured data (#349) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:317-1 Released: Thu Feb 3 10:06:59 2022 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1057592,1156920,1160654,1178357,1181163,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392 This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 Service Pack 3 (bsc#1183407,jsc#SLE-9750) - Parse sysctl files in the correct order - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as 'up' when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Add `ethtool --get-permanent-address` option in the client - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:322-1 Released: Thu Feb 3 14:03:19 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192685,1194716 This update for dracut fixes the following issues: - Fix(network): consistent use of '$gw' for gateway (bsc#1192685) - Fix(install): handle builtin modules (bsc#1194716) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:333-1 Released: Fri Feb 4 09:30:26 2022 Summary: Security update for xen Type: security Severity: important References: 1194576,1194581,1194588,CVE-2022-23033,CVE-2022-23034,CVE-2022-23035 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:334-1 Released: Fri Feb 4 09:30:58 2022 Summary: Security update for containerd, docker Type: security Severity: moderate References: 1191015,1191121,1191334,1191434,1193273,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103,CVE-2021-41190 This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:340-1 Released: Mon Feb 7 13:08:14 2022 Summary: Security update for the Linux Kernel Type: recommended Severity: moderate References: 1195142 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various a regression bugfix. The following non-security bugs were fixed: - drm/radeon: fix error handling in radeon_driver_open_kms that could lead to non-booting systems with Radeon cards (bsc#1195142). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:370-1 Released: Fri Feb 11 08:35:29 2022 Summary: Security update for the Linux Kernel Type: security Severity: critical References: 1154353,1154488,1156395,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371,1195476,1195477,1195478,1195479,1195480,1195481,1195482,CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad 'Not Charging' quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upper limit of processed events (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Bluetooth: refactor malicious adv data check (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) - RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: refactor ns->ctrl by request (git-fixes). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fix potential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: Add support for Brainboxes UC cards (git-fixes). - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:513-1 Released: Fri Feb 18 12:43:10 2022 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1159205,1190395 This update for grub2 fixes the following issues: - Fix wrong default entry when booting snapshot (bsc#1159205). - Improve support for SLE Micro 5.1 on s390x (bsc#1190395). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:548-1 Released: Tue Feb 22 13:48:55 2022 Summary: Recommended update for blog Type: recommended Severity: moderate References: 1186506,1191057 This update for blog fixes the following issues: - Update to version 2.26 * On s390/x and PPC64 gcc misses unused arg0 - Update to version 2.24 * Avoid install errror due missed directory - Update to version 2.22 * Avoid KillMode=none for newer systemd version as well as rework the systemd unit files of blog (bsc#1186506) - Move to /usr for UsrMerge (bsc#1191057) - Update to version 2.21 * Merge pull request #4 from samueldr/fix/makefile Fixup Makefile for better build system support * Silent new gcc compiler The following package changes have been done: - apparmor-abstractions-2.13.6-150300.3.11.2 updated - apparmor-parser-2.13.6-150300.3.11.2 updated - blog-2.26-150300.4.3.1 updated - boost-license1_66_0-1.66.0-12.3.1 updated - containerd-ctr-1.4.12-60.1 updated - containerd-1.4.12-60.1 updated - coreutils-8.32-150300.3.5.1 updated - docker-20.10.12_ce-159.1 updated - dracut-049.1+suse.228.g07676562-3.54.1 updated - glibc-locale-base-2.31-150300.9.12.1 updated - glibc-locale-2.31-150300.9.12.1 updated - glibc-2.31-150300.9.12.1 updated - google-guest-agent-20211116.00-1.23.1 updated - google-guest-configs-20211116.00-1.16.1 updated - google-guest-oslogin-20211013.00-1.24.1 updated - google-osconfig-agent-20211117.00-1.14.1 updated - grub2-i386-pc-2.04-150300.22.12.2 updated - grub2-x86_64-efi-2.04-150300.22.12.2 updated - grub2-2.04-150300.22.12.2 updated - kernel-default-5.3.18-150300.59.49.1 updated - krb5-1.19.2-150300.8.3.2 updated - libapparmor1-2.13.6-150300.3.11.1 updated - libblogger2-2.26-150300.4.3.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libexpat1-2.2.5-3.12.1 updated - libldb2-2.4.1-150300.3.10.1 updated - libsasl2-3-2.1.27-150300.4.3.1 updated - libsystemd0-246.16-150300.7.39.1 updated - libtalloc2-2.3.3-150300.3.3.2 updated - libtdb1-1.4.4-150300.3.3.2 updated - libtevent0-0.11.0-150300.3.3.2 updated - libudev1-246.16-150300.7.39.1 updated - libzypp-17.29.3-27.1 updated - nfs-client-2.1.1-10.21.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 added - systemd-sysvinit-246.16-150300.7.39.1 updated - systemd-246.16-150300.7.39.1 updated - udev-246.16-150300.7.39.1 updated - wicked-service-0.6.68-150300.4.5.1 updated - wicked-0.6.68-150300.4.5.1 updated - xen-libs-4.14.3_06-150300.3.18.2 updated - zypper-1.14.51-24.1 updated - gamin-server-0.1.10-1.41 removed - libdcerpc-binding0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libdcerpc0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libfam0-gamin-0.1.10-3.2.3 removed - libndr-krb5pac0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libndr-nbt0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libndr-standard0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libndr1-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libnetapi0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-credentials0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-errors0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-hostconfig0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-passdb0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-util0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamdb0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsmbconf0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsmbldap2-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libtevent-util0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libwbclient0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - python3-ldb-2.2.2-3.3.1 removed - python3-talloc-2.3.1-1.40 removed - samba-libs-4.13.13+git.539.fdbc44a8598-3.20.2 removed - samba-libs-python3-4.13.13+git.539.fdbc44a8598-3.20.2 removed From sle-updates at lists.suse.com Mon Feb 28 14:18:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 15:18:27 +0100 (CET) Subject: SUSE-RU-2022:0580-1: important: Recommended update for s390-tools Message-ID: <20220228141827.37DEAF379@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0580-1 Rating: important References: #1196257 #1196258 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for s390-tools fixes the following issues: - Fix for issue introduced in version 2.37+ of util-linux that modified the output characters of lsblk, which breaks the parser function (bsc#1196258) - Fix for path resolution failing when a device provides multiple mount points such as, for example, when using btrfs subvolumes, or when mounting the same file system at multiple mount points (bsc#1196257) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-580=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-580=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): libekmfweb1-2.15.1-150300.8.14.1 libekmfweb1-debuginfo-2.15.1-150300.8.14.1 libekmfweb1-devel-2.15.1-150300.8.14.1 osasnmpd-2.15.1-150300.8.14.1 osasnmpd-debuginfo-2.15.1-150300.8.14.1 s390-tools-2.15.1-150300.8.14.1 s390-tools-debuginfo-2.15.1-150300.8.14.1 s390-tools-debugsource-2.15.1-150300.8.14.1 s390-tools-hmcdrvfs-2.15.1-150300.8.14.1 s390-tools-hmcdrvfs-debuginfo-2.15.1-150300.8.14.1 s390-tools-zdsfs-2.15.1-150300.8.14.1 s390-tools-zdsfs-debuginfo-2.15.1-150300.8.14.1 - SUSE Linux Enterprise Micro 5.1 (s390x): libekmfweb1-2.15.1-150300.8.14.1 libekmfweb1-debuginfo-2.15.1-150300.8.14.1 s390-tools-2.15.1-150300.8.14.1 s390-tools-debuginfo-2.15.1-150300.8.14.1 s390-tools-debugsource-2.15.1-150300.8.14.1 References: https://bugzilla.suse.com/1196257 https://bugzilla.suse.com/1196258 From sle-updates at lists.suse.com Mon Feb 28 14:19:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 15:19:35 +0100 (CET) Subject: SUSE-RU-2022:0579-1: moderate: Recommended update for trento-premium Message-ID: <20220228141935.0EAB4F379@maintenance.suse.de> SUSE Recommended Update: Recommended update for trento-premium ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0579-1 Rating: moderate References: SLE-22874 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for trento-premium fixes the following issues: Release 0.9.0 ### Added - Pin specific container image versions in the helm chart values - review values for SUSE infrastructure - Add health summary api endpoint - Homepage UI component - Embed cpu and memory usage dashboards in host detail - Sap system health computation - Attach system replication status badge on secondary node - Add remediation command to the corosync token timeouts checks - Add node exporter state in the frontend - Add prometheus grafana to helm chart - Prometheus HTTP service discovery API - Adds feedback collector - Add connection retry when starting Web and Runner ### Fixed - Web serve command not stopped correctly during database initializaion tries - Links in compressed sidebar don't work - CD process doesn't clean up old node module tgz files - Aligns Overview - Use context correctly during db initialization - Compute attached database health - Fix dump scenario script clean-up command - Push catalog info after the checks - Show all sbd devices - Do not make assumptions about the shape of the payload of checks catalog - Remove mention of Blue Horizon from landing page - Links in compressed sidebar are working again ### Closed Issues - Checks catalog empty - Settings button missing in Pacemaker Clusters details view ### Other Changes - Enable Grafana persistence - Fix health summary api - Fix grafana secret - Fix grafana embedding - Implement cluster heatlh computation projection - refresh zypper repo before installing node exporter - Add Grafana initialization - Run prometheus installation as root - Do not add bitnami charts repo from the installer if it's not needed - Fix dependabot auto-merge workflow - Change trento path in the Dockerfile - Allows Grafana dashboards to be embedded - Add hana cluster details e2e test - E2e test cluster overview - Switch to the SLE BCI images Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-579=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-579=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-579=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): trento-premium-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 trento-premium-server-installer-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): trento-premium-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 trento-premium-server-installer-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): trento-premium-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 trento-premium-server-installer-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 References: From sle-updates at lists.suse.com Mon Feb 28 16:03:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 17:03:49 +0100 (CET) Subject: SUSE-IU-2022:283-1: Security update of suse-sles-15-sp3-chost-byos-v20220222-gen2 Message-ID: <20220228160349.A38A3F375@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220222-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:283-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220222-gen2:20220222 Image Release : Severity : critical Type : security References : 1057592 1139519 1154353 1154488 1156395 1156920 1159205 1160634 1160654 1176447 1177599 1178357 1181163 1181812 1182227 1183405 1183407 1183495 1183572 1183574 1185377 1186506 1187428 1187723 1188019 1188571 1188605 1189152 1189560 1190395 1191015 1191057 1191121 1191227 1191334 1191434 1191532 1191826 1191881 1192164 1192311 1192353 1192637 1192684 1192685 1193007 1193086 1193096 1193273 1193488 1193506 1193690 1193767 1193802 1193861 1193864 1193867 1194048 1194178 1194227 1194265 1194291 1194392 1194522 1194576 1194581 1194588 1194597 1194640 1194661 1194716 1194768 1194770 1194785 1194859 1194880 1194898 1194968 1195009 1195048 1195054 1195062 1195065 1195073 1195142 1195183 1195184 1195217 1195254 1195267 1195293 1195371 1195476 1195477 1195478 1195479 1195480 1195481 1195482 954813 CVE-2020-27840 CVE-2020-28097 CVE-2021-20277 CVE-2021-20316 CVE-2021-22600 CVE-2021-36222 CVE-2021-39648 CVE-2021-39657 CVE-2021-39685 CVE-2021-3997 CVE-2021-3999 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2021-44733 CVE-2021-45095 CVE-2022-0286 CVE-2022-0330 CVE-2022-0336 CVE-2022-0435 CVE-2022-22942 CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVE-2022-23218 CVE-2022-23219 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220222-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:317-1 Released: Thu Feb 3 10:06:59 2022 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1057592,1156920,1160654,1178357,1181163,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392 This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 Service Pack 3 (bsc#1183407,jsc#SLE-9750) - Parse sysctl files in the correct order - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as 'up' when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Add `ethtool --get-permanent-address` option in the client - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:322-1 Released: Thu Feb 3 14:03:19 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192685,1194716 This update for dracut fixes the following issues: - Fix(network): consistent use of '$gw' for gateway (bsc#1192685) - Fix(install): handle builtin modules (bsc#1194716) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:333-1 Released: Fri Feb 4 09:30:26 2022 Summary: Security update for xen Type: security Severity: important References: 1194576,1194581,1194588,CVE-2022-23033,CVE-2022-23034,CVE-2022-23035 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:334-1 Released: Fri Feb 4 09:30:58 2022 Summary: Security update for containerd, docker Type: security Severity: moderate References: 1191015,1191121,1191334,1191434,1193273,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103,CVE-2021-41190 This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:340-1 Released: Mon Feb 7 13:08:14 2022 Summary: Security update for the Linux Kernel Type: recommended Severity: moderate References: 1195142 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various a regression bugfix. The following non-security bugs were fixed: - drm/radeon: fix error handling in radeon_driver_open_kms that could lead to non-booting systems with Radeon cards (bsc#1195142). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:370-1 Released: Fri Feb 11 08:35:29 2022 Summary: Security update for the Linux Kernel Type: security Severity: critical References: 1154353,1154488,1156395,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371,1195476,1195477,1195478,1195479,1195480,1195481,1195482,CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad 'Not Charging' quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upper limit of processed events (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Bluetooth: refactor malicious adv data check (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) - RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: refactor ns->ctrl by request (git-fixes). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fix potential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: Add support for Brainboxes UC cards (git-fixes). - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:513-1 Released: Fri Feb 18 12:43:10 2022 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1159205,1190395 This update for grub2 fixes the following issues: - Fix wrong default entry when booting snapshot (bsc#1159205). - Improve support for SLE Micro 5.1 on s390x (bsc#1190395). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:548-1 Released: Tue Feb 22 13:48:55 2022 Summary: Recommended update for blog Type: recommended Severity: moderate References: 1186506,1191057 This update for blog fixes the following issues: - Update to version 2.26 * On s390/x and PPC64 gcc misses unused arg0 - Update to version 2.24 * Avoid install errror due missed directory - Update to version 2.22 * Avoid KillMode=none for newer systemd version as well as rework the systemd unit files of blog (bsc#1186506) - Move to /usr for UsrMerge (bsc#1191057) - Update to version 2.21 * Merge pull request #4 from samueldr/fix/makefile Fixup Makefile for better build system support * Silent new gcc compiler The following package changes have been done: - apparmor-abstractions-2.13.6-150300.3.11.2 updated - apparmor-parser-2.13.6-150300.3.11.2 updated - blog-2.26-150300.4.3.1 updated - boost-license1_66_0-1.66.0-12.3.1 updated - containerd-ctr-1.4.12-60.1 updated - containerd-1.4.12-60.1 updated - coreutils-8.32-150300.3.5.1 updated - docker-20.10.12_ce-159.1 updated - dracut-049.1+suse.228.g07676562-3.54.1 updated - glibc-locale-base-2.31-150300.9.12.1 updated - glibc-locale-2.31-150300.9.12.1 updated - glibc-2.31-150300.9.12.1 updated - grub2-i386-pc-2.04-150300.22.12.2 updated - grub2-x86_64-efi-2.04-150300.22.12.2 updated - grub2-2.04-150300.22.12.2 updated - kernel-default-5.3.18-150300.59.49.1 updated - krb5-1.19.2-150300.8.3.2 updated - libapparmor1-2.13.6-150300.3.11.1 updated - libblogger2-2.26-150300.4.3.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libexpat1-2.2.5-3.12.1 updated - libldb2-2.4.1-150300.3.10.1 updated - libsasl2-3-2.1.27-150300.4.3.1 updated - libsystemd0-246.16-150300.7.39.1 updated - libtalloc2-2.3.3-150300.3.3.2 updated - libtdb1-1.4.4-150300.3.3.2 updated - libtevent0-0.11.0-150300.3.3.2 updated - libudev1-246.16-150300.7.39.1 updated - libzypp-17.29.3-27.1 updated - nfs-client-2.1.1-10.21.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 added - systemd-sysvinit-246.16-150300.7.39.1 updated - systemd-246.16-150300.7.39.1 updated - udev-246.16-150300.7.39.1 updated - wicked-service-0.6.68-150300.4.5.1 updated - wicked-0.6.68-150300.4.5.1 updated - xen-libs-4.14.3_06-150300.3.18.2 updated - zypper-1.14.51-24.1 updated - gamin-server-0.1.10-1.41 removed - libdcerpc-binding0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libdcerpc0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libfam0-gamin-0.1.10-3.2.3 removed - libndr-krb5pac0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libndr-nbt0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libndr-standard0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libndr1-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libnetapi0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-credentials0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-errors0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-hostconfig0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-passdb0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-util0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamdb0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsmbconf0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsmbldap2-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libtevent-util0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libwbclient0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - python3-ldb-2.2.2-3.3.1 removed - python3-talloc-2.3.1-1.40 removed - samba-libs-4.13.13+git.539.fdbc44a8598-3.20.2 removed - samba-libs-python3-4.13.13+git.539.fdbc44a8598-3.20.2 removed From sle-updates at lists.suse.com Mon Feb 28 16:29:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 17:29:03 +0100 (CET) Subject: SUSE-CU-2022:237-1: Security update of trento/trento-db Message-ID: <20220228162903.A9467F375@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:237-1 Container Tags : trento/trento-db:14.1 , trento/trento-db:14.1-rev1.0.0 , trento/trento-db:14.1-rev1.0.0-build2.2.34 , trento/trento-db:latest Container Release : 2.2.34 Severity : important Type : security References : 1191826 1192637 1193086 1194178 1194640 1194768 1194770 1194785 1195054 1195217 CVE-2021-3997 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container trento/trento-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) The following package changes have been done: - glibc-locale-base-2.31-150300.9.12.1 updated - libexpat1-2.2.5-3.12.1 updated - glibc-locale-2.31-150300.9.12.1 updated - systemd-246.16-150300.7.39.1 updated - udev-246.16-150300.7.39.1 updated From sle-updates at lists.suse.com Mon Feb 28 17:18:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 18:18:51 +0100 (CET) Subject: SUSE-SU-2022:14898-1: moderate: Security update for htmldoc Message-ID: <20220228171851.B848FF379@maintenance.suse.de> SUSE Security Update: Security update for htmldoc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14898-1 Rating: moderate References: #1158802 #1184424 #1195758 Cross-References: CVE-2019-19630 CVE-2021-20308 CVE-2022-0534 CVSS scores: CVE-2019-19630 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19630 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2021-20308 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-0534 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0534 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for htmldoc fixes the following issues: - CVE-2019-19630: Fixed stack-based buffer overflow in the hd_strlcpy() function in string.c via a crafted HTML document (bsc#1158802). - CVE-2021-20308: Fixed integer overflow in image_load_gif() (bsc#1184424). - CVE-2022-0534: Fixed stack out-of-bounds read in gif_get_code() when opening a malicious GIF file results in a segmentation fault (bsc#1195758). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3: zypper in -t patch slesmtsp3-htmldoc-14898=1 Package List: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (i586 s390x x86_64): htmldoc-1.8.27-170.4.9.1 References: https://www.suse.com/security/cve/CVE-2019-19630.html https://www.suse.com/security/cve/CVE-2021-20308.html https://www.suse.com/security/cve/CVE-2022-0534.html https://bugzilla.suse.com/1158802 https://bugzilla.suse.com/1184424 https://bugzilla.suse.com/1195758 From sle-updates at lists.suse.com Mon Feb 28 20:18:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:18:25 +0100 (CET) Subject: SUSE-SU-2022:0593-1: moderate: Security update for SUSE Manager Server 4.2 Message-ID: <20220228201825.2BA16F375@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0593-1 Rating: moderate References: #1097531 #1173103 #1189561 #1190781 #1191192 #1191285 #1191857 #1192321 #1192368 #1192440 #1192487 #1192510 #1192514 #1192550 #1192566 #1192699 #1192776 #1193008 #1193292 #1193565 #1193585 #1193612 #1193694 #1193832 #1194044 #1194397 #1194862 #1194905 #1194990 #1195171 Cross-References: CVE-2020-25638 CVSS scores: CVE-2020-25638 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-25638 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves one vulnerability and has 29 fixes is now available. Description: This update fixes the following issues: c3p0: - Build with log4j mapper dhcpd-formula: - Update to version 0.1.1641480250.d5bd14c * make routers option optional hibernate5: - Fix potential SQL injection CVE-2020-25638 (bsc#1193832) mgr-libmod: - Version 4.2.7-1 * require python macros for building mgr-osad: - Version 4.2.7-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building mgr-push: - Version 4.2.4-1 * Do not build python 2 package for SLE15SP4 and higher py27-compat-salt: - Fix inspector module export function (bsc#1097531) - Fix possible traceback on ip6_interface grain (bsc#1193565) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. - Fix the regression with invalid syntax in test_parse_cpe_name_v23. - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Fix the regression of docker_container state module (bsc#1191285) rhnlib: - Version 4.2.5-1 * do not build python 2 package for SLE15 salt-netapi-client: - Hotfix (bsc#1192550): - Version 0.19.0 * See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.19.0 saltboot-formula: - Update to version 0.1.1637232240.87d79ed * Prevent python failure under some circumstances when filesystem was not set (bsc#1192440) * Add missing boot_images option in SLE11 saltboot version spacecmd: - Version 4.2.15-1 * require python macros for building spacewalk-backend: - Version 4.2.19-1 * Retrieve and store copyright information about patches * SLES PAYG client support on cloud * Add headers to update proxy auth token in listChannels (bsc#1193585) * require python macros for building * exchange zypp-plugin dependency to use the python3 version (bsc#1192514) spacewalk-branding: - Version 4.2.12-1 * Fix header search autofocus spacewalk-client-tools: - Version 4.2.16-1 * do not build python 2 package for SLE15 * require python macros for building spacewalk-config: - Version 4.2.5-1 * add migration for changed rhn.conf values spacewalk-java: - Version 4.2.32-1 * Pass only selected servers to taskomatic for cancelation (bsc#1194044) * Added rights field to generated updateinfo.xml to handle copyright * provide static configuration key name for SSHMinionActionExecutor parallel threads * Add support for custom SSH port for SSH minions * add ubuntu errata data and install handling * Fix stack overflow when building a CLM project from modular sources (bsc#1194990) * SLES PAYG client support on cloud * Change order of 'Relevant' and 'All' in patches menu * Handle multiple Kiwi bundles (bsc#1194905) * Install product by default after a channel is subscribed * Improve token validation logs * fix possible race condition in job handling (bsc#1192510) * Migrate the displaying of the date/time to rhn:formatDate * Add additional matchers to package (nevra) filter * Add greater equals matcher to package (nevra) filter * fix XML syntax in cobbler snippets (bsc#1193694) * Add new endpoints to packages API: schedulePackageLockChange, listPackagesLockStatus * Avoid using RPM tags when filtering modular packages in CLM (bsc#1192487) * Fix stripping module metadata when cloning channels in CLM (bsc#1193008) * UI and API call for changing proxy * require postgresql14 on SLE15 SP4 * Update proxy path on minion connection * fix actionchain stuck in pending/picked up (bsc#1189561) * fix parsing error by making SCAP Profile description attribute optional (bsc#1192321) * Show salt ssh error message in failed action details spacewalk-reports: - Version 4.2.7-1 * Fixes query for system-history report to prevent more than one row returned by a subquery with rhnxccdftestresult.identifier (bsc#1191192) spacewalk-search: - Version 4.2.6-1 * Rename jakarta to apache on SPEC spacewalk-setup: - Version 4.2.10-1 * During upgrade, set tomcat connector connectionTimeout to 900000 if the previous values is the old default (20000) spacewalk-utils: - Version 4.2.15-1 * require python macros for building spacewalk-web: - Version 4.2.25-1 * Add support for custom SSH port for SSH minions * SLES PAYG client support on cloud * Migrate the displaying of the date/time to rhn:formatDate, get rid of the legacy fmt:formatDate glue * Fix header search autofocus * Fix virtual systems list request error (bsc#1194397) * UI for changing proxy * Fix legacy timepicker passing wrong time to the backend if server and user time differ (bsc#1192699) * Fix legacy timepicker passing wrong time to the backend if selected date is in summer time (bsc#1192776) suseRegisterInfo: - Version 4.2.5-1 * require python macros for building * Do not build python 2 package for SLE15 and higher susemanager: - Version 4.2.27-1 * mgr-setup: do not concanate www and apache groups (bsc#1195171) * fix pg-migrate to check version of postgresql??-server (bsc#1192368) * remove obsoleted sysv init script (bsc#1191857) susemanager-doc-indexes: - Added instructions for Pay-as-you-go to the Installation Guide - In the Client Configuration Guide, documented finding channel names for registering older SUSE Linux Enterprise clients - Documented moving Salt clients between proxies in the Client Configuration Guide - Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client - In the Troubleshooting section of the Client Configuration Guide, documented that SUSE Linux Enterprise Server 11 clients require previous SSL versions installed on the server - In the Retail Guide, adjust branch server version numbers (bsc#1193292) susemanager-docs_en: - Added instructions for Pay-as-you-go to the Installation Guide - In the Client Configuration Guide, documented finding channel names for registering older SUSE Linux Enterprise clients - Documented moving Salt clients between proxies in the Client Configuration Guide - Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client - In the Troubleshooting section of the Client Configuration Guide, documented that SUSE Linux Enterprise Server 11 clients require previous SSL versions installed on the server - In the Retail Guide, adjust branch server version numbers (bsc#1193292) susemanager-schema: - Version 4.2.20-1 * Added rights column to rhnerrata to handle copyright information * Add support for custom SSH port for SSH minions * add ubuntu errata data and install handling * SLES PAYG client support on cloud * Replace not existing Asia/Beijing timezone with Asia/Shanghai (bsc#1194862) * Continue with index migration when the expected indexes do not exist (bsc#1192566) * Fix changing of existing proxy path * Add pillars to Apply States action * Fix rhnChannelNewestPackageView in case there are duplicates (bsc#1193612) susemanager-sls: - Version 4.2.20-1 * Handle multiple Kiwi bundles (bsc#1194905) * enforce correct minion configuration similar to bootstrapping (bsc#1192510) * Add state for changing proxy * Update proxy path on minion connection * Fix problem installing/removing packages using action chains in transactional systems uyuni-common-libs: - Version 4.2.6-1 * Read modularity data from DISTTAG tag as fallback (bsc#1192487) * require python macros for building uyuni-config-formula: - Version 0.2 * support to manager activation keys How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-593=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): inter-server-sync-0.0.7-150300.8.9.1 inter-server-sync-debuginfo-0.0.7-150300.8.9.1 python3-uyuni-common-libs-4.2.6-150300.3.6.1 spacewalk-branding-4.2.12-150300.3.6.1 susemanager-4.2.27-150300.3.19.1 susemanager-tools-4.2.27-150300.3.19.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): c3p0-0.9.5.2-150300.4.3.1 dhcpd-formula-0.1.1641480250.d5bd14c-150300.3.3.1 hibernate5-5.3.7-150300.5.3.1 mgr-libmod-4.2.7-150300.3.6.1 mgr-osa-dispatcher-4.2.7-150300.2.6.1 mgr-push-4.2.4-150300.2.6.1 py27-compat-salt-3000.3-150300.7.7.17.1 python3-mgr-osa-common-4.2.7-150300.2.6.1 python3-mgr-osa-dispatcher-4.2.7-150300.2.6.1 python3-mgr-push-4.2.4-150300.2.6.1 python3-rhnlib-4.2.5-150300.4.6.1 python3-spacewalk-client-tools-4.2.16-150300.4.15.1 python3-suseRegisterInfo-4.2.5-150300.4.6.1 salt-netapi-client-0.19.0-150300.3.3.1 saltboot-formula-0.1.1637232240.87d79ed-150300.3.6.1 spacecmd-4.2.15-150300.4.15.1 spacewalk-backend-4.2.19-150300.4.15.1 spacewalk-backend-app-4.2.19-150300.4.15.1 spacewalk-backend-applet-4.2.19-150300.4.15.1 spacewalk-backend-config-files-4.2.19-150300.4.15.1 spacewalk-backend-config-files-common-4.2.19-150300.4.15.1 spacewalk-backend-config-files-tool-4.2.19-150300.4.15.1 spacewalk-backend-iss-4.2.19-150300.4.15.1 spacewalk-backend-iss-export-4.2.19-150300.4.15.1 spacewalk-backend-package-push-server-4.2.19-150300.4.15.1 spacewalk-backend-server-4.2.19-150300.4.15.1 spacewalk-backend-sql-4.2.19-150300.4.15.1 spacewalk-backend-sql-postgresql-4.2.19-150300.4.15.1 spacewalk-backend-tools-4.2.19-150300.4.15.1 spacewalk-backend-xml-export-libs-4.2.19-150300.4.15.1 spacewalk-backend-xmlrpc-4.2.19-150300.4.15.1 spacewalk-base-4.2.25-150300.3.15.2 spacewalk-base-minimal-4.2.25-150300.3.15.2 spacewalk-base-minimal-config-4.2.25-150300.3.15.2 spacewalk-client-tools-4.2.16-150300.4.15.1 spacewalk-config-4.2.5-150300.3.3.1 spacewalk-html-4.2.25-150300.3.15.2 spacewalk-java-4.2.32-150300.3.20.1 spacewalk-java-config-4.2.32-150300.3.20.1 spacewalk-java-lib-4.2.32-150300.3.20.1 spacewalk-java-postgresql-4.2.32-150300.3.20.1 spacewalk-reports-4.2.7-150300.3.9.1 spacewalk-search-4.2.6-150300.3.6.1 spacewalk-setup-4.2.10-150300.3.12.1 spacewalk-taskomatic-4.2.32-150300.3.20.1 spacewalk-utils-4.2.15-150300.3.12.1 spacewalk-utils-extras-4.2.15-150300.3.12.1 suseRegisterInfo-4.2.5-150300.4.6.1 susemanager-doc-indexes-4.2-150300.12.19.1 susemanager-docs_en-4.2-150300.12.19.1 susemanager-docs_en-pdf-4.2-150300.12.19.1 susemanager-schema-4.2.20-150300.3.15.1 susemanager-sls-4.2.20-150300.3.17.1 susemanager-web-libs-4.2.25-150300.3.15.2 uyuni-config-formula-0.2-150300.3.3.1 uyuni-config-modules-4.2.20-150300.3.17.1 References: https://www.suse.com/security/cve/CVE-2020-25638.html https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1189561 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1191192 https://bugzilla.suse.com/1191285 https://bugzilla.suse.com/1191857 https://bugzilla.suse.com/1192321 https://bugzilla.suse.com/1192368 https://bugzilla.suse.com/1192440 https://bugzilla.suse.com/1192487 https://bugzilla.suse.com/1192510 https://bugzilla.suse.com/1192514 https://bugzilla.suse.com/1192550 https://bugzilla.suse.com/1192566 https://bugzilla.suse.com/1192699 https://bugzilla.suse.com/1192776 https://bugzilla.suse.com/1193008 https://bugzilla.suse.com/1193292 https://bugzilla.suse.com/1193565 https://bugzilla.suse.com/1193585 https://bugzilla.suse.com/1193612 https://bugzilla.suse.com/1193694 https://bugzilla.suse.com/1193832 https://bugzilla.suse.com/1194044 https://bugzilla.suse.com/1194397 https://bugzilla.suse.com/1194862 https://bugzilla.suse.com/1194905 https://bugzilla.suse.com/1194990 https://bugzilla.suse.com/1195171 From sle-updates at lists.suse.com Mon Feb 28 20:22:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:22:42 +0100 (CET) Subject: SUSE-RU-2022:14900-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20220228202242.D6A45F375@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:14900-1 Rating: moderate References: #1097531 #1190781 #1193357 ECO-3319 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Fix inspector module export function (bsc#1097531) - Add all ssh kwargs to sanitize_kwargs method - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. scap-security-guide: - Updated to 0.1.59 release (jsc#ECO-3319) - Support for Debian 11 - NERC CIP profiles for OCP4 and RHCOS - HIPAA profile for SLE15 - Delta Tailoring Files for STIG profiles spacecmd: - Version 4.2.15-1 * require python macros for building Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202202-14900=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+104.1 salt-minion-3002.2+ds-1+104.1 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 From sle-updates at lists.suse.com Mon Feb 28 20:23:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:23:22 +0100 (CET) Subject: SUSE-RU-2022:0587-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20220228202322.5D6D7F375@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0587-1 Rating: moderate References: #1097531 #1190781 #1193357 ECO-3319 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Fix inspector module export function (bsc#1097531) - Add all ssh kwargs to sanitize_kwargs method - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. scap-security-guide: - Updated to 0.1.59 release (jsc#ECO-3319) - Support for Debian 11 - NERC CIP profiles for OCP4 and RHCOS - HIPAA profile for SLE15 - Delta Tailoring Files for STIG profiles spacecmd: - Version 4.2.15-1 * require python macros for building Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2022-587=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+2.42.1 salt-minion-3002.2+ds-1+2.42.1 scap-security-guide-debian-0.1.59-2.15.1 spacecmd-4.2.15-2.24.1 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 From sle-updates at lists.suse.com Mon Feb 28 20:24:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:24:03 +0100 (CET) Subject: SUSE-RU-2022:0598-1: moderate: Recommended update for SUSE Manager 4.2.5 Release Notes Message-ID: <20220228202403.1F660F375@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.2.5 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0598-1 Rating: moderate References: #1097531 #1173103 #1189561 #1190781 #1191192 #1191285 #1191857 #1192321 #1192368 #1192440 #1192487 #1192510 #1192514 #1192550 #1192566 #1192699 #1192776 #1193008 #1193292 #1193565 #1193585 #1193600 #1193612 #1193694 #1193832 #1194044 #1194397 #1194862 #1194905 #1194990 #1195171 Affected Products: SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 31 recommended fixes can now be installed. Description: This update for SUSE Manager 4.2.5 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.2.5 * Ubuntu errata installation support * Make it to possible to sync content from SUSE Cloud RMT Servers * New matchers in Content Lifecycle Management * Change proxy used for clients from the WebUI * Bugs mentioned: bsc#1097531, bsc#1173103, bsc#1189561, bsc#1190781, bsc#1191192 bsc#1191285, bsc#1191857, bsc#1192321, bsc#1192368, bsc#1192440 bsc#1192487, bsc#1192510, bsc#1192514, bsc#1192550, bsc#1192566 bsc#1192699, bsc#1192776, bsc#1193008, bsc#1193292, bsc#1193565 bsc#1193585, bsc#1193612, bsc#1193694, bsc#1193832, bsc#1194044 bsc#1194397, bsc#1194862, bsc#1194905, bsc#1194990, bsc#1195171 Release notes for SUSE Manager proxy: - Update to 4.2.5 * Change proxy used for clients from the WebUI * Bugs mentioned: bsc#1192487, bsc#1192514, bsc#1192699, bsc#1192776, bsc#1193585 bsc#1193600,bsc#1194397 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-598=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-598=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-598=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): release-notes-susemanager-4.2.5-150300.3.27.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): release-notes-susemanager-proxy-4.2.5-150300.3.21.1 - SUSE Manager Proxy 4.2 (x86_64): release-notes-susemanager-proxy-4.2.5-150300.3.21.1 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1189561 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1191192 https://bugzilla.suse.com/1191285 https://bugzilla.suse.com/1191857 https://bugzilla.suse.com/1192321 https://bugzilla.suse.com/1192368 https://bugzilla.suse.com/1192440 https://bugzilla.suse.com/1192487 https://bugzilla.suse.com/1192510 https://bugzilla.suse.com/1192514 https://bugzilla.suse.com/1192550 https://bugzilla.suse.com/1192566 https://bugzilla.suse.com/1192699 https://bugzilla.suse.com/1192776 https://bugzilla.suse.com/1193008 https://bugzilla.suse.com/1193292 https://bugzilla.suse.com/1193565 https://bugzilla.suse.com/1193585 https://bugzilla.suse.com/1193600 https://bugzilla.suse.com/1193612 https://bugzilla.suse.com/1193694 https://bugzilla.suse.com/1193832 https://bugzilla.suse.com/1194044 https://bugzilla.suse.com/1194397 https://bugzilla.suse.com/1194862 https://bugzilla.suse.com/1194905 https://bugzilla.suse.com/1194990 https://bugzilla.suse.com/1195171 From sle-updates at lists.suse.com Mon Feb 28 20:27:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:27:10 +0100 (CET) Subject: SUSE-RU-2022:0603-1: moderate: Recommended update for prometheus-formula Message-ID: <20220228202710.0F515F375@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0603-1 Rating: moderate References: #1196489 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for prometheus-formula fixes the following issues: - Version 0.3.6 * Fix checking available package version (bsc#1196489) * Fix Blackbox exporter configuration for Prometheus >= 2.31 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-603=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): prometheus-formula-0.3.6-3.18.1 References: https://bugzilla.suse.com/1196489 From sle-updates at lists.suse.com Mon Feb 28 20:27:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:27:42 +0100 (CET) Subject: SUSE-FU-2022:0599-1: moderate: Feature update for golang-github-prometheus-prometheus Message-ID: <20220228202742.863F7F375@maintenance.suse.de> SUSE Feature Update: Feature update for golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0599-1 Rating: moderate References: #1181400 SLE-22863 Affected Products: SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that has one feature fix and contains one feature can now be installed. Description: This feature update for golang-github-prometheus-prometheus provides the following changes: Upgrade `golang-github-prometheus-prometheus` from version 2.27.1 to version 2.32.1: (jsc#SLE-22863) - Use `obs-service-go_modules` - Added hardening to systemd service(s). Modified `prometheus.service` (bsc#1181400) - Bugfixes: * Scrape: Fix reporting metrics when sample limit is reached during the report. * Scrape: Ensure that scrape interval and scrape timeout are always set. * TSDB: Expose and fix bug in iterators' Seek() method. * TSDB: Add more size checks when writing individual sections in the index. * PromQL: Make deriv() return zero values for constant series. * TSDB: Fix panic when checkpoint directory is empty. #9687 * TSDB: Fix panic, out of order chunks, and race warning during WAL replay. * UI: Correctly render links for targets with IPv6 addresses that contain a Zone ID. * Promtool: Fix checking of `authorization.credentials_file` and `bearer_token_file` fields. * Uyuni SD: Fix null pointer exception during initialization. * TSDB: Fix queries after a failed snapshot replay. * SD: Fix a panic when the experimental discovery manager receives targets during a reload. * Backfill: Apply rule labels after query labels. * Scrape: Resolve conflicts between multiple exported label prefixes. * Scrape: Restart scrape loops when __scrape_interval__ is changed. * TSDB: Fix memory leak in samples deletion. * UI: Use consistent margin-bottom for all alert kinds. * TSDB: Fix panic on failed snapshot replay. * TSDB: Don't fail snapshot replay with exemplar storage disabled when the snapshot contains exemplars. * TSDB: Don't error on overlapping m-mapped chunks during WAL replay. * promtool rules backfill: Prevent creation of data before the start time. * promtool rules backfill: Do not query after the end time. * Azure SD: Fix panic when no computername is set. * Exemplars: Fix panic when resizing exemplar storage from 0 to a non-zero size. * TSDB: Correctly decrement `prometheus_tsdb_head_active_appenders` when the append has no samples. * promtool rules backfill: Return 1 if backfill was unsuccessful. * promtool rules backfill: Avoid creation of overlapping blocks. * config: Fix a panic when reloading configuration with a null relabel action. * Fix Kubernetes SD failing to discover Ingress in Kubernetes v1.22. * Fix data race in loading write-ahead-log (WAL). * TSDB: align atomically accessed int64 to prevent panic in 32-bit archs. * Log when total symbol size exceeds 2^32 bytes, causing compaction to fail, and skip compaction. * Fix incorrect target_limit reloading of zero value. * Fix head GC and pending readers race condition. * Fix timestamp handling in OpenMetrics parser. * Fix potential duplicate metrics in /federate endpoint when specifying multiple matchers. * Fix server configuration and validation for authentication via client cert. * Allow start and end again as label names in PromQL queries. They were disallowed since the introduction of @ timestamp feature. * HTTP SD: Allow charset specification in Content-Type header. * HTTP SD: Fix handling of disappeared target groups. * Fix incorrect log-level handling after moving to go-kit/log. * UI: In the experimental PromQL editor, fix autocompletion and parsing for special float values and improve series metadata fetching. * TSDB: When merging chunks, split resulting chunks if they would contain more than the maximum of 120 samples. * SD: Fix the computation of the `prometheus_sd_discovered_targets` metric when using multiple service discoveries. - Change: * remote-write: Change default max retry time from 100ms to 5 seconds. * UI: Remove standard PromQL editor in favour of the codemirror-based editor. * Promote `--storage.tsdb.allow-overlapping-blocks` flag to stable. * Promote `--storage.tsdb.retention.size` flag to stable. * UI: Make the new experimental PromQL editor the default. - Features: * Agent: New mode of operation optimized for remote-write only scenarios, without local storage. * Promtool: Add promtool check service-discovery command. * PromQL: Add trigonometric functions and atan2 binary operator. * Remote: Add support for exemplar in the remote write receiver endpoint. * SD: Add PuppetDB service discovery. * SD: Add Uyuni service discovery. * Web: Add support for security-related HTTP headers. * experimental TSDB: Snapshot in-memory chunks on shutdown for faster restarts. * experimental Scrape: Configure scrape interval and scrape timeout via relabeling using `__scrape_interval__` and `__scrape_timeout__` labels respectively. * Scrape: Add scrape_timeout_seconds and scrape_sample_limit metric. * Add Kuma service discovery. * Add present_over_time PromQL function. * Allow configuring exemplar storage via file and make it reloadable. * UI: Allow selecting time range with mouse drag. * promtool: Add feature flags flag `--enable-feature`. * promtool: Add `file_sd` file validation. * Linode SD: Add Linode service discovery. * HTTP SD: Add generic HTTP-based service discovery. * Kubernetes SD: Allow configuring API Server access via a kubeconfig file. * UI: Add exemplar display support to the graphing interface. * Consul SD: Add namespace support for Consul Enterprise. - Enhancements: * Promtool: Improve test output. * Promtool: Use kahan summation for better numerical stability. * Remote-write: Reuse memory for marshalling. * Scrape: Add scrape_body_size_bytes scrape metric behind the `--enable-feature=extra-scrape-metrics` flag. * TSDB: Add windows arm64 support. * TSDB: Optimize query by skipping unneeded sorting in TSDB. * Templates: Support int and uint as datatypes for template formatting. * UI: Prefer rate over rad, delta over deg, and count over cos in autocomplete. * Azure SD: Add proxy_url, follow_redirects, tls_config. * Backfill: Add `--max-block-duration` in promtool `create-blocks-from` rules. * Config: Print human-readable sizes with unit instead of raw numbers. * HTTP: Re-enable HTTP/2. * Kubernetes SD: Warn user if number of endpoints exceeds limit. * OAuth2: Add TLS configuration to token requests. * PromQL: Several optimizations. * PromQL: Make aggregations deterministic in instant queries. * Rules: Add the ability to limit number of alerts or series. * SD: Experimental discovery manager to avoid restarts upon reload. * UI: Debounce timerange setting changes. * Remote Write: Redact remote write URL when used for metric label. * UI: Redact remote write URL and proxy URL passwords in the /config page. * Scrape: Add --scrape.timestamp-tolerance flag to adjust scrape timestamp tolerance when enabled via `--scrape.adjust-timestamps`. * Remote Write: Improve throughput when sending exemplars. * TSDB: Optimise WAL loading by removing extra map and caching min-time * promtool: Speed up checking for duplicate rules. * Scrape: Reduce allocations when parsing the metrics. * docker_sd: Support host network mode * Reduce blocking of outgoing remote write requests from series garbage collection. * Improve write-ahead-log decoding performance. * Improve append performance in TSDB by reducing mutexes usage. * Allow configuring max_samples_per_send for remote write metadata. * Add `__meta_gce_interface_ipv4_` meta label to GCE discovery. * Add `__meta_ec2_availability_zone_id` meta label to EC2 discovery. * Add `__meta_azure_machine_computer_name` meta label to Azure discovery. * Add `__meta_hetzner_hcloud_labelpresent_` meta label to Hetzner discovery. * promtool: Add compaction efficiency to promtool tsdb analyze reports. * promtool: Allow configuring max block duration for backfilling via `--max-block-duration` flag. * UI: Add sorting and filtering to flags page. * UI: Improve alerts page rendering performance. * Promtool: Allow silencing output when importing / backfilling data. * Consul SD: Support reading tokens from file. * Rules: Add a new .ExternalURL alert field templating variable, containing the external URL of the Prometheus server. * Scrape: Add experimental body_size_limit scrape configuration setting to limit the allowed response body size for target scrapes. * Kubernetes SD: Add ingress class name label for ingress discovery. * UI: Show a startup screen with progress bar when the TSDB is not ready yet. * SD: Add a target creation failure counter `prometheus_target_sync_failed_total` and improve target creation failure handling. * TSDB: Improve validation of exemplar label set length. * TSDB: Add a prometheus_tsdb_clean_start metric that indicates whether a TSDB lockfile from a previous run still existed upon startup. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-599=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-599=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-599=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-4.3.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-4.3.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): golang-github-prometheus-prometheus-2.32.1-4.3.2 References: https://bugzilla.suse.com/1181400 From sle-updates at lists.suse.com Mon Feb 28 20:28:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:28:17 +0100 (CET) Subject: SUSE-RU-2022:0585-1: moderate: Recommended update for Salt Message-ID: <20220228202817.25889F375@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0585-1 Rating: moderate References: #1097531 #1190781 #1193357 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Fix inspector module export function (bsc#1097531) - Add all ssh kwargs to sanitize_kwargs method - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-585=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-585=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-585=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-585=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python3-salt-3002.2-8.41.23.1 salt-3002.2-8.41.23.1 salt-api-3002.2-8.41.23.1 salt-cloud-3002.2-8.41.23.1 salt-doc-3002.2-8.41.23.1 salt-master-3002.2-8.41.23.1 salt-minion-3002.2-8.41.23.1 salt-proxy-3002.2-8.41.23.1 salt-ssh-3002.2-8.41.23.1 salt-standalone-formulas-configuration-3002.2-8.41.23.1 salt-syndic-3002.2-8.41.23.1 salt-transactional-update-3002.2-8.41.23.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3002.2-8.41.23.1 salt-fish-completion-3002.2-8.41.23.1 salt-zsh-completion-3002.2-8.41.23.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python3-salt-3002.2-8.41.23.1 salt-3002.2-8.41.23.1 salt-api-3002.2-8.41.23.1 salt-cloud-3002.2-8.41.23.1 salt-doc-3002.2-8.41.23.1 salt-master-3002.2-8.41.23.1 salt-minion-3002.2-8.41.23.1 salt-proxy-3002.2-8.41.23.1 salt-ssh-3002.2-8.41.23.1 salt-standalone-formulas-configuration-3002.2-8.41.23.1 salt-syndic-3002.2-8.41.23.1 salt-transactional-update-3002.2-8.41.23.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3002.2-8.41.23.1 salt-fish-completion-3002.2-8.41.23.1 salt-zsh-completion-3002.2-8.41.23.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python3-salt-3002.2-8.41.23.1 salt-3002.2-8.41.23.1 salt-api-3002.2-8.41.23.1 salt-cloud-3002.2-8.41.23.1 salt-doc-3002.2-8.41.23.1 salt-master-3002.2-8.41.23.1 salt-minion-3002.2-8.41.23.1 salt-proxy-3002.2-8.41.23.1 salt-ssh-3002.2-8.41.23.1 salt-standalone-formulas-configuration-3002.2-8.41.23.1 salt-syndic-3002.2-8.41.23.1 salt-transactional-update-3002.2-8.41.23.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3002.2-8.41.23.1 salt-fish-completion-3002.2-8.41.23.1 salt-zsh-completion-3002.2-8.41.23.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python3-salt-3002.2-8.41.23.1 salt-3002.2-8.41.23.1 salt-api-3002.2-8.41.23.1 salt-cloud-3002.2-8.41.23.1 salt-doc-3002.2-8.41.23.1 salt-master-3002.2-8.41.23.1 salt-minion-3002.2-8.41.23.1 salt-proxy-3002.2-8.41.23.1 salt-ssh-3002.2-8.41.23.1 salt-standalone-formulas-configuration-3002.2-8.41.23.1 salt-syndic-3002.2-8.41.23.1 salt-transactional-update-3002.2-8.41.23.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3002.2-8.41.23.1 salt-fish-completion-3002.2-8.41.23.1 salt-zsh-completion-3002.2-8.41.23.1 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 From sle-updates at lists.suse.com Mon Feb 28 20:28:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:28:58 +0100 (CET) Subject: SUSE-FU-2022:0601-1: moderate: Feature update for golang-github-prometheus-prometheus Message-ID: <20220228202858.D7AF5F375@maintenance.suse.de> SUSE Feature Update: Feature update for golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0601-1 Rating: moderate References: #1181400 SLE-22863 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that has one feature fix and contains one feature can now be installed. Description: This feature update for golang-github-prometheus-prometheus provides the following changes: Upgrade `golang-github-prometheus-prometheus` from version 2.27.1 to version 2.32.1: (jsc#SLE-22863) - Use `obs-service-go_modules` - Added hardening to systemd service(s). Modified `prometheus.service` (bsc#1181400) - Bugfixes: * Scrape: Fix reporting metrics when sample limit is reached during the report. * Scrape: Ensure that scrape interval and scrape timeout are always set. * TSDB: Expose and fix bug in iterators' Seek() method. * TSDB: Add more size checks when writing individual sections in the index. * PromQL: Make deriv() return zero values for constant series. * TSDB: Fix panic when checkpoint directory is empty. #9687 * TSDB: Fix panic, out of order chunks, and race warning during WAL replay. * UI: Correctly render links for targets with IPv6 addresses that contain a Zone ID. * Promtool: Fix checking of `authorization.credentials_file` and `bearer_token_file` fields. * Uyuni SD: Fix null pointer exception during initialization. * TSDB: Fix queries after a failed snapshot replay. * SD: Fix a panic when the experimental discovery manager receives targets during a reload. * Backfill: Apply rule labels after query labels. * Scrape: Resolve conflicts between multiple exported label prefixes. * Scrape: Restart scrape loops when __scrape_interval__ is changed. * TSDB: Fix memory leak in samples deletion. * UI: Use consistent margin-bottom for all alert kinds. * TSDB: Fix panic on failed snapshot replay. * TSDB: Don't fail snapshot replay with exemplar storage disabled when the snapshot contains exemplars. * TSDB: Don't error on overlapping m-mapped chunks during WAL replay. * promtool rules backfill: Prevent creation of data before the start time. * promtool rules backfill: Do not query after the end time. * Azure SD: Fix panic when no computername is set. * Exemplars: Fix panic when resizing exemplar storage from 0 to a non-zero size. * TSDB: Correctly decrement `prometheus_tsdb_head_active_appenders` when the append has no samples. * promtool rules backfill: Return 1 if backfill was unsuccessful. * promtool rules backfill: Avoid creation of overlapping blocks. * config: Fix a panic when reloading configuration with a null relabel action. * Fix Kubernetes SD failing to discover Ingress in Kubernetes v1.22. * Fix data race in loading write-ahead-log (WAL). * TSDB: align atomically accessed int64 to prevent panic in 32-bit archs. * Log when total symbol size exceeds 2^32 bytes, causing compaction to fail, and skip compaction. * Fix incorrect target_limit reloading of zero value. * Fix head GC and pending readers race condition. * Fix timestamp handling in OpenMetrics parser. * Fix potential duplicate metrics in /federate endpoint when specifying multiple matchers. * Fix server configuration and validation for authentication via client cert. * Allow start and end again as label names in PromQL queries. They were disallowed since the introduction of @ timestamp feature. * HTTP SD: Allow charset specification in Content-Type header. * HTTP SD: Fix handling of disappeared target groups. * Fix incorrect log-level handling after moving to go-kit/log. * UI: In the experimental PromQL editor, fix autocompletion and parsing for special float values and improve series metadata fetching. * TSDB: When merging chunks, split resulting chunks if they would contain more than the maximum of 120 samples. * SD: Fix the computation of the `prometheus_sd_discovered_targets` metric when using multiple service discoveries. - Change: * remote-write: Change default max retry time from 100ms to 5 seconds. * UI: Remove standard PromQL editor in favour of the codemirror-based editor. * Promote `--storage.tsdb.allow-overlapping-blocks` flag to stable. * Promote `--storage.tsdb.retention.size` flag to stable. * UI: Make the new experimental PromQL editor the default. - Features: * Agent: New mode of operation optimized for remote-write only scenarios, without local storage. * Promtool: Add promtool check service-discovery command. * PromQL: Add trigonometric functions and atan2 binary operator. * Remote: Add support for exemplar in the remote write receiver endpoint. * SD: Add PuppetDB service discovery. * SD: Add Uyuni service discovery. * Web: Add support for security-related HTTP headers. * experimental TSDB: Snapshot in-memory chunks on shutdown for faster restarts. * experimental Scrape: Configure scrape interval and scrape timeout via relabeling using `__scrape_interval__` and `__scrape_timeout__` labels respectively. * Scrape: Add scrape_timeout_seconds and scrape_sample_limit metric. * Add Kuma service discovery. * Add present_over_time PromQL function. * Allow configuring exemplar storage via file and make it reloadable. * UI: Allow selecting time range with mouse drag. * promtool: Add feature flags flag `--enable-feature`. * promtool: Add `file_sd` file validation. * Linode SD: Add Linode service discovery. * HTTP SD: Add generic HTTP-based service discovery. * Kubernetes SD: Allow configuring API Server access via a kubeconfig file. * UI: Add exemplar display support to the graphing interface. * Consul SD: Add namespace support for Consul Enterprise. - Enhancements: * Promtool: Improve test output. * Promtool: Use kahan summation for better numerical stability. * Remote-write: Reuse memory for marshalling. * Scrape: Add scrape_body_size_bytes scrape metric behind the `--enable-feature=extra-scrape-metrics` flag. * TSDB: Add windows arm64 support. * TSDB: Optimize query by skipping unneeded sorting in TSDB. * Templates: Support int and uint as datatypes for template formatting. * UI: Prefer rate over rad, delta over deg, and count over cos in autocomplete. * Azure SD: Add proxy_url, follow_redirects, tls_config. * Backfill: Add `--max-block-duration` in promtool `create-blocks-from` rules. * Config: Print human-readable sizes with unit instead of raw numbers. * HTTP: Re-enable HTTP/2. * Kubernetes SD: Warn user if number of endpoints exceeds limit. * OAuth2: Add TLS configuration to token requests. * PromQL: Several optimizations. * PromQL: Make aggregations deterministic in instant queries. * Rules: Add the ability to limit number of alerts or series. * SD: Experimental discovery manager to avoid restarts upon reload. * UI: Debounce timerange setting changes. * Remote Write: Redact remote write URL when used for metric label. * UI: Redact remote write URL and proxy URL passwords in the /config page. * Scrape: Add --scrape.timestamp-tolerance flag to adjust scrape timestamp tolerance when enabled via `--scrape.adjust-timestamps`. * Remote Write: Improve throughput when sending exemplars. * TSDB: Optimise WAL loading by removing extra map and caching min-time * promtool: Speed up checking for duplicate rules. * Scrape: Reduce allocations when parsing the metrics. * docker_sd: Support host network mode * Reduce blocking of outgoing remote write requests from series garbage collection. * Improve write-ahead-log decoding performance. * Improve append performance in TSDB by reducing mutexes usage. * Allow configuring max_samples_per_send for remote write metadata. * Add `__meta_gce_interface_ipv4_` meta label to GCE discovery. * Add `__meta_ec2_availability_zone_id` meta label to EC2 discovery. * Add `__meta_azure_machine_computer_name` meta label to Azure discovery. * Add `__meta_hetzner_hcloud_labelpresent_` meta label to Hetzner discovery. * promtool: Add compaction efficiency to promtool tsdb analyze reports. * promtool: Allow configuring max block duration for backfilling via `--max-block-duration` flag. * UI: Add sorting and filtering to flags page. * UI: Improve alerts page rendering performance. * Promtool: Allow silencing output when importing / backfilling data. * Consul SD: Support reading tokens from file. * Rules: Add a new .ExternalURL alert field templating variable, containing the external URL of the Prometheus server. * Scrape: Add experimental body_size_limit scrape configuration setting to limit the allowed response body size for target scrapes. * Kubernetes SD: Add ingress class name label for ingress discovery. * UI: Show a startup screen with progress bar when the TSDB is not ready yet. * SD: Add a target creation failure counter `prometheus_target_sync_failed_total` and improve target creation failure handling. * TSDB: Improve validation of exemplar label set length. * TSDB: Add a prometheus_tsdb_clean_start metric that indicates whether a TSDB lockfile from a previous run still existed upon startup. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-601=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-3.35.1 References: https://bugzilla.suse.com/1181400 From sle-updates at lists.suse.com Mon Feb 28 20:29:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:29:31 +0100 (CET) Subject: SUSE-RU-2022:14902-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20220228202931.852BBF375@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:14902-1 Rating: moderate References: #1192487 #1193600 Affected Products: SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-wrouesnel-postgres_exporter: - Use go 1.15 for RedHat 8 and clones, as 8.5 included 1.16, which is not compatible mgr-cfg: - Version 4.2.6-1 * Do not build python 2 package for SLE15SP4 and higher - Version 4.2.5-1 * do not build python 2 package for SLE15 - Version 4.2.4-1 * Fix python selinux package name depending on build target (bsc#1193600) mgr-custom-info: - Version 4.2.3-1 * require python macros for building mgr-osad: - Version 4.2.7-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building mgr-push: - Version 4.2.4-1 * Do not build python 2 package for SLE15SP4 and higher mgr-virtualization: - Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building rhnlib: - Version 4.2.5-1 * do not build python 2 package for SLE15 spacecmd: - Version 4.2.15-1 * require python macros for building spacewalk-client-tools: - Version 4.2.16-1 * do not build python 2 package for SLE15 * require python macros for building spacewalk-koan: - Version 4.2.5-1 * Do not build python 2 package for SLE15SP4 and higher spacewalk-oscap: - Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building spacewalk-remote-utils: - Version 4.2.2-1 * require python macros for building suseRegisterInfo: - Version 4.2.5-1 * require python macros for building * Do not build python 2 package for SLE15 and higher uyuni-common-libs: - Version 4.2.6-1 * Read modularity data from DISTTAG tag as fallback (bsc#1192487) * require python macros for building zypp-plugin-spacewalk: - 1.0.11 * require python macros for building Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-202202-14902=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-202202-14902=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-cfg-4.2.6-5.21.2 mgr-cfg-actions-4.2.6-5.21.2 mgr-cfg-client-4.2.6-5.21.2 mgr-cfg-management-4.2.6-5.21.2 mgr-custom-info-4.2.3-5.15.2 mgr-osad-4.2.7-5.33.2 mgr-push-4.2.4-5.15.2 mgr-virtualization-host-4.2.3-5.23.2 python2-mgr-cfg-4.2.6-5.21.2 python2-mgr-cfg-actions-4.2.6-5.21.2 python2-mgr-cfg-client-4.2.6-5.21.2 python2-mgr-cfg-management-4.2.6-5.21.2 python2-mgr-osa-common-4.2.7-5.33.2 python2-mgr-osad-4.2.7-5.33.2 python2-mgr-push-4.2.4-5.15.2 python2-mgr-virtualization-common-4.2.3-5.23.2 python2-mgr-virtualization-host-4.2.3-5.23.2 python2-rhnlib-4.2.5-12.37.2 python2-spacewalk-check-4.2.16-27.65.2 python2-spacewalk-client-setup-4.2.16-27.65.2 python2-spacewalk-client-tools-4.2.16-27.65.2 python2-spacewalk-koan-4.2.5-9.27.2 python2-spacewalk-oscap-4.2.3-6.21.2 python2-suseRegisterInfo-4.2.5-6.21.2 python2-uyuni-common-libs-4.2.6-5.18.2 python2-zypp-plugin-spacewalk-1.0.11-27.27.2 spacecmd-4.2.15-18.99.2 spacewalk-check-4.2.16-27.65.2 spacewalk-client-setup-4.2.16-27.65.2 spacewalk-client-tools-4.2.16-27.65.2 spacewalk-koan-4.2.5-9.27.2 spacewalk-oscap-4.2.3-6.21.2 suseRegisterInfo-4.2.5-6.21.2 zypp-plugin-spacewalk-1.0.11-27.27.2 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 x86_64): golang-github-wrouesnel-postgres_exporter-0.4.7-5.15.2 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): spacewalk-remote-utils-4.2.2-6.21.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-cfg-4.2.6-5.21.2 mgr-cfg-actions-4.2.6-5.21.2 mgr-cfg-client-4.2.6-5.21.2 mgr-cfg-management-4.2.6-5.21.2 mgr-custom-info-4.2.3-5.15.2 mgr-osad-4.2.7-5.33.2 mgr-push-4.2.4-5.15.2 mgr-virtualization-host-4.2.3-5.23.2 python2-mgr-cfg-4.2.6-5.21.2 python2-mgr-cfg-actions-4.2.6-5.21.2 python2-mgr-cfg-client-4.2.6-5.21.2 python2-mgr-cfg-management-4.2.6-5.21.2 python2-mgr-osa-common-4.2.7-5.33.2 python2-mgr-osad-4.2.7-5.33.2 python2-mgr-push-4.2.4-5.15.2 python2-mgr-virtualization-common-4.2.3-5.23.2 python2-mgr-virtualization-host-4.2.3-5.23.2 python2-rhnlib-4.2.5-12.37.2 python2-spacewalk-check-4.2.16-27.65.2 python2-spacewalk-client-setup-4.2.16-27.65.2 python2-spacewalk-client-tools-4.2.16-27.65.2 python2-spacewalk-koan-4.2.5-9.27.2 python2-spacewalk-oscap-4.2.3-6.21.2 python2-suseRegisterInfo-4.2.5-6.21.2 python2-uyuni-common-libs-4.2.6-5.18.2 python2-zypp-plugin-spacewalk-1.0.11-27.27.2 spacecmd-4.2.15-18.99.2 spacewalk-check-4.2.16-27.65.2 spacewalk-client-setup-4.2.16-27.65.2 spacewalk-client-tools-4.2.16-27.65.2 spacewalk-koan-4.2.5-9.27.2 spacewalk-oscap-4.2.3-6.21.2 suseRegisterInfo-4.2.5-6.21.2 zypp-plugin-spacewalk-1.0.11-27.27.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 x86_64): golang-github-wrouesnel-postgres_exporter-0.4.7-5.15.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): spacewalk-remote-utils-4.2.2-6.21.2 References: https://bugzilla.suse.com/1192487 https://bugzilla.suse.com/1193600 From sle-updates at lists.suse.com Mon Feb 28 20:30:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:30:06 +0100 (CET) Subject: SUSE-RU-2022:0593-1: moderate: Recommended update for SUSE Manager Proxy 4.2 Message-ID: <20220228203006.DF1E7F375@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0593-1 Rating: moderate References: #1192487 #1192514 #1192699 #1192776 #1193585 #1193600 #1194397 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update fixes the following issues: mgr-cfg: - Version 4.2.6-1 * Do not build python 2 package for SLE15SP4 and higher - Version 4.2.5-1 * do not build python 2 package for SLE15 - Version 4.2.4-1 * Fix python selinux package name depending on build target (bsc#1193600) mgr-custom-info: - Version 4.2.3-1 * require python macros for building mgr-osad: - Version 4.2.7-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building mgr-push: - Version 4.2.4-1 * Do not build python 2 package for SLE15SP4 and higher rhnlib: - Version 4.2.5-1 * do not build python 2 package for SLE15 spacecmd: - Version 4.2.15-1 * require python macros for building spacewalk-backend: - Version 4.2.19-1 * Retrieve and store copyright information about patches * SLES PAYG client support on cloud * Add headers to update proxy auth token in listChannels (bsc#1193585) * require python macros for building * exchange zypp-plugin dependency to use the python3 version (bsc#1192514) spacewalk-client-tools: - Version 4.2.16-1 * do not build python 2 package for SLE15 * require python macros for building spacewalk-oscap: - Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building spacewalk-proxy: - Version 4.2.9-1 * Update the token in case a channel can't be found in the cache. (bsc#1193585) spacewalk-remote-utils: - Version 4.2.2-1 * require python macros for building spacewalk-web: - Version 4.2.25-1 * Add support for custom SSH port for SSH minions * SLES PAYG client support on cloud * Migrate the displaying of the date/time to rhn:formatDate, get rid of the legacy fmt:formatDate glue * Fix header search autofocus * Fix virtual systems list request error (bsc#1194397) * UI for changing proxy * Fix legacy timepicker passing wrong time to the backend if server and user time differ (bsc#1192699) * Fix legacy timepicker passing wrong time to the backend if selected date is in summer time (bsc#1192776) suseRegisterInfo: - Version 4.2.5-1 * require python macros for building * Do not build python 2 package for SLE15 and higher uyuni-common-libs: - Version 4.2.6-1 * Read modularity data from DISTTAG tag as fallback (bsc#1192487) * require python macros for building How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-593=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): mgr-cfg-4.2.6-150300.2.6.1 mgr-cfg-actions-4.2.6-150300.2.6.1 mgr-cfg-client-4.2.6-150300.2.6.1 mgr-cfg-management-4.2.6-150300.2.6.1 mgr-custom-info-4.2.3-150300.2.6.2 mgr-osad-4.2.7-150300.2.6.1 mgr-push-4.2.4-150300.2.6.1 python3-mgr-cfg-4.2.6-150300.2.6.1 python3-mgr-cfg-actions-4.2.6-150300.2.6.1 python3-mgr-cfg-client-4.2.6-150300.2.6.1 python3-mgr-cfg-management-4.2.6-150300.2.6.1 python3-mgr-osa-common-4.2.7-150300.2.6.1 python3-mgr-osad-4.2.7-150300.2.6.1 python3-mgr-push-4.2.4-150300.2.6.1 python3-rhnlib-4.2.5-150300.4.6.1 python3-spacewalk-check-4.2.16-150300.4.15.1 python3-spacewalk-client-setup-4.2.16-150300.4.15.1 python3-spacewalk-client-tools-4.2.16-150300.4.15.1 python3-spacewalk-oscap-4.2.3-150300.4.6.1 python3-suseRegisterInfo-4.2.5-150300.4.6.1 spacecmd-4.2.15-150300.4.15.1 spacewalk-backend-4.2.19-150300.4.15.1 spacewalk-base-minimal-4.2.25-150300.3.15.2 spacewalk-base-minimal-config-4.2.25-150300.3.15.2 spacewalk-check-4.2.16-150300.4.15.1 spacewalk-client-setup-4.2.16-150300.4.15.1 spacewalk-client-tools-4.2.16-150300.4.15.1 spacewalk-oscap-4.2.3-150300.4.6.1 spacewalk-proxy-broker-4.2.9-150300.3.12.1 spacewalk-proxy-common-4.2.9-150300.3.12.1 spacewalk-proxy-management-4.2.9-150300.3.12.1 spacewalk-proxy-package-manager-4.2.9-150300.3.12.1 spacewalk-proxy-redirect-4.2.9-150300.3.12.1 spacewalk-proxy-salt-4.2.9-150300.3.12.1 spacewalk-remote-utils-4.2.2-150300.4.3.1 suseRegisterInfo-4.2.5-150300.4.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (x86_64): python3-uyuni-common-libs-4.2.6-150300.3.6.1 References: https://bugzilla.suse.com/1192487 https://bugzilla.suse.com/1192514 https://bugzilla.suse.com/1192699 https://bugzilla.suse.com/1192776 https://bugzilla.suse.com/1193585 https://bugzilla.suse.com/1193600 https://bugzilla.suse.com/1194397 From sle-updates at lists.suse.com Mon Feb 28 20:31:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:31:09 +0100 (CET) Subject: SUSE-RU-2022:0597-1: moderate: Recommended update for prometheus-formula Message-ID: <20220228203109.E1761F375@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0597-1 Rating: moderate References: #1196489 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for prometheus-formula fixes the following issues: prometheus-formula: - Version 0.6.1 * Fix checking available package version (bsc#1196489) - Version 0.6.0 * Add support for new Uyuni SD in Prometheus >= 2.31 * Fix Blackbox exporter configuration for Prometheus >= 2.31 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-597=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): prometheus-formula-0.6.1-150300.3.11.1 References: https://bugzilla.suse.com/1196489 From sle-updates at lists.suse.com Mon Feb 28 20:31:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:31:47 +0100 (CET) Subject: SUSE-RU-2022:0583-1: moderate: Recommended update for salt Message-ID: <20220228203147.13647F375@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0583-1 Rating: moderate References: #1097531 #1190781 #1193357 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Fix inspector module export function (bsc#1097531) - Add all ssh kwargs to sanitize_kwargs method - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-583=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-583=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-583=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-583=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-583=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-583=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-583=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-583=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-583=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-583=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-583=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python3-salt-3002.2-55.1 salt-3002.2-55.1 salt-api-3002.2-55.1 salt-cloud-3002.2-55.1 salt-doc-3002.2-55.1 salt-master-3002.2-55.1 salt-minion-3002.2-55.1 salt-proxy-3002.2-55.1 salt-ssh-3002.2-55.1 salt-standalone-formulas-configuration-3002.2-55.1 salt-syndic-3002.2-55.1 salt-transactional-update-3002.2-55.1 - SUSE Manager Server 4.1 (noarch): salt-bash-completion-3002.2-55.1 salt-fish-completion-3002.2-55.1 salt-zsh-completion-3002.2-55.1 - SUSE Manager Retail Branch Server 4.1 (noarch): salt-bash-completion-3002.2-55.1 salt-fish-completion-3002.2-55.1 salt-zsh-completion-3002.2-55.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python3-salt-3002.2-55.1 salt-3002.2-55.1 salt-api-3002.2-55.1 salt-cloud-3002.2-55.1 salt-doc-3002.2-55.1 salt-master-3002.2-55.1 salt-minion-3002.2-55.1 salt-proxy-3002.2-55.1 salt-ssh-3002.2-55.1 salt-standalone-formulas-configuration-3002.2-55.1 salt-syndic-3002.2-55.1 salt-transactional-update-3002.2-55.1 - SUSE Manager Proxy 4.1 (x86_64): python3-salt-3002.2-55.1 salt-3002.2-55.1 salt-api-3002.2-55.1 salt-cloud-3002.2-55.1 salt-doc-3002.2-55.1 salt-master-3002.2-55.1 salt-minion-3002.2-55.1 salt-proxy-3002.2-55.1 salt-ssh-3002.2-55.1 salt-standalone-formulas-configuration-3002.2-55.1 salt-syndic-3002.2-55.1 salt-transactional-update-3002.2-55.1 - SUSE Manager Proxy 4.1 (noarch): salt-bash-completion-3002.2-55.1 salt-fish-completion-3002.2-55.1 salt-zsh-completion-3002.2-55.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python3-salt-3002.2-55.1 salt-3002.2-55.1 salt-api-3002.2-55.1 salt-cloud-3002.2-55.1 salt-doc-3002.2-55.1 salt-master-3002.2-55.1 salt-minion-3002.2-55.1 salt-proxy-3002.2-55.1 salt-ssh-3002.2-55.1 salt-standalone-formulas-configuration-3002.2-55.1 salt-syndic-3002.2-55.1 salt-transactional-update-3002.2-55.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): salt-bash-completion-3002.2-55.1 salt-fish-completion-3002.2-55.1 salt-zsh-completion-3002.2-55.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-55.1 salt-3002.2-55.1 salt-api-3002.2-55.1 salt-cloud-3002.2-55.1 salt-doc-3002.2-55.1 salt-master-3002.2-55.1 salt-minion-3002.2-55.1 salt-proxy-3002.2-55.1 salt-ssh-3002.2-55.1 salt-standalone-formulas-configuration-3002.2-55.1 salt-syndic-3002.2-55.1 salt-transactional-update-3002.2-55.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): salt-bash-completion-3002.2-55.1 salt-fish-completion-3002.2-55.1 salt-zsh-completion-3002.2-55.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): salt-bash-completion-3002.2-55.1 salt-fish-completion-3002.2-55.1 salt-zsh-completion-3002.2-55.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python3-salt-3002.2-55.1 salt-3002.2-55.1 salt-api-3002.2-55.1 salt-cloud-3002.2-55.1 salt-doc-3002.2-55.1 salt-master-3002.2-55.1 salt-minion-3002.2-55.1 salt-proxy-3002.2-55.1 salt-ssh-3002.2-55.1 salt-standalone-formulas-configuration-3002.2-55.1 salt-syndic-3002.2-55.1 salt-transactional-update-3002.2-55.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): salt-bash-completion-3002.2-55.1 salt-fish-completion-3002.2-55.1 salt-zsh-completion-3002.2-55.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): python3-salt-3002.2-55.1 salt-3002.2-55.1 salt-api-3002.2-55.1 salt-cloud-3002.2-55.1 salt-doc-3002.2-55.1 salt-master-3002.2-55.1 salt-minion-3002.2-55.1 salt-proxy-3002.2-55.1 salt-ssh-3002.2-55.1 salt-standalone-formulas-configuration-3002.2-55.1 salt-syndic-3002.2-55.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): python3-salt-3002.2-55.1 salt-3002.2-55.1 salt-minion-3002.2-55.1 salt-transactional-update-3002.2-55.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python3-salt-3002.2-55.1 salt-3002.2-55.1 salt-api-3002.2-55.1 salt-cloud-3002.2-55.1 salt-doc-3002.2-55.1 salt-master-3002.2-55.1 salt-minion-3002.2-55.1 salt-proxy-3002.2-55.1 salt-ssh-3002.2-55.1 salt-standalone-formulas-configuration-3002.2-55.1 salt-syndic-3002.2-55.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): salt-bash-completion-3002.2-55.1 salt-fish-completion-3002.2-55.1 salt-zsh-completion-3002.2-55.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python3-salt-3002.2-55.1 salt-3002.2-55.1 salt-api-3002.2-55.1 salt-cloud-3002.2-55.1 salt-doc-3002.2-55.1 salt-master-3002.2-55.1 salt-minion-3002.2-55.1 salt-proxy-3002.2-55.1 salt-ssh-3002.2-55.1 salt-standalone-formulas-configuration-3002.2-55.1 salt-syndic-3002.2-55.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): salt-bash-completion-3002.2-55.1 salt-fish-completion-3002.2-55.1 salt-zsh-completion-3002.2-55.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python3-salt-3002.2-55.1 salt-3002.2-55.1 salt-api-3002.2-55.1 salt-cloud-3002.2-55.1 salt-doc-3002.2-55.1 salt-master-3002.2-55.1 salt-minion-3002.2-55.1 salt-proxy-3002.2-55.1 salt-ssh-3002.2-55.1 salt-standalone-formulas-configuration-3002.2-55.1 salt-syndic-3002.2-55.1 salt-transactional-update-3002.2-55.1 - SUSE Enterprise Storage 7 (noarch): salt-bash-completion-3002.2-55.1 salt-fish-completion-3002.2-55.1 salt-zsh-completion-3002.2-55.1 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 From sle-updates at lists.suse.com Mon Feb 28 20:32:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:32:38 +0100 (CET) Subject: SUSE-RU-2022:0602-1: moderate: Recommended update for SUSE Manager 4.1.13.1 Release Notes Message-ID: <20220228203238.56E5CF375@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.1.13.1 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0602-1 Rating: moderate References: Affected Products: SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for SUSE Manager 4.1.13.1 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.1.13.1 * Note about Prometheus 2.32.1 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-602=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): release-notes-susemanager-4.1.13.1-3.70.1 References: From sle-updates at lists.suse.com Mon Feb 28 20:33:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:33:03 +0100 (CET) Subject: SUSE-FU-2022:0600-1: moderate: Feature update for golang-github-prometheus-prometheus Message-ID: <20220228203303.4E61AF375@maintenance.suse.de> SUSE Feature Update: Feature update for golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0600-1 Rating: moderate References: #1181400 SLE-22863 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one feature fix and contains one feature can now be installed. Description: This feature update for golang-github-prometheus-prometheus provides the following changes: Upgrade `golang-github-prometheus-prometheus` from version 2.27.1 to version 2.32.1: (jsc#SLE-22863) - Use `obs-service-go_modules` - Added hardening to systemd service(s). Modified `prometheus.service` (bsc#1181400) - Bugfixes: * Scrape: Fix reporting metrics when sample limit is reached during the report. * Scrape: Ensure that scrape interval and scrape timeout are always set. * TSDB: Expose and fix bug in iterators' Seek() method. * TSDB: Add more size checks when writing individual sections in the index. * PromQL: Make deriv() return zero values for constant series. * TSDB: Fix panic when checkpoint directory is empty. #9687 * TSDB: Fix panic, out of order chunks, and race warning during WAL replay. * UI: Correctly render links for targets with IPv6 addresses that contain a Zone ID. * Promtool: Fix checking of `authorization.credentials_file` and `bearer_token_file` fields. * Uyuni SD: Fix null pointer exception during initialization. * TSDB: Fix queries after a failed snapshot replay. * SD: Fix a panic when the experimental discovery manager receives targets during a reload. * Backfill: Apply rule labels after query labels. * Scrape: Resolve conflicts between multiple exported label prefixes. * Scrape: Restart scrape loops when __scrape_interval__ is changed. * TSDB: Fix memory leak in samples deletion. * UI: Use consistent margin-bottom for all alert kinds. * TSDB: Fix panic on failed snapshot replay. * TSDB: Don't fail snapshot replay with exemplar storage disabled when the snapshot contains exemplars. * TSDB: Don't error on overlapping m-mapped chunks during WAL replay. * promtool rules backfill: Prevent creation of data before the start time. * promtool rules backfill: Do not query after the end time. * Azure SD: Fix panic when no computername is set. * Exemplars: Fix panic when resizing exemplar storage from 0 to a non-zero size. * TSDB: Correctly decrement `prometheus_tsdb_head_active_appenders` when the append has no samples. * promtool rules backfill: Return 1 if backfill was unsuccessful. * promtool rules backfill: Avoid creation of overlapping blocks. * config: Fix a panic when reloading configuration with a null relabel action. * Fix Kubernetes SD failing to discover Ingress in Kubernetes v1.22. * Fix data race in loading write-ahead-log (WAL). * TSDB: align atomically accessed int64 to prevent panic in 32-bit archs. * Log when total symbol size exceeds 2^32 bytes, causing compaction to fail, and skip compaction. * Fix incorrect target_limit reloading of zero value. * Fix head GC and pending readers race condition. * Fix timestamp handling in OpenMetrics parser. * Fix potential duplicate metrics in /federate endpoint when specifying multiple matchers. * Fix server configuration and validation for authentication via client cert. * Allow start and end again as label names in PromQL queries. They were disallowed since the introduction of @ timestamp feature. * HTTP SD: Allow charset specification in Content-Type header. * HTTP SD: Fix handling of disappeared target groups. * Fix incorrect log-level handling after moving to go-kit/log. * UI: In the experimental PromQL editor, fix autocompletion and parsing for special float values and improve series metadata fetching. * TSDB: When merging chunks, split resulting chunks if they would contain more than the maximum of 120 samples. * SD: Fix the computation of the `prometheus_sd_discovered_targets` metric when using multiple service discoveries. - Change: * remote-write: Change default max retry time from 100ms to 5 seconds. * UI: Remove standard PromQL editor in favour of the codemirror-based editor. * Promote `--storage.tsdb.allow-overlapping-blocks` flag to stable. * Promote `--storage.tsdb.retention.size` flag to stable. * UI: Make the new experimental PromQL editor the default. - Features: * Agent: New mode of operation optimized for remote-write only scenarios, without local storage. * Promtool: Add promtool check service-discovery command. * PromQL: Add trigonometric functions and atan2 binary operator. * Remote: Add support for exemplar in the remote write receiver endpoint. * SD: Add PuppetDB service discovery. * SD: Add Uyuni service discovery. * Web: Add support for security-related HTTP headers. * experimental TSDB: Snapshot in-memory chunks on shutdown for faster restarts. * experimental Scrape: Configure scrape interval and scrape timeout via relabeling using `__scrape_interval__` and `__scrape_timeout__` labels respectively. * Scrape: Add scrape_timeout_seconds and scrape_sample_limit metric. * Add Kuma service discovery. * Add present_over_time PromQL function. * Allow configuring exemplar storage via file and make it reloadable. * UI: Allow selecting time range with mouse drag. * promtool: Add feature flags flag `--enable-feature`. * promtool: Add `file_sd` file validation. * Linode SD: Add Linode service discovery. * HTTP SD: Add generic HTTP-based service discovery. * Kubernetes SD: Allow configuring API Server access via a kubeconfig file. * UI: Add exemplar display support to the graphing interface. * Consul SD: Add namespace support for Consul Enterprise. - Enhancements: * Promtool: Improve test output. * Promtool: Use kahan summation for better numerical stability. * Remote-write: Reuse memory for marshalling. * Scrape: Add scrape_body_size_bytes scrape metric behind the `--enable-feature=extra-scrape-metrics` flag. * TSDB: Add windows arm64 support. * TSDB: Optimize query by skipping unneeded sorting in TSDB. * Templates: Support int and uint as datatypes for template formatting. * UI: Prefer rate over rad, delta over deg, and count over cos in autocomplete. * Azure SD: Add proxy_url, follow_redirects, tls_config. * Backfill: Add `--max-block-duration` in promtool `create-blocks-from` rules. * Config: Print human-readable sizes with unit instead of raw numbers. * HTTP: Re-enable HTTP/2. * Kubernetes SD: Warn user if number of endpoints exceeds limit. * OAuth2: Add TLS configuration to token requests. * PromQL: Several optimizations. * PromQL: Make aggregations deterministic in instant queries. * Rules: Add the ability to limit number of alerts or series. * SD: Experimental discovery manager to avoid restarts upon reload. * UI: Debounce timerange setting changes. * Remote Write: Redact remote write URL when used for metric label. * UI: Redact remote write URL and proxy URL passwords in the /config page. * Scrape: Add --scrape.timestamp-tolerance flag to adjust scrape timestamp tolerance when enabled via `--scrape.adjust-timestamps`. * Remote Write: Improve throughput when sending exemplars. * TSDB: Optimise WAL loading by removing extra map and caching min-time * promtool: Speed up checking for duplicate rules. * Scrape: Reduce allocations when parsing the metrics. * docker_sd: Support host network mode * Reduce blocking of outgoing remote write requests from series garbage collection. * Improve write-ahead-log decoding performance. * Improve append performance in TSDB by reducing mutexes usage. * Allow configuring max_samples_per_send for remote write metadata. * Add `__meta_gce_interface_ipv4_` meta label to GCE discovery. * Add `__meta_ec2_availability_zone_id` meta label to EC2 discovery. * Add `__meta_azure_machine_computer_name` meta label to Azure discovery. * Add `__meta_hetzner_hcloud_labelpresent_` meta label to Hetzner discovery. * promtool: Add compaction efficiency to promtool tsdb analyze reports. * promtool: Allow configuring max block duration for backfilling via `--max-block-duration` flag. * UI: Add sorting and filtering to flags page. * UI: Improve alerts page rendering performance. * Promtool: Allow silencing output when importing / backfilling data. * Consul SD: Support reading tokens from file. * Rules: Add a new .ExternalURL alert field templating variable, containing the external URL of the Prometheus server. * Scrape: Add experimental body_size_limit scrape configuration setting to limit the allowed response body size for target scrapes. * Kubernetes SD: Add ingress class name label for ingress discovery. * UI: Show a startup screen with progress bar when the TSDB is not ready yet. * SD: Add a target creation failure counter `prometheus_target_sync_failed_total` and improve target creation failure handling. * TSDB: Improve validation of exemplar label set length. * TSDB: Add a prometheus_tsdb_clean_start metric that indicates whether a TSDB lockfile from a previous run still existed upon startup. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-600=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-1.32.1 References: https://bugzilla.suse.com/1181400 From sle-updates at lists.suse.com Mon Feb 28 20:33:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:33:38 +0100 (CET) Subject: SUSE-RU-2022:0595-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20220228203338.D0945F375@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0595-1 Rating: moderate References: #1192487 #1193600 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Tools 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: ansible: - Require python macros for building mgr-cfg: - Version 4.2.6-1 * Do not build python 2 package for SLE15SP4 and higher - Version 4.2.5-1 * do not build python 2 package for SLE15 - Version 4.2.4-1 * Fix python selinux package name depending on build target (bsc#1193600) mgr-custom-info: - Version 4.2.3-1 * require python macros for building mgr-osad: - Version 4.2.7-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building mgr-push: - Version 4.2.4-1 * Do not build python 2 package for SLE15SP4 and higher mgr-virtualization: - Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building rhnlib: - Version 4.2.5-1 * do not build python 2 package for SLE15 spacecmd: - Version 4.2.15-1 * require python macros for building spacewalk-client-tools: - Version 4.2.16-1 * do not build python 2 package for SLE15 * require python macros for building spacewalk-koan: - Version 4.2.5-1 * Do not build python 2 package for SLE15SP4 and higher spacewalk-oscap: - Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building spacewalk-remote-utils: - Version 4.2.2-1 * require python macros for building suseRegisterInfo: - Version 4.2.5-1 * require python macros for building * Do not build python 2 package for SLE15 and higher uyuni-common-libs: - Version 4.2.6-1 * Read modularity data from DISTTAG tag as fallback (bsc#1192487) * require python macros for building zypp-plugin-spacewalk: - 1.0.11 * require python macros for building Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-595=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-595=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-595=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): python3-uyuni-common-libs-4.2.6-1.18.1 - SUSE Manager Tools 15 (noarch): ansible-2.9.21-1.10.1 ansible-doc-2.9.21-1.10.1 mgr-cfg-4.2.6-1.21.1 mgr-cfg-actions-4.2.6-1.21.1 mgr-cfg-client-4.2.6-1.21.1 mgr-cfg-management-4.2.6-1.21.1 mgr-custom-info-4.2.3-1.15.1 mgr-osad-4.2.7-1.33.1 mgr-push-4.2.4-1.15.1 mgr-virtualization-host-4.2.3-1.23.1 python3-mgr-cfg-4.2.6-1.21.1 python3-mgr-cfg-actions-4.2.6-1.21.1 python3-mgr-cfg-client-4.2.6-1.21.1 python3-mgr-cfg-management-4.2.6-1.21.1 python3-mgr-osa-common-4.2.7-1.33.1 python3-mgr-osad-4.2.7-1.33.1 python3-mgr-push-4.2.4-1.15.1 python3-mgr-virtualization-common-4.2.3-1.23.1 python3-mgr-virtualization-host-4.2.3-1.23.1 python3-rhnlib-4.2.5-3.31.1 python3-spacewalk-check-4.2.16-3.56.1 python3-spacewalk-client-setup-4.2.16-3.56.1 python3-spacewalk-client-tools-4.2.16-3.56.1 python3-spacewalk-koan-4.2.5-3.24.1 python3-spacewalk-oscap-4.2.3-3.15.1 python3-suseRegisterInfo-4.2.5-3.18.1 python3-zypp-plugin-spacewalk-1.0.11-3.26.1 spacecmd-4.2.15-3.74.1 spacewalk-check-4.2.16-3.56.1 spacewalk-client-setup-4.2.16-3.56.1 spacewalk-client-tools-4.2.16-3.56.1 spacewalk-koan-4.2.5-3.24.1 spacewalk-oscap-4.2.3-3.15.1 spacewalk-remote-utils-4.2.2-3.18.1 suseRegisterInfo-4.2.5-3.18.1 zypp-plugin-spacewalk-1.0.11-3.26.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): ansible-2.9.21-1.10.1 ansible-doc-2.9.21-1.10.1 ansible-test-2.9.21-1.10.1 python3-zypp-plugin-spacewalk-1.0.11-3.26.1 zypp-plugin-spacewalk-1.0.11-3.26.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): python3-zypp-plugin-spacewalk-1.0.11-3.26.1 zypp-plugin-spacewalk-1.0.11-3.26.1 References: https://bugzilla.suse.com/1192487 https://bugzilla.suse.com/1193600 From sle-updates at lists.suse.com Mon Feb 28 20:34:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:34:20 +0100 (CET) Subject: SUSE-RU-2022:0584-1: moderate: Recommended update for salt Message-ID: <20220228203420.88667F379@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0584-1 Rating: moderate References: #1097531 #1190781 #1193357 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Transactional Server 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Fix inspector module export function (bsc#1097531) - Add all ssh kwargs to sanitize_kwargs method - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Transactional Server 15-SP3: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2022-584=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-584=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-584=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-584=1 Package List: - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3002.2-150300.53.7.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): salt-api-3002.2-150300.53.7.2 salt-cloud-3002.2-150300.53.7.2 salt-master-3002.2-150300.53.7.2 salt-proxy-3002.2-150300.53.7.2 salt-ssh-3002.2-150300.53.7.2 salt-standalone-formulas-configuration-3002.2-150300.53.7.2 salt-syndic-3002.2-150300.53.7.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): salt-fish-completion-3002.2-150300.53.7.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-150300.53.7.2 salt-3002.2-150300.53.7.2 salt-doc-3002.2-150300.53.7.2 salt-minion-3002.2-150300.53.7.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): salt-bash-completion-3002.2-150300.53.7.2 salt-zsh-completion-3002.2-150300.53.7.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python3-salt-3002.2-150300.53.7.2 salt-3002.2-150300.53.7.2 salt-minion-3002.2-150300.53.7.2 salt-transactional-update-3002.2-150300.53.7.2 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 From sle-updates at lists.suse.com Mon Feb 28 20:35:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:35:07 +0100 (CET) Subject: SUSE-RU-2022:0596-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20220228203507.43C14F379@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0596-1 Rating: moderate References: #1192487 #1193600 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: kiwi-desc-saltboot: - Update to version 0.1.1639488226.7c9eab9 * Enable one-time autosign grains for SLE12 and SLE11 clients mgr-cfg: - Version 4.2.6-1 * Do not build python 2 package for SLE15SP4 and higher - Version 4.2.5-1 * do not build python 2 package for SLE15 - Version 4.2.4-1 * Fix python selinux package name depending on build target (bsc#1193600) mgr-custom-info: - Version 4.2.3-1 * require python macros for building mgr-osad: - Version 4.2.7-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building mgr-push: - Version 4.2.4-1 * Do not build python 2 package for SLE15SP4 and higher mgr-virtualization: - Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building rhnlib: - Version 4.2.5-1 * do not build python 2 package for SLE15 spacecmd: - Version 4.2.15-1 * require python macros for building spacewalk-client-tools: - Version 4.2.16-1 * do not build python 2 package for SLE15 * require python macros for building spacewalk-koan: - Version 4.2.5-1 * Do not build python 2 package for SLE15SP4 and higher spacewalk-oscap: - Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building spacewalk-remote-utils: - Version 4.2.2-1 * require python macros for building suseRegisterInfo: - Version 4.2.5-1 * require python macros for building * Do not build python 2 package for SLE15 and higher uyuni-common-libs: - Version 4.2.6-1 * Read modularity data from DISTTAG tag as fallback (bsc#1192487) * require python macros for building zypp-plugin-spacewalk: - 1.0.11 * require python macros for building Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-596=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-uyuni-common-libs-4.2.6-1.18.1 - SUSE Manager Tools 12 (noarch): kiwi-desc-saltboot-0.1.1639488226.7c9eab9-1.26.1 mgr-cfg-4.2.6-1.21.2 mgr-cfg-actions-4.2.6-1.21.2 mgr-cfg-client-4.2.6-1.21.2 mgr-cfg-management-4.2.6-1.21.2 mgr-custom-info-4.2.3-1.15.1 mgr-osad-4.2.7-1.33.1 mgr-push-4.2.4-1.15.2 mgr-virtualization-host-4.2.3-1.23.1 python2-mgr-cfg-4.2.6-1.21.2 python2-mgr-cfg-actions-4.2.6-1.21.2 python2-mgr-cfg-client-4.2.6-1.21.2 python2-mgr-cfg-management-4.2.6-1.21.2 python2-mgr-osa-common-4.2.7-1.33.1 python2-mgr-osad-4.2.7-1.33.1 python2-mgr-push-4.2.4-1.15.2 python2-mgr-virtualization-common-4.2.3-1.23.1 python2-mgr-virtualization-host-4.2.3-1.23.1 python2-rhnlib-4.2.5-21.37.1 python2-spacewalk-check-4.2.16-52.65.1 python2-spacewalk-client-setup-4.2.16-52.65.1 python2-spacewalk-client-tools-4.2.16-52.65.1 python2-spacewalk-koan-4.2.5-24.27.1 python2-spacewalk-oscap-4.2.3-19.21.1 python2-suseRegisterInfo-4.2.5-25.21.1 python2-zypp-plugin-spacewalk-1.0.11-30.33.1 spacecmd-4.2.15-38.97.1 spacewalk-check-4.2.16-52.65.1 spacewalk-client-setup-4.2.16-52.65.1 spacewalk-client-tools-4.2.16-52.65.1 spacewalk-koan-4.2.5-24.27.1 spacewalk-oscap-4.2.3-19.21.1 spacewalk-remote-utils-4.2.2-24.21.1 suseRegisterInfo-4.2.5-25.21.1 zypp-plugin-spacewalk-1.0.11-30.33.1 References: https://bugzilla.suse.com/1192487 https://bugzilla.suse.com/1193600 From sle-updates at lists.suse.com Mon Feb 28 20:35:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:35:44 +0100 (CET) Subject: SUSE-RU-2022:0588-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20220228203544.CE3B3F379@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0588-1 Rating: moderate References: #1097531 #1190781 #1193357 #1193565 ECO-3319 Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS ______________________________________________________________________________ An update that has four recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Fix inspector module export function (bsc#1097531) - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Fix possible traceback on ip6_interface grain (bsc#1193565) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. scap-security-guide: - Updated to 0.1.59 release (jsc#ECO-3319) - Support for Debian 11 - NERC CIP profiles for OCP4 and RHCOS - HIPAA profile for SLE15 - Delta Tailoring Files for STIG profiles spacecmd: - Version 4.2.15-1 * require python macros for building Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-x86_64-2022-588=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.40.1 salt-minion-3000+ds-1+2.40.1 scap-security-guide-debian-0.1.59-2.15.1 spacecmd-4.2.15-2.25.1 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/1193565 From sle-updates at lists.suse.com Mon Feb 28 20:36:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:36:35 +0100 (CET) Subject: SUSE-RU-2022:0586-1: moderate: Recommended update for Salt Message-ID: <20220228203635.4F35CF379@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0586-1 Rating: moderate References: #1097531 #1190781 #1193357 #1193565 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Manager Tools 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Fix inspector module export function (bsc#1097531) - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Fix possible traceback on ip6_interface grain (bsc#1193565) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-586=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2022-586=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-3000-53.1 python3-salt-3000-53.1 salt-3000-53.1 salt-doc-3000-53.1 salt-minion-3000-53.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-3000-53.1 salt-3000-53.1 salt-api-3000-53.1 salt-cloud-3000-53.1 salt-doc-3000-53.1 salt-master-3000-53.1 salt-minion-3000-53.1 salt-proxy-3000-53.1 salt-ssh-3000-53.1 salt-standalone-formulas-configuration-3000-53.1 salt-syndic-3000-53.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-3000-53.1 salt-zsh-completion-3000-53.1 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/1193565 From sle-updates at lists.suse.com Mon Feb 28 20:38:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:38:28 +0100 (CET) Subject: SUSE-RU-2022:14901-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20220228203828.02327F379@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:14901-1 Rating: moderate References: #1097531 #1190781 #1193357 ECO-3319 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Fix inspector module export function (bsc#1097531) - Add all ssh kwargs to sanitize_kwargs method - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. scap-security-guide: - Updated to 0.1.59 release (jsc#ECO-3319) - Support for Debian 11 - NERC CIP profiles for OCP4 and RHCOS - HIPAA profile for SLE15 - Delta Tailoring Files for STIG profiles spacecmd: - Version 4.2.15-1 * require python macros for building Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202202-14901=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+2.63.1 salt-minion-3002.2+ds-1+2.63.1 scap-security-guide-ubuntu-0.1.59-2.15.1 spacecmd-4.2.15-2.39.1 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 From sle-updates at lists.suse.com Mon Feb 28 20:39:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Feb 2022 21:39:13 +0100 (CET) Subject: SUSE-RU-2022:0582-1: moderate: Recommended update for salt Message-ID: <20220228203913.7B17BF379@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0582-1 Rating: moderate References: #1097531 #1190781 #1193357 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Fix inspector module export function (bsc#1097531) - Add all ssh kwargs to sanitize_kwargs method - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-582=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-582=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-582=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-582=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-582=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-582=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python3-salt-3002.2-54.1 salt-3002.2-54.1 salt-api-3002.2-54.1 salt-cloud-3002.2-54.1 salt-doc-3002.2-54.1 salt-master-3002.2-54.1 salt-minion-3002.2-54.1 salt-proxy-3002.2-54.1 salt-ssh-3002.2-54.1 salt-standalone-formulas-configuration-3002.2-54.1 salt-syndic-3002.2-54.1 salt-transactional-update-3002.2-54.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): salt-bash-completion-3002.2-54.1 salt-fish-completion-3002.2-54.1 salt-zsh-completion-3002.2-54.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-54.1 salt-3002.2-54.1 salt-api-3002.2-54.1 salt-cloud-3002.2-54.1 salt-doc-3002.2-54.1 salt-master-3002.2-54.1 salt-minion-3002.2-54.1 salt-proxy-3002.2-54.1 salt-ssh-3002.2-54.1 salt-standalone-formulas-configuration-3002.2-54.1 salt-syndic-3002.2-54.1 salt-transactional-update-3002.2-54.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): salt-bash-completion-3002.2-54.1 salt-fish-completion-3002.2-54.1 salt-zsh-completion-3002.2-54.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python3-salt-3002.2-54.1 salt-3002.2-54.1 salt-api-3002.2-54.1 salt-cloud-3002.2-54.1 salt-doc-3002.2-54.1 salt-master-3002.2-54.1 salt-minion-3002.2-54.1 salt-proxy-3002.2-54.1 salt-ssh-3002.2-54.1 salt-standalone-formulas-configuration-3002.2-54.1 salt-syndic-3002.2-54.1 salt-transactional-update-3002.2-54.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): salt-bash-completion-3002.2-54.1 salt-fish-completion-3002.2-54.1 salt-zsh-completion-3002.2-54.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python3-salt-3002.2-54.1 salt-3002.2-54.1 salt-api-3002.2-54.1 salt-cloud-3002.2-54.1 salt-doc-3002.2-54.1 salt-master-3002.2-54.1 salt-minion-3002.2-54.1 salt-proxy-3002.2-54.1 salt-ssh-3002.2-54.1 salt-standalone-formulas-configuration-3002.2-54.1 salt-syndic-3002.2-54.1 salt-transactional-update-3002.2-54.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): salt-bash-completion-3002.2-54.1 salt-fish-completion-3002.2-54.1 salt-zsh-completion-3002.2-54.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python3-salt-3002.2-54.1 salt-3002.2-54.1 salt-api-3002.2-54.1 salt-cloud-3002.2-54.1 salt-doc-3002.2-54.1 salt-master-3002.2-54.1 salt-minion-3002.2-54.1 salt-proxy-3002.2-54.1 salt-ssh-3002.2-54.1 salt-standalone-formulas-configuration-3002.2-54.1 salt-syndic-3002.2-54.1 salt-transactional-update-3002.2-54.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): salt-bash-completion-3002.2-54.1 salt-fish-completion-3002.2-54.1 salt-zsh-completion-3002.2-54.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python3-salt-3002.2-54.1 salt-3002.2-54.1 salt-api-3002.2-54.1 salt-cloud-3002.2-54.1 salt-doc-3002.2-54.1 salt-master-3002.2-54.1 salt-minion-3002.2-54.1 salt-proxy-3002.2-54.1 salt-ssh-3002.2-54.1 salt-standalone-formulas-configuration-3002.2-54.1 salt-syndic-3002.2-54.1 salt-transactional-update-3002.2-54.1 - SUSE Enterprise Storage 6 (noarch): salt-bash-completion-3002.2-54.1 salt-fish-completion-3002.2-54.1 salt-zsh-completion-3002.2-54.1 - SUSE CaaS Platform 4.0 (x86_64): python3-salt-3002.2-54.1 salt-3002.2-54.1 salt-api-3002.2-54.1 salt-cloud-3002.2-54.1 salt-doc-3002.2-54.1 salt-master-3002.2-54.1 salt-minion-3002.2-54.1 salt-proxy-3002.2-54.1 salt-ssh-3002.2-54.1 salt-standalone-formulas-configuration-3002.2-54.1 salt-syndic-3002.2-54.1 salt-transactional-update-3002.2-54.1 - SUSE CaaS Platform 4.0 (noarch): salt-bash-completion-3002.2-54.1 salt-fish-completion-3002.2-54.1 salt-zsh-completion-3002.2-54.1 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357